[{"data":1,"prerenderedAt":256},["ShallowReactive",2],{"blog-privacy-architecture-deep-dive-local-files-and-encrypted-ai-calls":3},{"id":4,"title":5,"author":6,"body":9,"date":241,"description":242,"extension":243,"image":244,"meta":245,"navigation":246,"path":247,"published":246,"seo":248,"stem":249,"tags":250,"__hash__":255},"blog/blog/privacy-architecture-deep-dive-local-files-and-encrypted-ai-calls.md","Privacy Architecture Deep Dive: Local Files and Encrypted AI Calls",{"name":7,"to":8},"Brand Peel Team","https://x.com/jonasfroeller",{"type":10,"value":11,"toc":230},"minimark",[12,16,19,22,27,30,38,57,60,64,67,70,73,84,88,91,94,112,115,118,122,125,136,139,142,146,149,163,167,170,173,176,187,190,194,197,212,221],[13,14,15],"p",{},"Privacy is easy to market and harder to implement.",[13,17,18],{},"For a branding product, that matters. Strategy docs often include sensitive product plans, positioning bets, and launch messaging that teams do not want scattered across random cloud tools.",[13,20,21],{},"So this post explains the architecture directly.",[23,24,26],"h2",{"id":25},"_1-local-first-by-default","1) Local-first by default",[13,28,29],{},"Brand Peel runs as a desktop app and stores project artifacts in local app data.",[13,31,32,33,37],{},"At the storage layer, project data is written under a local ",[34,35,36],"code",{},"unpeeled-content"," directory, including:",[39,40,41,45,48,51,54],"ul",{},[42,43,44],"li",{},"project metadata",[42,46,47],{},"chat history",[42,49,50],{},"brand documents",[42,52,53],{},"generated theme files",[42,55,56],{},"logo assets and related graph/batch data",[13,58,59],{},"This local-first model keeps your working brand system on your machine as the primary source of truth.",[23,61,63],{"id":62},"_2-what-leaves-the-device","2) What leaves the device",[13,65,66],{},"AI generation still requires network requests. That is expected.",[13,68,69],{},"In production, the app API base URL is configured to an HTTPS endpoint, and authenticated requests are sent with bearer auth plus device proof headers where relevant.",[13,71,72],{},"In practical terms:",[39,74,75,78,81],{},[42,76,77],{},"your local project files remain local",[42,79,80],{},"generation/billing requests go over encrypted transport",[42,82,83],{},"server-side usage records track billing and entitlement state",[23,85,87],{"id":86},"_3-device-proof-without-raw-identifiers","3) Device proof without raw identifiers",[13,89,90],{},"Trial abuse prevention needs some machine-level signal, but this should not mean shipping raw hardware identifiers.",[13,92,93],{},"Brand Peel's desktop client generates a device proof model with:",[39,95,96,99,102,105],{},[42,97,98],{},"machine fingerprint input from OS/CPU/arch context",[42,100,101],{},"installation identifier",[42,103,104],{},"SHA-256 hashing of both values",[42,106,107,108,111],{},"proof version tagging (",[34,109,110],{},"v1",")",[13,113,114],{},"Only hashed values and version headers are sent. The API validates format and version before use.",[13,116,117],{},"This supports one-time starter credit policy enforcement while reducing exposure of raw device attributes.",[23,119,121],{"id":120},"_4-usage-and-billing-boundaries","4) Usage and billing boundaries",[13,123,124],{},"Server-side schemas separate responsibilities across:",[39,126,127,130,133],{},[42,128,129],{},"credit balance and credit transaction records",[42,131,132],{},"trial machine claim records",[42,134,135],{},"subscription usage cycles and usage events",[13,137,138],{},"That means trial grants, paid quotas, consumption, and refunds can be tracked with clear event boundaries instead of opaque counters.",[13,140,141],{},"It also supports explicit billing-cycle usage windows for Pro plans.",[23,143,145],{"id":144},"_5-why-this-architecture-is-useful-for-real-teams","5) Why this architecture is useful for real teams",[13,147,148],{},"For privacy-conscious teams, this model has practical benefits:",[39,150,151,154,157,160],{},[42,152,153],{},"local control of high-context brand artifacts",[42,155,156],{},"explicit network boundary for AI operations",[42,158,159],{},"auditable usage/billing behavior",[42,161,162],{},"reduced abuse pressure that helps keep pricing stable",[23,164,166],{"id":165},"_6-limits-and-tradeoffs-important","6) Limits and tradeoffs (important)",[13,168,169],{},"No architecture removes all risk.",[13,171,172],{},"In this model, local data protection still depends on endpoint security practices on your machine. And when you call AI services, request payloads necessarily transit to backend infrastructure for processing.",[13,174,175],{},"So the right way to read \"privacy-first\" is:",[39,177,178,181,184],{},[42,179,180],{},"local-first artifact storage",[42,182,183],{},"explicit and minimized metadata for trial controls",[42,185,186],{},"encrypted transport for network operations",[13,188,189],{},"Not \"no data ever leaves your device under any circumstance.\"",[23,191,193],{"id":192},"the-short-version","The short version",[13,195,196],{},"Brand Peel privacy posture is built around clear boundaries:",[198,199,200,203,206,209],"ol",{},[42,201,202],{},"keep core project artifacts local",[42,204,205],{},"use encrypted calls for generation and account operations",[42,207,208],{},"use hashed device proof for trial integrity",[42,210,211],{},"track usage with explicit, auditable records",[13,213,214,215,220],{},"If you want the current plan limits and usage model, check ",[216,217,219],"a",{"href":218},"/pricing","pricing",".",[13,222,223,224,220],{},"If you want to evaluate the desktop workflow directly, download the app: ",[216,225,229],{"href":226,"rel":227},"https://brandpeel.merginit.com",[228],"nofollow","brandpeel.merginit.com",{"title":231,"searchDepth":232,"depth":232,"links":233},"",2,[234,235,236,237,238,239,240],{"id":25,"depth":232,"text":26},{"id":62,"depth":232,"text":63},{"id":86,"depth":232,"text":87},{"id":120,"depth":232,"text":121},{"id":144,"depth":232,"text":145},{"id":165,"depth":232,"text":166},{"id":192,"depth":232,"text":193},"2026-05-30","Privacy claims should map to architecture. Here is how Brand Peel handles local project storage, network calls, device proof headers, and usage data boundaries.","md",null,{},true,"/blog/privacy-architecture-deep-dive-local-files-and-encrypted-ai-calls",{"title":5,"description":242},"blog/privacy-architecture-deep-dive-local-files-and-encrypted-ai-calls",[251,252,253,254],"privacy","security","desktop","architecture","k_OVZSmcfewoc-fTsZiI076u3YgcMjTlwjp7z3mlND4",1781533939707]