Violet
Compare

Private vs cloud AI assistants: an architecture comparison

Published 2026-07-04 · updated 2026-07-04

Personal AI assistants use one of three storage architectures: local-only, where content never leaves your device; standard cloud, where the provider holds the keys and can read stored content; and hybrid end-to-end encryption, where the server syncs ciphertext it cannot open. They differ in who can read your content, how sync and recovery work, and what inference quality is reachable.

The three architectures

Every personal AI assistant answers one structural question: where does your content live, and who can read it there? Three answers cover the field. Local-only keeps everything on your device: the model, the memory, the history. Standard cloud stores your content on the provider's servers under the provider's keys. Hybrid end-to-end encryption splits the job: your devices hold the keys and seal content before it leaves, the cloud stores and syncs ciphertext it cannot open, and heavy model inference still runs on cloud hardware. These are architectures, not brands. Any vendor's product fits one of them, and the fit determines what the vendor can and cannot do with your data, regardless of what its policy says.

Who can read stored content

In a standard cloud design, HTTPS protects data on the wire and encryption at rest protects the provider's disks, but the provider holds the decryption keys, so the provider can read stored content. Whether it does is a policy choice, and policies can change. In a local-only design nobody but you can read anything, because nothing is stored anywhere else. In a hybrid end-to-end design, content is encrypted on your device with a key derived from a passphrase only you know, so the server stores envelopes it cannot open, no matter who asks it to. The difference between the last two and the first is the difference between a property and a promise.

The decision table

QuestionLocal-onlyStandard cloudHybrid with e2e sync
Where does content liveOn your device onlyOn provider serversOn your devices, plus sealed copies on the server
Who can read stored contentOnly youYou and the providerOnly you; the server holds envelopes it cannot open
Offline behaviorEverything works if the model is localLittle or nothing works offlineLocal data stays usable; sync and cloud inference wait for a connection
Multi-device syncNone, or manual copiesBuilt in, provider-readableBuilt in, ciphertext only
Inference quality ceilingLimited by your hardwareFrontier cloud modelsFrontier cloud models per request; stored content stays sealed
Recovery if you lose your credentialYour own backups or nothingProvider resets the password; content survivesSign-in can be reset, but content sealed under a lost passphrase is gone
Cost profileHardware up front, no per-request feesSubscription or usage feesSubscription or usage fees, plus encrypted sync storage

The honest caveat about inference

End-to-end encryption is a property of storage and sync, not of inference. The moment you ask a cloud model a question, that model must process the words of the question to answer it. No architecture that uses cloud inference avoids this. What a hybrid design changes is durability and custody: the request can be handled transiently while everything stored long term stays sealed under your key. If you need the question itself to never leave your device, only local inference gives you that, at the price of whatever model your hardware can run. An honest vendor states this plainly instead of letting end-to-end encryption imply more than it covers.

When each architecture wins

How Violet applies the hybrid model

Violet is a personal AI partner built on the hybrid architecture, currently pre-launch. On your device, your passphrase is run through PBKDF2-SHA256 with 200,000 iterations to derive a 256-bit AES-GCM key that the browser marks non-extractable, meaning the platform itself refuses to export it. Records are sealed under that key before sync, and the server stores only a nonce, the ciphertext, and the minimal metadata needed to merge versions: a version number, a timestamp, and a deletion flag. The merge is last-writer-wins and runs entirely on those fields, so the server never needs to open an envelope. Managed inference forwards each request to a model provider and streams the reply back, and when it cannot serve a request it returns an honest error rather than fabricating an answer.

Common mistakes when comparing

Questions

Does end-to-end encryption make cloud inference private?

No. End-to-end encryption protects stored and synced content. When a cloud model answers a request, it processes the text of that request. A hybrid design can keep that processing transient and store only ciphertext durably, but only local inference keeps the request itself on your device.

Which architecture is best?

None is best in the abstract. Local-only maximizes confidentiality and offline use, standard cloud maximizes convenience and recovery, and hybrid end-to-end encryption keeps custody of stored content with you while reaching cloud model quality. The right choice depends on how sensitive the content is and what you are willing to trade.

Is Violet available today?

No. Violet is pre-launch: the apps are not in stores yet, and there is a waitlist on the home page. The architecture described here is the one in its published code, not a roadmap item.

Related pages

Sources