Privacy isn't a policy.
It's architecture.
Every design decision at Ferox AI starts with one question: does this protect the user? If the answer isn't definitively yes, we don't build it.
Our Approach
Local-First Processing
Approximately 80% of all AI tasks are handled entirely on your device using Gemma 3 12B, optimized for Apple Silicon. Your documents, conversations, and data never leave your machine for routine tasks.
PII Scrubbing Pipeline
When you choose to escalate a query to frontier cloud models, it passes through a 6-layer pipeline that detects and replaces personally identifiable information with synthetic tokens. Names, addresses, dates, ID numbers, and other sensitive entities are scrubbed before any data reaches the network.
Zero Telemetry
Ferox Nodus contains no analytics, no telemetry, no tracking, no usage reporting. We do not collect, store, or transmit any information about how you use the application. Period.
Hardware-Backed Encryption
All local data is encrypted using your device's Secure Enclave. Encryption keys never leave your hardware.
Six layers between
your data and the cloud.
Privacy isn't a policy — it's architecture. Every query passes through six protection layers before anything reaches the network.
Your Device
Local Inference
AI runs entirely on your hardware. No network calls.
Document RAG
Your documents indexed locally. Never uploaded.
PII Scrubbing Pipeline
PII Detection
GLiNER NER model identifies sensitive entities.
PII Replacement
Names, addresses, IDs replaced with synthetic tokens.
Audit Logging
Every scrubbing action logged locally for compliance.
Cloud (Scrubbed Only)
Cloud Relay
Scrubbed query sent to frontier model via Toronto relay.
↑ Your device never shares raw data ↑
Compliance
PIPEDA
Federal Personal Information Protection and Electronic Documents Act. Our local-first architecture minimizes data collection to meet and exceed PIPEDA requirements.
PIPA (Alberta)
Alberta's Personal Information Protection Act. Ferox AI is headquartered in Calgary and built to comply with provincial privacy requirements.
Law 25 (Québec)
Québec's Act respecting the protection of personal information. Our data minimization approach aligns with Law 25's strict requirements.
Canadian Data Sovereignty
All cloud infrastructure is Canadian. Our relay server operates in Toronto, ON. No data crosses international borders.
What We Collect
| Data Type | Collected? | Notes |
|---|---|---|
| Chat content | No | Stays on your device |
| Documents | No | Indexed locally only |
| Usage analytics | No | Zero telemetry |
| Crash reports | No | Opt-in only if added |
| Payment info | Paddle | Handled by Paddle (MoR) |
| Email (waitlist) | If provided | Optional, newsletter only |