Privacy-First Architecture

Trust & Compliance

caiioo is locally-executing software. We don't process, store, or access your data. All processing happens on your device, in your browser, under your control.

Zero Data Export

Not a Data Processor

Zero Entry Point

Privacy by Design

ESOF Security Certified

How It Works

caiioo is a local software application and cross-platform system that runs entirely on local devices. Unlike SaaS platforms, the company has no servers that receive, process, or store your conversations, prompts, settings, outputs, or attachments. Any connections to third-party AI services are made directly from your device using your credentials. We are a software vendor, with our only cloud services being for licensing and encrypted private relay.

Data Processing & Privacy

GDPR

Non-Processor Status

caiioo is a locally-executing software application. Unlike SaaS platforms, caiioo the company does not process, store, or have access to the data handled by the extension. All data processing occurs within the user's local browser environment.

Under GDPR, caiioo is a Software Vendor, not a Data Processor, as we do not handle personal data on behalf of the customer.

Zero Export

Zero Data Export

The extension is designed to function as a secure envelope. No confidential information, prompts, or personal data are ever sent to caiioo servers.

The only data exported to our systems is limited to non-sensitive billing and account management metadata: email, display name, and avatar.

HIPAA & Regulatory Compliance

HIPAA

Not a Business Associate

caiioo does not create, receive, maintain, or transmit Protected Health Information (PHI) as defined by HIPAA. The extension functions as a local tool, similar to a local text editor or browser.

Because caiioo (the company) never has routine access to the data being processed by the user, it does not qualify as a Business Associate or Subcontractor.

Direct Connect

User-Controlled Connectivity

Any connection to third-party LLMs is established directly from the user's device. caiioo does not act as a proxy or intermediary for these data streams. Your API keys, your credentials, your direct connection.

Security Architecture

SOC 2

SOC 2 Applicability

caiioo does not host, store, or manage customer data. As such, a SOC 2 Type II audit—which focuses on cloud service controls—is not applicable to our business model. Our security focus is on:

Code Integrity — cryptographically signed releases and open audit trail
Secure Sandbox — browser extension architecture enforces strict isolation

GDPR

GDPR Compliance

We are fully GDPR compliant through Data Minimization and Privacy by Design. By ensuring that we never receive personal data, we eliminate the risks associated with data residency and international transfers.

Data Minimization — we collect only email, name, and avatar for account identification
Privacy by Design — the architecture makes it impossible for us to access your data

Zero-Entry-Point Architecture

caiioo is a Zero-Entry-Point client application. By executing entirely within the browser's secure sandbox and initiating only outbound, user-authorized connections to existing SaaS providers, caiioo delivers AI capabilities without expanding the organization's external attack surface.

Architectural Security Principles

caiioo's architecture eliminates entire categories of risk by design.

No Increase in Attack Surface

caiioo does not act as a server—it is a client-side agent. The extension does not open any ports on the user's device or the corporate firewall. Connections to Google Workspace or Cloud LLMs are initiated outbound from the browser, using the same HTTPS/TLS protocols already approved by the organization. Because there is no "caiioo Cloud" acting as a proxy, an attacker cannot breach caiioo's infrastructure to gain access to the customer's internal network.

The Secure Envelope

caiioo operates within the Chrome/Edge extension sandbox. This provides process isolation—the software cannot access the user's file system or other applications outside the browser—and permission scoping, where the extension only interacts with the specific web pages and APIs explicitly granted by the user.

Non-Custodial Data Flow

caiioo (the company) is never a party to the data exchange. In the standard model, data flows directly from the browser to the LLM provider. In the local model, data never leaves the user device. In both scenarios, caiioo's servers only handle metadata related to subscription status—never the content of prompts or documents.

Deployment Models

Standard (Hybrid Cloud)

Browser connects directly to cloud AI providers and Google Workspace. caiioo auth receives only billing metadata.

Air-Gapped (Fully Local)

All AI processing via local Ollama server. Only outbound connection is license validation. Zero data export.

Verify it yourself

The privacy claims on this page are structural — they hold because of how the code is written, not because of what we promise. We've published the security-critical files in a public repository so anyone can read, audit, or reference them.

Read the security-critical code on GitHub

What's in the public repository

The OAuth connection module — proves Workspace OAuth tokens are stored encrypted on your device, not on our servers.
The relay's WebSocket Durable Object — proves the message bus is end-to-end encrypted; we route ciphertext but cannot read it.
The OAuth code-exchange handler — proves it's a stateless proxy that does not persist tokens.
The full database schema and migrations — proves what columns we have and, more importantly, what columns we don't.
An ARCHITECTURE.md narrative — walks each privacy claim back to a specific file and line.

What's not in the public repository

The agentic orchestrator, the side-panel UI, the modes and prompts, internal admin tooling, and the deployment scripts remain proprietary. They're not load-bearing for the privacy claims, and open-sourcing them is a separate decision.

Watch the actual network traffic

If reading code isn't your preferred verification method, run a network monitor (Little Snitch on macOS, GlassWire on Windows, Wireshark anywhere) while using caiioo. Your Workspace data goes from your device to Google, full stop. The traffic to our infrastructure covers a small, enumerable list of operations: OAuth code-exchange, license validation, content fetches, the encrypted device-to-device message bus, and opt-in messaging webhooks. None of those carry your Workspace content.

See the full traffic table in our blog post →

Found a security issue?

We treat security researchers as collaborators. Email [email protected], or read the full disclosure policy in SECURITY.md in the transparency repo. We commit to acknowledgement within two business days.

Data Flow Architecture

Understanding where your data lives and who can access it.

Your Device

Conversations & history
API keys & credentials
Settings & preferences
Files & attachments

Direct Connection

Your device connects directly to AI providers (OpenRouter, Ollama, Google, etc.) using your credentials. caiioo is never in the middle of this connection.

caiioo Servers

No conversation data
No personal information
Only billing metadata

caiioo v. AI Cloud Services

Fewer hops, no permanent external copies, and local-first storage and processing means fewer attack surfaces.

Traditional AI SaaS

You

Your prompts, files, conversations, habits, preferences, context

↓

Everything sent to their servers

SaaS Platform (Centralized)

All Users' Data in ONE database

Training Pipeline Your data improves THEIR model

Behavioral Analytics Usage profiling, ad targeting

Employee Access Staff can read chats

Third-Party Partners Advertisers, brokers

Gov / Legal Requests Subpoenas, warrants

↓

All data flows downstream

Integration Middleman

SaaS Proxies Your Integrations Calendar, email, files flow THROUGH the platform

They See Everything Your events, contacts, documents — logged and retained

↓

Internal AI Pipeline (Hidden from You)

Their Own AI Models Data retained for "service improvement"

Sub-Processors Data forwarded to 3rd-party AI without your consent

Log Retention Prompts stored 30–90+ days

No ZDR Guarantees Sub-processors may retain, log, or train on your data

Each hop = another copy of your data outside your control

↓

DATA BREACHMillions exposed from one server

CORPORATE MISUSEPolicy changes, sold data

SUPPLY CHAIN LEAKSub-processor breach exposes your data

GOV SURVEILLANCEBulk warrants, mass collection

CRIMINALSIdentity theft, fraud, extortion

ROGUE EMPLOYEESInsider access to read, copy, or sell data

6+copies of your data
across servers you don't control

YOUR DATA LIVES IN:

Their central database
Their training pipeline
Their analytics systems
Their sub-processors' logs
Their partners' systems
Unknown downstream services

caiioo (Private-First + Zero Data Retention)

You

Your prompts, files, conversations, habits, preferences, context

↓

Stays on device

YOUR DEVICE — Everything stays here

Your Device (Local-First)

Your Data — ONLY yours

Context Awareness Your data improves the accuracy and style in which caiioo responds to you

AI Agent Runs locally

E2E Encrypted Private Sync Your Durable Object

AI Model — Choose Your Path

Option A: Local (Ollama)

Fully On-Device AI Model runs locally. Nothing leaves your machine. Zero network exposure.

Stays inside device boundary

Option B: OpenRouter (ZDR)

ZDR Enforced Enterprise contracts guarantee zero retention

No Logs, No Storage Prompts not retained by provider

No Training API traffic excluded from training

Switch Anytime Claude, GPT, Gemini — no lock-in

Prompt in → Response out → Nothing retained.
Only current prompt sent (stateless). Contractually guaranteed.

External — crosses device boundary

Selective outreach — only what the prompt requires, nothing more

Tool & API Integrations (BYOA)

Your credentials, direct connection — as directed by you

BYOA — Bring Your Own Account

Your OAuth, Your Connection Google Calendar, email, files connect with YOUR credentials directly to the service API

No SaaS Proxy caiioo never touches your integration data. It stays between you and the API.

No Middleman Logging Calendar, contacts, files — all accessed directly. No caching or retention by caiioo.

0permanent copies of your data
on anyone else's servers

YOUR DATA LIVES IN:

Your device

That's it.

ZDR = Zero Data Retention
No logs. No storage. No training.
Contractually enforced by OpenRouter.
caiioo's ZDR filter ensures only
ZDR-compliant models are shown.

Concrete Risk Comparison: Attack Surface by Scenario

Risk Scenario	Traditional SaaS	caiioo	Attack Surface
Centralized Data Breach Attacker compromises server infrastructure	✘ Millions of users' chats, files, and personal data exposed in a single event. Centralized DB = jackpot target.	✔ No centralized store exists to breach. Each user's data lives only on their device. Individual device risk remains, but no mass exposure.	● HIGHvs● MINIMAL
AI Pipeline Data Retention Your prompts stored in provider logs	✘ SaaS retains prompts 30–90+ days for "service improvement." Sub-processors may also retain.	✔ OpenRouter enforces ZDR — no log retention, no storage. Local models retain nothing.*	● HIGHvs● MINIMAL
Supply Chain / Sub-Processor Leak Data forwarded to third-party AI without consent	✘ SaaS may route data through unknown sub-processors. No ZDR guarantees downstream.	✔ OpenRouter's ZDR covers all providers shown when ZDR filtering is on. Local models have no network exposure.	● HIGHvs● MINIMAL
Model Training on Your Data Private conversations used to train AI	✘ Opt-out buried in settings, often on by default for consumer tiers. Sub-processors may train on retained data.	✔ ZDR providers have no data to train on. API traffic contractually excluded. Local models never leave device.	● HIGHvs● MINIMAL
Spearphishing / Identity Attacks Leaked AI conversations fuel targeted attacks	✘ Breached chats reveal interests, schedules, contacts, writing style — ideal for targeted phishing.	✔ No server-side store = no bulk data for attackers. Brief in-transit processing exists, but no persistent data to exfiltrate.	● HIGHvs● MINIMAL
Behavioral & Usage Profiling Usage data aggregated into profiles	✘ Privacy policies typically permit usage analytics, partner data sharing, and behavioral profiling.	✔ No analytics pipeline. No partner access. No retained logs. caiioo processes locally; OpenRouter doesn't store conversations.	● HIGHvs● MINIMAL
Government / Legal Requests Subpoenas, warrants, and bulk data orders	✘ Company must comply. Retained logs and sub-processor records can all be compelled.	✔ No server-side data to subpoena — ZDR providers retain nothing. Private Sync is E2E encrypted.	● HIGHvs● MINIMAL
Unilateral Policy / ToS Changes Company retroactively expands data usage	✘ They hold your data. Retroactive ToS can expand usage to training, advertising, or sharing.	✔ caiioo holds no data to monetize. ZDR providers retain nothing. Policy changes can't affect what was never stored.	● HIGHvs● MINIMAL

* This chart assumes caiioo's ZDR filter is enabled. When ZDR mode is on, caiioo only shows AI models for which OpenRouter contractually enforces zero data retention — providers that don't offer ZDR are automatically excluded from the model list.

THE CORE DIFFERENCE

Traditional SaaS creates a centralized honeypot of intimate data, then passes it through an opaque chain of sub-processors with no zero-data-retention guarantees.

caiioo keeps data on your device, runs AI locally via Ollama or routes calls through OpenRouter's ZDR gateway, and connects to tools directly with your own credentials (BYOA) — ensuring zero permanent copies of your data exist on any server.

How Does caiioo Protect My Privacy?

caiioo was designed from the ground up as a privacy-first agent platform. Here are the concrete protections built into every layer of the product.

Privacy by Pedigree

caiioo was architected by Fellows of Information Privacy (FIP), CISSP-certified security experts, CIPP-certified privacy professionals, and AIGP-certified AI governance professionals, in consultation with data protection counsel — making it the first truly privacy-by-design agentic platform built from the ground up.

#	Privacy Principle	What We Built	How It Works
1	Data Minimization	Radical Data Minimization	We collect only your email address and display name for account billing. No usage data, no browsing history, no conversation content, no analytics, no telemetry — nothing else. Ever.
2	Notice & Consent	Just-in-Time Action Consent	Before the AI performs any impactful action or connects to an external third party, caiioo displays a clear notification showing intent, action details, and risk level — requiring your explicit approval.
3	Data Portability	Full Data Portability	Your data belongs to you and can be exported at any time through the built-in backup and restore system. You are never locked in — take your conversations, settings, and configurations with you.
4	Confidentiality & Integrity	Zero-Knowledge Encrypted Private Sync	AES-256-GCM encryption with PBKDF2 key derivation (100,000 iterations). Data stored in your Google Drive, encapsulated in encryption not even Google can read. Lose your passphrase, and not even we can recover it.
5	Purpose Limitation	Zero Analytics & Telemetry	No analytics services, no tracking pixels, no event collection, no error reporting that phones home. We have zero visibility into how you use the product.
6	Consent & Transparency	Incremental Permission Requests	OAuth scopes are requested only when you first use a specific feature — not upfront. Clear explanation of what is being requested and why, every time.
7	Right to Erasure (Art. 17)	Right to Erasure	Comprehensive data deletion tools from surgical precision to full purge. Erase individual conversations, clear caches, or wipe all data entirely — you control what goes.
8	Storage Limitation	Keep What Matters, Discard the Rest	Unlike platforms that force all-or-nothing deletion, caiioo lets you flag what to keep and automatically discard the rest. Configurable retention policies clean up accumulated data over time.
9	Privacy by Design & Default	Local-First Architecture	Run AI models locally with Ollama, on-device speech recognition (Whisper) and TTS (Kokoro), store everything locally. Operates completely offline — zero data needs to leave your machine.
10	Storage Limitation	Zero Data Retention Model Selection	Filter and select AI models with ZDR policies — the provider processes your request and immediately discards it. No logging, no training, no retention.
11	Data Subject Rights	Granular Location Controls	Choose between no location sharing, city-level precision, or full address detail. Disable with one click — all cached location data is immediately and permanently cleared.
12	Transparency	Transparent AI Actions	Every tool that can write, modify, send, or delete data requires your explicit approval. Read-only tools (search, browse, summarize) run without interruption. You see the intent, action details, and risk level before anything with side effects executes. Nothing consequential is hidden or automatic.

Questions about our security posture?

Read our full Privacy Policy for detailed information about how data flows through the extension, or get started with caiioo today.

Read Privacy Policy Get Started Free