OpenGradientOpenGradient Chat
    Go to app
    All posts
    Adam Balogh4 min read

    What Is Private AI - and Why It Matters

    Your AI conversations shouldn't be someone else's data.

    • privacy
    • anonymity
    • explainer
    • ai

    Most "private" AI features are really about retention - turning off history, deleting chats, opting out of training. Useful, but they share a blind spot: the request still arrives attached to you. The provider could choose to forget it. It still knew.

    Private AI chat is a different guarantee. It's not "we'll forget what you asked." It's "we never knew it was you asking." You can put a question to ChatGPT, Claude, Gemini, or Grok and have your identity stripped from the message before it ever reaches the model.

    Why it matters

    AI has quietly become the place people reason through the most private parts of their lives. Not just "what's the capital of France" - but the symptom they're scared to search, the legal letter that just arrived, the money mistake they haven't told anyone, the relationship they're trying to make sense of. People type things into a chat box they would never say out loud to a friend, a doctor, or a lawyer.

    That makes an AI conversation a fundamentally more revealing record than a search query ever was. A search is a few words. A conversation is your reasoning, your fears, your situation in detail - often with the specifics that identify you sitting right there in the text. And with an account-bound assistant, every one of those exchanges becomes a durable record under your name.

    Durable records don't stay where you left them. They get breached. They get subpoenaed. They get sold when a company is acquired or goes bankrupt. They get repurposed for ads or training under a policy that changes after you've already typed the question. You're trusting not just today's provider and today's policy, but every future owner of that data and every party who can compel it.

    So people adapt. They either don't ask the question that matters, or they sanitize it until the answer is useless - leaving out the detail that would have made the help actually help. That's the chilling effect, and it bites hardest exactly when the stakes are highest. The point of privacy here isn't having something to hide. It's that the freedom to ask is the freedom to think, and to learn. Anonymity removes the tax on asking honestly.

    The questions people genuinely sit on:

    • A symptom they're scared to search.
    • A legal letter that just arrived.
    • A money mistake they don't want on the record.
    • A question their employer, insurer, or government shouldn't see.

    These aren't edge cases. They're ordinary moments in ordinary lives - and they're precisely the ones where a real answer is worth the most.

    How it's built

    Privacy here isn't a checkbox. It's two independent layers placed in series, each removing one half of the correlation between who you are and what you asked. Compromise one and the other still holds.

    1. Network anonymity (OHTTP relay). Your prompt is encrypted on your device, then routed through a relay that sees your IP but only an opaque ciphertext blob — never your prompt. The gateway downstream gets the prompt but never your IP.
    2. Content isolation (TEE gateway). The gateway runs inside a sealed, remotely attested enclave. It decrypts your prompt, calls the model, and re-encrypts the response in memory the operator can't read or log. (Your client verifies that attestation before anything is decrypted, so "trust us" is replaced with proof.)
    3. Client-side history. Your conversations never touch a server. They're sealed in your browser with a key that lives only on your device.

    Put those in series and no single party ever holds both your identity and your content:

    PartySees your IPSees your prompt
    OHTTP relayYesNo - ciphertext only
    TEE gatewayNoYes, in sealed memory
    Model providerNoYes, anonymized
    OpenGradient operatorNoNo

    The full technical breakdown is here.

    What it's not

    Private AI isn't magic, and pretending otherwise would undercut the whole point:

    • The model provider still sees the contents of your prompt - just not who sent it. To the provider, every user looks the same.
    • Account-level data you choose to give (email, plan, billing) is still held by OpenGradient under standard data protection.
    • Coarse timing and traffic volume aren't hidden. An adversary watching both ends of the network at once could still attempt to correlate them. This is mitigated with batching — reduced, not eliminated.

    Honest anonymity is about removing the identity-to-content link, not promising the impossible. Anyone who claims the latter is selling you something.

    The point

    You shouldn't have to choose between getting a real answer and keeping a question to yourself. Private AI chat means you can ask the thing you'd otherwise sit on - and nothing traces back to you.