Private vs cloud AI assistants: an architecture comparison
Personal AI assistants use one of three storage architectures: local-only, where content never leaves your device; standard cloud, where the provider holds the keys and can read stored content; and hybrid end-to-end encryption, where the server syncs ciphertext it cannot open. They differ in who can read your content, how sync and recovery work, and what inference quality is reachable.
The three architectures
Every personal AI assistant answers one structural question: where does your content live, and who can read it there? Three answers cover the field. Local-only keeps everything on your device: the model, the memory, the history. Standard cloud stores your content on the provider's servers under the provider's keys. Hybrid end-to-end encryption splits the job: your devices hold the keys and seal content before it leaves, the cloud stores and syncs ciphertext it cannot open, and heavy model inference still runs on cloud hardware. These are architectures, not brands. Any vendor's product fits one of them, and the fit determines what the vendor can and cannot do with your data, regardless of what its policy says.
Who can read stored content
In a standard cloud design, HTTPS protects data on the wire and encryption at rest protects the provider's disks, but the provider holds the decryption keys, so the provider can read stored content. Whether it does is a policy choice, and policies can change. In a local-only design nobody but you can read anything, because nothing is stored anywhere else. In a hybrid end-to-end design, content is encrypted on your device with a key derived from a passphrase only you know, so the server stores envelopes it cannot open, no matter who asks it to. The difference between the last two and the first is the difference between a property and a promise.
The decision table
| Question | Local-only | Standard cloud | Hybrid with e2e sync |
|---|---|---|---|
| Where does content live | On your device only | On provider servers | On your devices, plus sealed copies on the server |
| Who can read stored content | Only you | You and the provider | Only you; the server holds envelopes it cannot open |
| Offline behavior | Everything works if the model is local | Little or nothing works offline | Local data stays usable; sync and cloud inference wait for a connection |
| Multi-device sync | None, or manual copies | Built in, provider-readable | Built in, ciphertext only |
| Inference quality ceiling | Limited by your hardware | Frontier cloud models | Frontier cloud models per request; stored content stays sealed |
| Recovery if you lose your credential | Your own backups or nothing | Provider resets the password; content survives | Sign-in can be reset, but content sealed under a lost passphrase is gone |
| Cost profile | Hardware up front, no per-request fees | Subscription or usage fees | Subscription or usage fees, plus encrypted sync storage |
The honest caveat about inference
End-to-end encryption is a property of storage and sync, not of inference. The moment you ask a cloud model a question, that model must process the words of the question to answer it. No architecture that uses cloud inference avoids this. What a hybrid design changes is durability and custody: the request can be handled transiently while everything stored long term stays sealed under your key. If you need the question itself to never leave your device, only local inference gives you that, at the price of whatever model your hardware can run. An honest vendor states this plainly instead of letting end-to-end encryption imply more than it covers.
When each architecture wins
- Local-only wins when the content is so sensitive that no per-request cloud processing is acceptable, when you work offline often, or when you already own capable hardware and want zero ongoing fees.
- Standard cloud wins when convenience and easy recovery outrank confidentiality, for example for content you would happily post publicly anyway, or when you want the provider to be able to restore everything after a forgotten password.
- Hybrid end-to-end encryption wins when you want frontier-quality answers and multi-device continuity, but refuse to let a provider hold readable copies of your accumulated life. It is the middle position that keeps custody with you.
How Violet applies the hybrid model
Violet is a personal AI partner built on the hybrid architecture, currently pre-launch. On your device, your passphrase is run through PBKDF2-SHA256 with 200,000 iterations to derive a 256-bit AES-GCM key that the browser marks non-extractable, meaning the platform itself refuses to export it. Records are sealed under that key before sync, and the server stores only a nonce, the ciphertext, and the minimal metadata needed to merge versions: a version number, a timestamp, and a deletion flag. The merge is last-writer-wins and runs entirely on those fields, so the server never needs to open an envelope. Managed inference forwards each request to a model provider and streams the reply back, and when it cannot serve a request it returns an honest error rather than fabricating an answer.
Common mistakes when comparing
- Treating encryption at rest as equivalent to end-to-end encryption. At rest protects disks; the provider still holds the keys.
- Assuming end-to-end encryption makes inference blind. It covers what is stored, not what a model processes while answering.
- Assuming local-only means safe. One device with no backups is one theft or disk failure away from total loss.
- Comparing brands instead of key custody. Two products with identical marketing can sit in entirely different architectures.
- Ignoring the recovery tradeoff. If a provider can restore your content after a lost password, the provider holds a key to it.
Questions
Does end-to-end encryption make cloud inference private?
No. End-to-end encryption protects stored and synced content. When a cloud model answers a request, it processes the text of that request. A hybrid design can keep that processing transient and store only ciphertext durably, but only local inference keeps the request itself on your device.
Which architecture is best?
None is best in the abstract. Local-only maximizes confidentiality and offline use, standard cloud maximizes convenience and recovery, and hybrid end-to-end encryption keeps custody of stored content with you while reaching cloud model quality. The right choice depends on how sensitive the content is and what you are willing to trade.
Is Violet available today?
No. Violet is pre-launch: the apps are not in stores yet, and there is a waitlist on the home page. The architecture described here is the one in its published code, not a roadmap item.