Data privacy
What data actually leaves your machine when you use an AI model?
With a hosted API, your prompt and any files you attach travel over the network to a vendor's servers for processing. With a model running on your own hardware, the same text never leaves the device.
There are two basic ways to run a large language model, and they differ in one concrete way: where the computation happens.
A hosted API (the way most people use ChatGPT, Claude, or Gemini) runs the model on the vendor’s servers. When you send a prompt, the text you typed, plus anything you attach such as a document, an image, or a code file, is transmitted over the internet to that vendor. The model reads it there, generates a reply there, and sends the reply back. Your input has left your machine and now sits, at least briefly, on someone else’s computer.
A local model runs on hardware you control: your laptop, a workstation, or a server in your own building. The prompt and the reply stay on that device. Nothing is sent to a third party, because there is no third party in the loop.
This is the distinction the rest of this topic builds on. Once data has left your machine, two further questions matter, and the vendors answer them in their own published policies. Will they use your data to train their models? And how long will they keep it? Those are covered in the next pages. The privacy story for a local model is shorter, because the data never leaves to begin with.
“Hosted” is the default Almost every consumer AI product and developer API is hosted. Running a capable model on your own hardware is possible but takes deliberate setup. That gap is why the policy questions below matter for so many people.