Privacy Architecture: How We Built Onairos Without Compromising Your Data

Introduction

In today's digital world, personalization often comes at the cost of privacy. Most platforms demand your data to deliver tailored experiences, creating a false choice between convenience and control. They then steal, misuse, or sell your data. From the very beginning, we've made choices and chosen paths that may not have been the most straightforward, but they allowed us to build the foundations of the most private and personal AI engine out there.

At Onairos, we've forged a new path: true personalization that puts ownership and control squarely in your hands. Our thesis is simple—to create AI models that simulate you, by definition, you must own them!

Introducing the Future: Privacy at Onairos

No one can stop you from accessing your data. No one else can even read your data. Not even us.

The Four Pillars: Our Privacy Philosophy

Privacy isn't an afterthought at Onairos—it's the foundation. Our approach rests on four core principles:

Under the Hood: Technical Implementation

Onairos combines cutting-edge cryptography, secure storage solutions, and privacy-enhancing technologies to deliver functionality without compromise. We prioritize verifiable privacy, ensuring that unauthorized access is not just policy-prohibited but cryptographically infeasible.

Your Data, Your Kingdom: Secure Decentralized and Local Storage

We believe we should never control or restrict your activity, even under the guise of additional security. That's why we implement secure and trusted storage using permanent decentralized systems like Arweave (similar to IPFS) or local storage options. This means we can NEVER stop you from accessing your Onairos model and the beneficial personalization it offers, while still maintaining encryption and other security guarantees.

These solutions ensure immutable proof of ownership and tamper-resistant records—without any central custodians holding your data. You can choose local storage on your device for complete offline control, or opt for decentralized cloud storage where data is distributed and accessible only by you.

Trust Math, Not Us: Zero-Knowledge Proofs for Private Personalization

Why trust us? We believe you should trust math first, yourself second, and us third. To that end, we're rolling out computational verification. This means you can privately verify whether anyone has tampered with or interfered in your model training or usage, or if someone has accessed it without your consent.

We use mathematical methods called Zero-Knowledge Proofs (ZKPs) to verify computations on your data—without leaking any information to us or anyone else! For added protection, we incorporate blind indexing for searches: we store hashed search tokens that can't be reversed, exposing no meaningful information. Vector embeddings for AI search are protected with per-user secret transformations, preserving functionality while hiding semantics.

Fort Knox for Your Mind: End-to-End Encryption with Ephemeral Keys

All data is encrypted client-side with military-grade standards (e.g., AES-256, post-quantum ready). Processing happens in secure enclaves or on-device. On-device rollout for all Onairos functionality will begin shortly.

To enhance security, we use ephemeral keys generated only during active sessions. These keys exist solely in volatile memory and are destroyed immediately after use, providing forward secrecy—ensuring past data can't be decrypted even if systems are compromised later. Your master key is generated on your device and never stored in plaintext on our servers.

Verifiable Compute: Trust, But Verify

What happens when computation can't happen on your device? For complex AI operations that require more power, we've built a verifiable compute layer that ensures every operation is cryptographically proven to be correct—and private.

The Verifiable Compute Stack

1. Secure Enclaves (TEEs)
Hardware-isolated execution environments like AWS Nitro Enclaves or Intel SGX. Your data is processed in a sealed environment that even cloud providers cannot access. TLS traffic terminates inside the enclave, with general servers acting as blind relays for encrypted data.

2. Zero-Knowledge Proofs (ZKPs)
Mathematical proofs that verify computations were performed correctly without revealing the underlying data. You can verify the output is genuine without us seeing your inputs.

3. Attestation & Audit Logs
Every computation generates a cryptographic attestation—proof that the correct code ran in a secure environment. These are immutably logged for your verification. We support open-source code and reproducible builds, so you can verify that the code running matches what's published.

4. Zero Data Retention for AI Providers
When we integrate with external LLMs (e.g., for advanced processing), we enforce strict Zero Data Retention (ZDR) contracts: data is discarded immediately after use, with no training or logging. Calls are made directly from enclaves to prevent interception.

The result? Even when we process your data in the cloud, you can mathematically verify that:

• The computation ran exactly as specified
• No one accessed your raw data—not even Onairos
• The results haven't been tampered with
• Your data was deleted after processing

This is the future of AI: powerful enough to understand you, private enough that you never have to trust anyone but mathematics and verifiable hardware.

Threat Model: What We Protect Against

To build trust, we openly define our threat model:

• Operator Snooping: Defended by enclave isolation and ephemeral keys—we can't access your data.
• Data Breaches: Encrypted data is useless without your keys.
• Retroactive Attacks: Forward secrecy ensures past sessions stay secure.
• Third-Party Providers: ZDR contracts and enclave-terminated TLS minimize risks.

Limitations: If you lose your master key (with no backup), data recovery is impossible by design—this enforces true privacy. We don't defend against compromised user devices, as that's outside our control.

Why Privacy Wins: The Business Case

Privacy isn't just ethical—it's smart business. Users increasingly demand it, regulations enforce it, and it drives long-term trust and growth. People rarely trust anyone, let alone AI companies. If users trust you, you win.

The Path Forward: Conclusion

Onairos proves that privacy and innovation aren't trade-offs—they're allies. By design, your data stays yours.

Frequently Asked Questions

What data does Onairos actually store?
We store only the minimum metadata required, fully encrypted. Your personal data never leaves your control. For full details, see our Privacy Policy.

How do zero-knowledge proofs work in practice?
Think of it like proving you're over 18 without showing your ID. We can verify facts about your preferences without ever seeing the underlying data.

Is Onairos compliant with GDPR/CCPA?
Yes. Our architecture exceeds regulatory requirements by design. See our Privacy Policy for compliance details.

Can I export or delete my data?
Absolutely. You have full data portability and the right to deletion at any time through your account settings.

How does Onairos ensure no one else sees my data?
End-to-end encryption means data is encrypted on your device before it ever leaves. Not even Onairos can decrypt it, thanks to ephemeral keys and secure enclaves.

Is Onairos security audited?
Yes. We undergo regular third-party security audits and penetration testing.

How is my data used?
Your data is used solely to power your personal AI model. We never sell, share, or monetize your data. We also never use it for training external models, enforced by ZDR protocols. Full details in our Privacy Policy.

What if I lose my key?
By design, we can't recover it—this ensures no one else can either. We provide backup options like recovery phrases.

How can I verify your code?
Our critical components are open-source with reproducible builds. Check our GitHub for details and verify hashes yourself.