recal.Get early access
All posts
#local-first#privacy#vision

Local by default: why a personal AI belongs on your machine

The more an AI knows about how you work, the riskier it is to store off your machine. Local-first isn't a checkbox; it's what makes personal AI possible.

The recal team3 min read

There's a quiet contradiction at the heart of most "AI assistants." To be useful, they need to know you: your projects, your habits, your half-thoughts, the messy reality of your day. But the moment they know you that well, the place that knowledge lives becomes the most sensitive thing you own. And almost every assistant ships that knowledge straight to someone else's servers.

We think that's backwards. A personal AI should be local by default: running on your machine, learning from your life, keeping what it learns on your side of the glass. Not as a feature you toggle on. As the ground everything else is built on.

"Personal" and "in the cloud" are in tension

Cloud AI made sense when the only thing you sent was a single question. A prompt in, an answer out, nothing lingering.

A personal AI is a different animal. It doesn't want one question. It wants context. It works best when it can see the document you're stuck on, the thread you keep rereading, the pattern in how you actually spend your Tuesdays. That continuous, intimate context is exactly what you'd never want sitting in a vendor's database, indexed, retained, and one breach or policy change away from being someone else's.

So you get a forced choice. Keep the AI shallow enough to be safe, or make it deep enough to be useful and accept that the most detailed map of your working life now lives somewhere you can't see. Local-first dissolves the choice. The AI can be as deep as it likes, because the depth never leaves.

What "local-first" actually buys you

It's easy to wave "privacy" around as a slogan. Here's the concrete version, what changes when the model of you lives on your Mac:

  • Nothing to leak that you didn't choose to send. The default isn't "uploaded and hopefully secured." The default is "stays here." Exfiltration isn't a risk you're managing; it's a thing that doesn't happen unless you explicitly ask for it.
  • It works in the dark. On a plane, on bad hotel wifi, in a SCIF, the day the vendor has an outage, your assistant doesn't stop existing because a server far away is unreachable.
  • No rent on your own context. Your history isn't a hostage to a subscription. The understanding recal builds of how you work is an asset you own, not a moat someone else rents back to you.
  • Speed that feels like part of you. The fastest network round-trip can't beat something already running where your work is. Local is what makes an assistant feel ambient instead of remote.

"Local-first," not "local-only"

Being honest: local-first is not a vow of total isolation. There are moments a bigger model in the cloud genuinely helps, and recal can reach for one on your terms, for a specific task, with you knowing it's happening.

The difference is the direction of the default. Cloud-first means everything goes up unless you fight it. Local-first means everything stays unless you send it, deliberately, narrowly, for a reason you chose. The baseline is private; the exceptions are explicit. That inversion is the whole game.

Why this is the foundation, not the finish

We've written before about the trust ladder, how a personal AI earns the right to act by climbing from watching, to suggesting, to doing, one task at a time. None of those rungs are safe to climb if the watching happens somewhere you can't audit.

You would never let an AI learn the fine grain of your work (let alone act on your behalf) if that knowledge were quietly becoming training data, or sitting in a breach waiting to happen. Local-first is what makes the ambition wantable. It's the load-bearing wall. Take it out and the rest of the building can't stand: no honest autonomy, no real trust, no AI you'd actually hand the keys.

The hardware finally agrees with us, too. The machine on your desk is absurdly capable now, with enough memory, enough silicon, enough on-device model quality that "it has to run in the cloud" is more often a business model than a technical limit.

So we're building recal the other way around. Your data stays. The model of how you work stays. The intelligence comes to where your life already is, instead of asking your life to move to where the intelligence is.

That's not a privacy feature bolted onto a personal AI. It's the only honest way to build one.