Your phone processes everything. The server holds only ciphertext. Your keys never leave your device.
We cannot read your data — not because we promise not to, but because the system makes it impossible.
Toggle each switch to see how your data flows. Each is independent.
| Feature | What leaves | Who sees content | Correlatable to you |
|---|---|---|---|
| AI processing Atomization, entity extraction, analysis |
Entry text (via proxy) | AI providers (round-robin, no user ID) | No |
| Embeddings | Nothing (on-device) | Nobody — never leaves phone | No |
| Cloud sync | Ciphertext | Nobody (encrypted before transit) | No (ciphertext) |
| Cloud vector search (add-on) Semantic, smart, and raw search modes |
Vector embeddings (not raw text) | Search index (vectors only, not reversible) | No |
| Telegram capture | Nothing extra (inbound only) | Proxy encrypts on arrival | No |
| MCP integration Capture, search, retrieval, status, context |
Queries + results (via proxy) | Proxy (stateless, no logs) | No |
We designed TameYeti so that we hold only ciphertext — encrypted content we cannot read, even under compulsion.
Your phone is the processor. The server is a proxy. Your keys never leave your device.
| TameYeti | Typical "private" app | Cloud journal | |
|---|---|---|---|
| Where is your data? | Your phone | Their server | Their server |
| Who processes it? | Your phone | Their server | Their server |
| Can they read it? | No (ciphertext only) | Yes | Yes |
| Subpoena-proof? | Yes (nothing readable) | No | No |
| Train on your data? | No (verified DPAs) | "We don't" (trust us) | Often yes |
| Works offline? | Full functionality | Partial | No |
| Multi-device? | Optional (encrypted sync) | Yes (plaintext on server) | Yes (plaintext on server) |
| Who holds the keys? | You (device Secure Enclave) | Provider | Provider |