Nano GPT logo
NanoGPT

Private AI

Back to Blog

A Practical Privacy Stack for AI Chats

Jul 16, 2026

“Is this AI chat private?” can mean several different things.

You might be asking whether the chat is saved, whether someone using your computer can open it, whether the prompt contains personal information, whether the model provider keeps a copy, or whether NanoGPT can read the prompt while routing it.

Those are separate risks. No single privacy switch covers all of them.

The practical approach is to combine a few simple controls based on what you are trying to protect.

1. Do not save chats you do not need

Start by keeping less history.

Enable Incognito by default in Settings → Conversation and every new chat will start in incognito mode. It will not be added to your saved conversation history unless you choose Save.

This works well for quick questions, pasted snippets, and one-off tasks you do not need later.

Incognito only controls whether NanoGPT saves the chat in your normal history. It does not hide the prompt from the model, change the provider's data policy, or make your account anonymous.

2. Protect sensitive saved chats with a passkey

Some conversations are worth saving but should not be visible to anyone who opens your browser.

You can protect an individual conversation with a passkey. While it is locked, NanoGPT hides its real title and preview. Opening it requires passkey verification, and it locks again after the window has been unfocused or hidden for five minutes.

This is useful on shared or unlocked devices, but it is important to understand the limit: the passkey protects access through the NanoGPT interface. It does not encrypt the underlying local conversation data or change who saw the prompt when the chat originally ran.

3. Decide whether conversation history should sync

By default, saved NanoGPT conversations stay in your browser. They are not synced to other devices unless you turn sync on.

Leaving sync off is the simplest choice if you only use one device. If you need cross-device history, use a user-held passphrase or passkey for stronger protection. You can also use your own compatible storage instead of NanoGPT's default storage option.

Storage settings protect saved history. They do not change what the model sees while answering a live request.

4. Remove personal details before sending them

Sometimes the sensitive part of a prompt is only a name, email address, phone number, IP address, payment detail, or credential inside otherwise useful text.

PII redaction masks supported personal information before the model receives it and restores those values in the reply when possible. Credential-like secrets are replaced permanently rather than restored.

This is useful for support tickets, logs, customer messages, and prompts built from application data.

Redaction is a safety net, not a guarantee. Unusual formats can be missed, and a piece of writing can still identify someone even after the obvious fields are removed. Do not paste a secret just because redaction is enabled.

5. Check the model's privacy information

For a normal AI request, the service running the model needs to read the prompt in order to answer it.

The next question is what happens afterward. NanoGPT shows privacy information for supported model routes, including whether prompts are kept and whether they may be used for training.

A zero-data-retention label is useful, but it does not mean the model service never sees the prompt. It means the service promises not to keep it after processing under the stated policy.

Provider policies can change, so check the current privacy label rather than relying on an old recommendation.

6. Use Private Mode when NanoGPT should not read the chat body

NanoGPT offers models that run in Trusted Execution Environments, usually shortened to TEE. These use protected computing environments designed to isolate the model while it processes a request.

There are two different ways to use them:

  • With a normal TEE model request, NanoGPT receives the prompt and routes it to the protected model environment.
  • With browser-encrypted Private Mode, your browser encrypts the prompt before NanoGPT receives it.

Private Mode lets NanoGPT route and bill an eligible request without reading the prompt or answer body. The protected model environment still sees the plaintext because the model has to process it.

Private Mode protects the contents of the chat, not your identity. NanoGPT still sees information needed to run the service, such as your account or API key, selected model, timing, request size, status, and usage.

It currently works best for eligible plain-text chats. Attachments, web search, Projects, scraped pages, and other extra features may use separate paths and are not automatically covered.

For more detail, read Trusted Execution Environments and confidential AI.

7. Treat anonymity as a separate problem

A private prompt can still be linked to an account, payment method, or network connection.

NanoGPT can be used without an account, which reduces account-level linking but does not make a connection anonymous. Cards, payment processors, public cryptocurrency ledgers, and privacy-focused cryptocurrencies also leave different kinds of records.

Network privacy is another separate layer. The NanoGPT Privacy Guide cannot tell whether your VPN, Tor, DNS, browser fingerprint, or IP setup is private.

Incognito chats, redaction, TEE models, and Private Mode do not solve identity and network privacy by themselves.

Three practical setups

Everyday privacy

  • Turn on Incognito by default.
  • Leave sync off unless you need it.
  • Passkey-protect sensitive saved conversations.
  • Use PII redaction for customer messages, records, or logs.
  • Prefer a model route with a suitable current privacy label.

Confidential plain-text work

  • Remove unnecessary names, identifiers, and secrets.
  • Use browser-encrypted Private Mode with an eligible TEE model.
  • Keep the conversation incognito or save it only when needed.
  • Avoid extra features unless they are clearly shown as covered by the encrypted path.

Research and tool-heavy chats

  • Assume web searches, fetched pages, Project files, and tool inputs may follow additional data paths.
  • Redact supported personal details where useful.
  • Check the privacy policies of the model and tools involved.
  • Do not send confidential material merely because the final model has a privacy label.

Use the Privacy Guide as a checklist

The NanoGPT Privacy Guide checks settings NanoGPT can inspect, including account access, payment history, model privacy labels, PII redaction, and conversation storage.

It is a checklist, not a certification. It cannot tell whether your prompt contains a trade secret, whether your device is compromised, or whether your network connection is anonymous.

Start with the information you want to protect, decide who should not see or keep it, and choose the layers that address those risks.

Milan de Reede

Milan de Reede

CEO & Co-Founder

milan@nano-gpt.com
Back to Blog