👉 Live Workspace: https://privakit.ai
TL;DR: PrivaKit is a client-side "Sensitive Data AI Workspace". All inference (OCR, Transcription, Image Processing) happens
strictly within your browser using WebGPU/WASM. Your images, documents, and audio recordings never leave your device.
We built PrivaKit because professionals (HR, Legal, Finance) shouldn't have to upload sensitive employment contracts, IDs, or confidential board meeting recordings to third-party cloud APIs just to extract text or remove a background.
This document outlines our technical stack and provides a guide on how to verify our zero-upload privacy claims.
1. The Stack (Under the Hood)
We utilize browser-based machine learning to bring server-grade models to the client side.
- Inference Engine: ONNX Runtime Web / Transformers.js
- Supported Local Models: Vision models (for Background Removal/Upscaling/OCR) and Audio models (e.g., Whisper for Transcription).
-
Hardware Acceleration:
- WebGPU (Primary): Uses your local GPU for parallel processing (0ms network latency).
- WASM (Fallback): Uses CPU with SIMD instructions if no GPU is detected.
- Concurrency: Web Workers API. Heavy lifting (like transcribing a 30-min audio file) is offloaded to a background thread to keep the UI fully responsive.
2. Data Flow Diagram
Here is the lifecycle of your sensitive data when using PrivaKit:
[User Device] [Internet / Cloud]
| |
| 1. Load Page Assets (HTML/JS/CSS) <--------- | 🌐 Vercel CDN
| |
| 2. Download Model Weights (*.onnx) <-------- | 🤗 Hugging Face / CDN
| (Cached permanently after 1st load) | (One-time download)
| |
| ============================================ | 🛑 FIREWALL
| NO DATA CROSSES THIS LINE |
| ============================================ |
| |
[User Input: Image / PDF / Audio File] |
| |
v |
[Browser Memory (Blob)] |
| |
v |
[Web Worker] --> [ONNX Runtime] --> [Local GPU] |
| ^ |
| | (Compute) |
v v |
[Output: Mask / OCR Text / Audio Transcript] |
| |
v |
[Canvas/DOM Rendering] -> [User Download] |
3. How to Verify (Don't trust, Verify)
We encourage all technical users to audit our network activity. Here is how to prove your data stays local:
Method A: The "Airplane Mode" Test (Easiest)
- Open PrivaKit and select any workflow (e.g., Transcription).
- Wait for the model to download (look for the "Ready" indicator).
- Disconnect your WiFi / Unplug Ethernet.
- Drop an audio recording or an ID photo into the tool.
- Result: The AI will process the file completely offline. Cloud-based wrappers fail this test instantly.
Method B: Chrome DevTools Audit
- Open Chrome DevTools (F12) -> Network tab.
- Upload a file and process it.
- Observe: You will see zero POST requests containing your file blob or form data. No external API endpoints are called during inference.
## 4. Network Requests Explained
To ensure full transparency, here are the only network requests you will see:
| Resource Type | Domain | Purpose | Privacy Impact |
| :--- | :--- | :--- | :--- |
| HTML/JS/CSS |
https://privakit.ai| UI rendering. | None | | Models (.onnx) |huggingface.co/ CDN | Downloading the AI "Brain". We download the model to you; we never upload your files to the model. | None | | Analytics | Self-hosted Node | Anonymous aggregate usage stats. | Zero PII. No Cookies. |
5. Radical Analytics Transparency
To respect your digital privacy, we do not use Google Analytics or any third-party tracking scripts.
Instead, we use an open-source instance of Plausible Analytics, securely self-hosted on an isolated lightweight node (2-core, 4GB) in Singapore.
• No Cookies: We do not set any tracking cookies on your device.
• No PII: We do not log IP addresses or personal identifiers.
• Ad-blocker friendly: If your browser blocks our self-hosted Plausible script, the AI tools will still work perfectly. We prioritize your workflow over our metrics.
If you find any discrepancies in this report, please open an issue. Data sovereignty is our core principle.
Top comments (0)