Privacy guide

Take full control of your privacy

NanoGPT is private by default. This guide shows how to push it further — five privacy areas, from staying anonymous to locking down storage, with no hand-waving about the limits.

No account

Privacy coins

TEE models

PII redaction

Local-first

New here? Start with the privacy explainer.

Check your setup

How private are you right now?

Your privacy snapshot

Checking...

Baseline

Anonymous

Payments

Models

Redaction

Storage & Sync

NanoGPT baseline — already more private than most assistants: local history, isolated conversations, no account or email required.

Anonymous account

Checking

Account setup only: no account, sign-in token, or email login passes. Network/VPN/Tor is not checked.

Automatic scoring is loading for this area.

Private payments

Checking

Deposit history is checked: Stripe fails, non-privacy crypto is partial, and privacy coins pass.

Automatic scoring is loading for this area.

TEE / Private models

Standard model selected

0 / 2

Private Mode is a full pass; selecting a TEE/private model without browser encryption is partial.

Select a model tagged TEE or Private to improve this area.

Choose a TEE or Private Mode model

PII redaction

PII redaction off

0 / 1

PII redaction is either off or on. Chat redaction or API default redaction counts as on.

Turn on PII redaction before sending sensitive chat or API prompts.

Turn on chat redaction

Storage & sync

Sync off

2 / 2

Sync off passes. Passphrase or passkey sync passes. Platform envelope sync is partial.

Remote conversation sync is not enabled.

The default setup already beats most assistants

Before you change a single setting, NanoGPT's defaults are stronger than mainstream assistants like ChatGPT or Gemini:

No sign-up — NanoGPT works fully without an email or account; assistants like ChatGPT and Gemini typically require one.

Local-first history — your chats live in your browser, not stored on our servers under your name.

No training on your data — we never train on your prompts or outputs; many consumer assistants do by default unless you opt out.

Isolated requests — we don’t attach your account identity to the model provider that answers you.

The playbook

Five privacy areas to improve

Each area closes off another way your usage could be linked back to you. Work down the list, or cherry-pick what fits.

Area 1

Stay anonymous

Use NanoGPT without ever attaching your identity.

No account passes this area. A revocable sign-in token also passes because it lets you move between devices without social login.

Prefer an account? Email/password or email sign-in passes; Google and GitHub do not.

Network privacy is not scored here. We do not check your VPN, Tor, or IP setup, so treat that as your own separate layer.

Area 2

Pay with privacy coins

Keep the payment from pointing back at you.

Monero (XMR) passes because it hides senders, receivers, and amounts on-chain.

Zcash (ZEC), Dash, Litecoin MWEB, and Zano also count as privacy-coin funding when they appear in deposit history.

Nano, Bitcoin, Ethereum, stablecoins, and other public-ledger crypto get partial credit; Stripe or card deposits fail this area.

Area 3

Run prompts in TEE models

Protect your prompt even while it’s being processed.

Browser Private Mode on a private-capable TEE model gets a full pass because your browser verifies attestation before sending an encrypted request.

Selecting a model tagged “TEE” or “Private” without Browser Private Mode gets partial credit: it still uses confidential-compute routing, but it is not the strongest browser-encrypted path.

Standard provider models do not pass this area.

Guarantees vary by provider path: standard routes still let NanoGPT see the request before routing, while browser Private Mode encrypts on your device first. Check the TEE Verification docs or our TEE blog post.

Area 4

Redact PII before models see it

Strip names, emails, and numbers out of the prompt automatically.

Grepture masks supported PII before the provider receives it, then restores it in the reply.

The score treats PII redaction as on or off: chat redaction or API default redaction counts as on.

Costs $0.0005 per redacted request and can slightly alter prompts.

Credential-like secrets become safe labels and are never restored — don’t paste secrets you need echoed back.

Area 5

Lock down storage

Decide where your conversations live — and who can read them.

Local by default — history stays in your browser; nothing syncs unless you turn it on.

Passphrase or passkey sync passes the content-protection score because the sync key is user-held. Platform envelope encryption is partial because the server helps handle encryption.

Bring your own storage — point sync at your own S3-compatible bucket; we keep only the encrypted credentials.

The honest limits

No setup makes you invisible, and we'd rather be precise than reassuring:

Outside browser-encrypted Private Mode, providers receive your prompt content — that’s what answers it. Redaction masks PII, but freeform identifying context stays if you write it.

TEE attestation proves what code ran in the enclave; it doesn’t by itself secure every network hop.

Crypto isn’t automatically anonymous — processors and public ledgers can expose wallets, amounts, and IDs. Monero plus KYC-free acquisition is what breaks the link.

Your habits matter most: a VPN doesn’t help if you sign in with your work email.

FAQ

Common privacy questions

Do you train on my conversations?

What do you store when my history is local?

How do I delete my data?

What do the model providers keep?

Are sharing links and Memory private?

Cookies and analytics?

Improve the areas that matter for your threat model

No identity on file, history only you can read, payments that are hard to trace, masked PII, and prompts processed in attested hardware. None of it is absolute — each area just shrinks what anyone can learn about you.

Read the full privacy explainer