Who Controls the Privacy-Enhancing Technology Layer?

vektormemory1 pts1 comments

Who Actually Controls The Privacy-Enhancing Technology Layer? | by Vektor Memory | Jul, 2026 | MediumSitemapOpen in appSign up<br>Sign in

Medium Logo

Get app<br>Write

Search

Sign up<br>Sign in

Who Actually Controls The Privacy-Enhancing Technology Layer?

Vektor Memory

13 min read·<br>Just now

Listen

Share

A closer look at what Privacy Enhancing Technology actually means for vector memory and where the software you use every day really stands.<br>Press enter or click to view image in full size

There’s a category of software that nobody threat-modeled yet, and it’s the one most of us are using every day now. Every time you tell an AI agent something, a decision, or a code action, that’s a data collection event. Somewhere, in a data center rack, a provider just wrote down and stored a piece of you.<br>As we’ve moved further into thinking seriously about privacy, we’ve spent a lot of time reading comments on web boards, forums, the usual places people talk honestly when nobody’s watching. There’s a real divide out there. Some users feel powerless, like the decision was already made for them somewhere upstream.<br>Others feel genuinely liberated by what’s happening with current technology, like a door just opened that used to be locked. We sit firmly in the second camp with a strong leaning into privacy, and this piece is really an attempt to explain why and to walk through what’s actually happening under the hood when people talk about privacy in AI software, not just assert it.<br>Most memory products treat this the way software treated user data in 2012. Centralize it, store it in someone else’s cloud, and call the privacy policy the privacy strategy. We built VEKTOR the other way, local-first, zero egress, your SQLite file on your machine. But “we don’t send your data anywhere” is a start, not a finish. So we sat down and asked ourselves a harder question: if we actually held ourselves to the standard the privacy engineering field uses, Privacy Enhancing Technologies, PETs, where would we land?<br>The honest answer is partly there, further along than most competitors, and with real gaps we can name specifically. This piece walks through where we actually stand, what we built and hardened this week to close part of the biggest gap, and what’s still being worked on.<br>We’re not waiting for AI companies, corporations, or governments to define this future for us. That resonates with something we believe at a basic level: people should be in control of their own sovereignty, their own software, not dictated to by Silicon Valley or by any government. It’s an engineering constraint we build against. Local, air-gapped software is your highest ground as a citizen here. No corporation can be told what to do by a government if their reach never touches the provider's cloud because your data or their model was never in it.<br>We all have the ability to decide what software we use, who we support, and how much privacy we hand over to companies and governments. We don’t need to feel powerless. You make a choice every time you click on a set of terms, every time you hit accept or decline on a cookie banner, every time you allow a government to pry further into your software or your home under the guise of “if you haven’t done anything wrong, you have nothing to worry about.”<br>Any time I hear that line, I shake my head. Privacy is a right. It’s not something you forfeit based on your ability to prove innocence. It exists to protect human dignity, autonomy, and civil liberties, not to shift the burden onto the individual to demonstrate they aren’t guilty of something.<br>What “local-first” actually means, mechanically<br>“Local-first” gets used loosely in this industry, so we’d rather be precise than let it become another empty claim.<br>Your agent’s memory, every fact, preference, correction, and decision it’s ever stored, lives in a single SQLite file on your own machine. SQLite in this case is not a cloud service. It’s a file format, the same category of thing as a spreadsheet or a text document, except structured for fast lookups.<br>There is no process, no background job, no API call built into the system that would ship that file, or any piece of it, to a server we operate. Not because of a policy that says we won’t. Because the code path that would do it was never written architecturally. A policy is a promise a company can break, quietly, in a future update, under new leadership, after an acquisition. A missing code path is a structural fact you can go and verify yourself by reading the source.<br>The same logic applies to how your agent understands what you’re telling it. Most AI memory products compute embeddings, the numerical representation of meaning a system searches over, by sending your text to a cloud API.<br>That’s a second, quieter place your data leaves the building, easy to miss because it doesn’t look like storage, it looks like a normal API call in a network log. We compute embeddings locally, on your own hardware, using a small model that...

privacy software actually memory time data

Related Articles