Early draft — longer version landing soon.
Self-hosting an LLM is a real answer to data-privacy concerns — and it’s almost never the right answer for a 10-person business. The total cost of ownership is high, the model quality gap is real, and most teams don’t have the infra chops to keep it running.
So how do we handle privacy when the model lives on an API?
The practical playbook
- Vendor selection matters more than self-hosting. Pick a provider that contractually does not train on your data, documents retention periods, and offers an EU-resident endpoint if you need one.
- Minimise what leaves your systems. Classify documents client-side before they’re sent. Strip personal identifiers that aren’t relevant to the task. Send the smallest prompt that still works.
- Log what leaves. Every outbound call should be audit-able. Cheap insurance when someone eventually asks.
- Be honest about what the tradeoff is. A client deserves to know what’s being sent, where it’s being processed, and for how long.
We don’t promise zero-knowledge. We promise small, documented surface area.
