Why local? Always.

The intimacy hierarchy

Not all data is equal. Your Spotify history is not your therapy session. Your Netflix recommendations are not the message you sent your partner at 2am.

There is a hierarchy of data intimacy:

Level 1: Preferences. Jazz. Dark roast. Annoying to lose. Not devastating.

Level 2: Behaviour patterns. Gym at 6am, LinkedIn at lunch, YouTube until midnight. Habits and vulnerabilities, abstracted.

Level 3: Relationships. Who you talk to, how often, what you discuss. The warmth, the tension, the people you are drifting from. A map of your social world.

Level 4: Conversations. What you actually said. Jokes, confessions, half-formed ideas, arguments, apologies. Your inner life made text.

Level 5: Self-reflection. Journal entries, coaching notes, the patterns in how you communicate. The most intimate data that exists in digital form.

Most “personal AI” products operate at levels 1–2 and store everything in the cloud. Fine for preferences. But levels 3–5 – relationships, conversations, self-reflection – have no business on someone else’s servers. Not because they will misuse it. Because they could.

Cloud is a convenience tax. Privacy is what you pay with.

Cloud AI companies protect your data with privacy policies. A privacy policy is a legal document that says: “We choose not to misuse your data.” It is a promise. Promises break.

Promises break by:

• Breaches. Equifax. Yahoo. LinkedIn. Facebook. The question is not if. It is when.
• Acquisitions. The company that promised gets bought. The new owner has different priorities. Your data is now an asset on someone else’s balance sheet.
• Terms changes. The policy updates. They email you. You do not read it. Nobody does.
• Subpoenas. A government requests your data. The company complies, because they must. Your conversations are now evidence.
• Employee access. Someone at the company can read your data. They probably will not. But they can.

Architecture beats policy because policy is a promise and architecture is a fact. A safe with no door cannot be opened. A server with no data cannot be subpoenaed. We did not choose architecture because it is fashionable. We chose it because it is the only thing that holds.

On-device, but not all of the time

Apple deserves credit. Apple Intelligence puts a model on your phone. Private Cloud Compute is a serious, well-engineered attempt to keep cloud inference verifiable and stateless. It is the best-in-class compromise.

But read the architecture honestly. When the on-device model is too small for the request, the request leaves your device. PCC is “designed to be private.” That is a phrase doing a lot of work. The servers are still theirs. The compute is still off your hardware. The promise is still a promise.

If “designed to be private” is the bar, the bar is too low for level 5 data. There is a higher bar. It cannot leave.

Ostler is local-only. By construction.

Local-first means your data lives on hardware you own. Not “encrypted in our cloud.” On your Mac, in your house, on your network.

The AI model runs on your hardware via Ollama. The databases (Qdrant, Oxigraph, Valkey) run as launchd services on your Mac. There is no cloud server receiving personal data. There is nothing to breach, acquire, subpoena, or access. (Ostler does fetch public data from the internet – Wikidata, web search results – but personal data only flows inward, never outward.)

Pull the ethernet cable. Ostler keeps working. That is the test. The full cryptographic detail lives on the security architecture page.

Why this is the only responsible option

You would not store your paper journal in a stranger’s house because the storage was free. You would not hand your therapist’s notes to a marketing department because the database was “designed to be private.” The intimacy of the data sets the bar for the architecture.

Cloud AI is fine for level 1 and 2 data. It is the wrong place for the rest. On-device-with-fallback is closer, and Apple is doing the work. But the only architecture where your level-5 data is structurally safe is the one where it never leaves your hardware in the first place.

Local-first is not “more private.” It is the only architecture where privacy is a property of the system instead of a clause in the contract.

The standard objections, answered

“But cloud models are bigger.”

True in 2023. Less true in 2026. A Mac Mini M4 runs Qwen 3.5 (9B parameters) at 30 tokens per second. That is fast enough for conversational AI, document analysis, fact extraction, and knowledge graph queries. It is not GPT-5. It does not need to be. The task is your personal knowledge, not general intelligence. You do not need a frontier model to answer “when did I last see James?” You need a model with access to your data – and local is the only way to give it that access without the trust problem.

“But cloud is cheaper.”

Run Ostler on any Apple Silicon Mac you already own. Perplexity charges $50 per month for cloud AI on a dedicated Mac Mini they ship to you. Ostler is $99 once for the Hub (yours forever) and $9.99/month for Ostler Pro – and your AI queries are unlimited because the compute runs on your hardware, not their cloud. No token caps. No quota emails. Your Mac does the work. You pay for the intelligence layer, not the compute.

“But cloud is more convenient.”

Cloud is easier to start. We are not pretending otherwise. Local requires running an installer, pulling models, and running import scripts. The current installer takes about 30 minutes and we are working to make it shorter. Some friction is the right price for data that will be with you for the rest of your life. You would not store your paper journal in a stranger’s house because it was more convenient. Your digital one deserves the same respect.

The trajectory

Local AI gets better every year. Models get smaller and faster. Apple Silicon gets more powerful. The performance gap between cloud and local closes. The privacy gap between cloud and local does not.