Private AI companion FAQ: honest answers
These are the questions people actually ask before trusting a personal AI with their life, answered plainly. The short version: Violet seals your content on your device, the server stores envelopes it cannot open, and the uncomfortable tradeoffs are stated here rather than hidden: a lost passphrase is unrecoverable, metadata is visible, and cloud reasoning processes your request as plaintext at that moment.
Why an FAQ instead of a pitch
The brand rule behind Violet is that honesty outranks persuasion. So this page answers the hard questions the way an engineer would, including the ones with uncomfortable answers: what is unrecoverable, what the provider can still see, and where encryption stops helping. Every answer matches the shipped code and the published design documents, and Violet is pre-launch, so nothing here implies live apps or availability.
Questions
Is my data used to train someone's model?
Content stored and synced through Violet's cloud is ciphertext, so it cannot train anything: the server cannot read it at all. Text you send for cloud reasoning is processed to produce the reply, and Violet's inference proxy never logs message contents. Violet's design documents commit to privacy-preserving inference handling: ephemeral, minimized, and not used for training. That last part is a stated design commitment; the model provider contract that implements it is part of launch, which has not happened yet.
Can the company read my journal or my conversations?
Not the stored ones. Records synced to the server are sealed on your device with a key derived from your passphrase, and the server holds only a nonce and ciphertext per record; the key never leaves your devices. The one boundary to understand: when you ask for cloud reasoning, the text of that request is processed as plaintext at that moment to generate the answer, and the proxy does not log it.
What happens if I forget my passphrase?
Your synced content becomes unrecoverable, and no one, including Violet, can bring it back. That is not a support failure; it is the proof the encryption is real, because any provider that can recover your content necessarily holds a key to it. Keep your passphrase somewhere safe, such as a password manager.
What exactly does the server store?
For content: one locked envelope per record (a nonce and a ciphertext) plus the merge metadata sync needs, which is a version number, a timestamp, and a deleted flag. For accounts: your email, a salted hash of your sign-in password, the salt used for key derivation, hashed session tokens, billing entitlement rows, and daily inference token counts. It stores no plaintext content and no content key.
What can the provider still see, honestly?
Metadata. That means your account email, when your devices sync, how many records change and roughly how large they are, your daily reasoning token counts, and your billing status. It cannot see inside the envelopes. Any end-to-end encrypted service has this same residue, and the honest ones enumerate it instead of implying they see nothing.
Does voice mean the microphone is always listening?
No. The current build has no wake word and no ambient listening: the microphone is live only while you hold the talk button, and releasing it ends the take. Where a browser has no speech recognition, the button says so plainly instead of pretending to listen. Spoken replies are off by default, and any new input interrupts them.
What happens when I delete something?
The record becomes a tombstone: a marker carrying only the merge metadata, so your other devices learn about the deletion instead of resurrecting the item. The server nulls out the envelope for a tombstone, so no ciphertext remains stored for that record. Deletes compete with edits under last-writer-wins rules, so a newer delete beats an older edit and a newer edit beats an older delete.
If the servers were breached, what would an attacker get?
Envelopes without keys: ciphertext the attacker cannot decrypt, because content keys never touch the server. Sign-in passwords are stored as salted PBKDF2 hashes, not passwords, and sessions are stored as SHA-256 hashes of the tokens, not the tokens. The real exposure would be metadata and the email list, and it is honest to say that plainly.
Is the free tier less private than the paid one?
No. The tiers differ in reasoning allowance, not in privacy: a free account gets a capped daily token budget for managed inference, and an active subscription lifts that daily cap. The encryption architecture is identical for every account. There is no tier that trades your privacy for a lower price.
Can Violet act on my behalf without asking?
No. Consequential actions sit behind a confirmation gate that requires your explicit go-ahead, and the gate is enforced outside the model, so a clever prompt cannot talk her past it. The crisis protocol and the confirmation gate are also not disableable by settings.
How do I know Violet will not just make things up?
The rails are structural, not stylistic: every surface renders real data or an honest empty state, and she never claims a memory without a source. When there is nothing real to say, she says nothing, and empty screens say they are empty. Grounded surfaces carry provenance lines such as 'from your real day, nothing invented', and she will tell you when she does not know.
How is this different from a typical cloud AI assistant?
By architecture. A typical cloud assistant stores your conversations server-side in a form the provider can read, and protects them with policy: promises about access, retention, and training. Violet stores envelopes that were sealed on your device, so the protection is a property of the system rather than a promise. This is a comparison of architectures, not a claim about anyone's intentions.
Can I use Violet without the cloud at all?
That is the design. The companion can run against a local core, and cloud sync, cloud accounts, and managed inference are explicit flags that are off until turned on. While cloud sync is off, the trust panel reports exactly this: nothing leaves the device. The cloud adds cross-device sync and managed reasoning; it does not own your data.
Is Violet available today?
No. Violet is pre-launch: the apps are not in stores and there are no customers yet. There is a waitlist, and joining it stores a normalized email address plus a short source label, nothing else. The signup response never reveals whether an email was already on the list, and no confirmation email is sent yet; the product says that rather than pretending addresses are verified.
If I change or reset my sign-in password, do I lose my synced content?
The sign-in password and the content key are independent by design: the server stores a password hash it can verify, and separately returns a salt from which your device derives the content key, which the server never holds. What your data depends on is the passphrase your device uses to derive the content key: lose that, and synced content is gone. The current pre-launch build has no password reset flow yet, and it is more honest to say so than to describe one that does not exist.
Does end-to-end encryption make Violet unhackable?
No, and any product that implies that is overclaiming. End-to-end encryption protects stored and synced content from the provider and from a server breach. It does not protect a device that is itself compromised, it does not hide metadata, and it does not cover the text you send for cloud reasoning at the moment it is processed. A clear threat model states these limits up front.
Why should I believe any of these claims?
Because they are specific enough to check. The claims map to concrete mechanisms: PBKDF2-SHA256 at 200,000 iterations, a non-extractable AES-GCM key derived on the device, and a server that stores one nonce and one ciphertext per record. Inside the app, the trust panel reads its answers from live state rather than marketing copy. And you will find no testimonials, user counts, or ratings here, because pre-launch there are none.
What happens when I clear local data or sign out?
Both act on the device you are using. Clearing local data removes the app's stored keys from that browser, then repaints the trust panel to show the honest new state; if nothing was stored, it says there was nothing to clear. Signing out revokes the session on the server and expires the cookie. Neither action touches data on your other devices.
Can other users of the service see my records?
No. Every sync query is scoped by the account ID taken from a validated session, so an account can only ever read its own rows, and requests without a valid session are rejected. This is tenant isolation, and it applies to every authed endpoint, not just sync.
Does a strong passphrase still matter with 200,000 PBKDF2 iterations?
Yes. Iterations multiply the cost of each guess, but they cannot rescue a passphrase drawn from a short list of common choices. Length is the main lever, and NIST guidance favors long passphrases and screening against known-breached passwords over forced symbol rules. Since a lost passphrase is unrecoverable here, the right pattern is a long passphrase kept in a password manager.
Do proactive features mean Violet watches everything I do?
No. Proactive moments are derived only from data already in the app: the day's real events, tasks, reminders, and weather that the app just fetched for you. There are no popups or notifications in the current phase, and when you are signed out or the data is empty, the feature goes quiet instead of inventing something to say.