Every time you type a question into ChatGPT, Claude, Gemini, or any other cloud AI, that conversation goes somewhere. It gets stored on servers you don’t control, reviewed by humans for safety and quality purposes, and fed back into training pipelines. Your questions about your health, your finances, your legal situation, your relationships — all of it becomes part of the product.

This isn’t speculation. It’s in the terms of service. Most people just don’t read them.

What Cloud AI Actually Collects

When you use a cloud-based AI assistant, the service typically retains:

  • Every message you send and receive
  • Your IP address and approximate location
  • Device and browser fingerprints
  • Timestamps showing when you’re most active
  • Usage patterns that reveal behavior even without reading content

Some services let you opt out of training data collection. Some actually honor that opt-out. Many don’t, or the opt-out applies only to certain uses of your data while others continue unaffected.

The deeper problem is that even if you trust the company today, you don’t know who owns it in five years, what legal jurisdiction it’ll operate under, or what a future government can compel them to hand over. Your conversation history with an AI is a detailed psychological profile. That data exists until it’s deleted, and most of it never gets deleted.

The Self-Hosted Alternative

Running your own AI assistant means the conversations never leave your infrastructure. There’s no company logging your queries. There’s no training pipeline your questions feed into. There’s no terms of service that can change overnight to expand data retention.

Tools like Hermes Agent let you run a full AI assistant — with memory, scheduled tasks, integrations with messaging platforms, and tool use — on a VPS or home server that you own. The model processing can happen locally or through a privacy-respecting API, but either way the conversation history lives on your machine, encrypted, under your control.

The setup requires some technical comfort. It’s not as frictionless as creating a ChatGPT account. But “requires effort” and “not worth doing” aren’t the same thing.

The Specific Risks of Cloud AI

Prompt injection via your own data. If a cloud AI has access to your files, email, or calendar, an attacker can embed instructions in documents you receive. The AI reads the document and executes the attacker’s commands in your context. Self-hosted systems with careful tool permissions are significantly harder to attack this way.

Legal exposure. Conversations with cloud AI services can potentially be subpoenaed. A self-hosted system where you control the logs — or where logs don’t exist — provides far stronger protection.

Corporate data mining. Your questions reveal what you don’t know, what you’re worried about, what you’re planning. That’s valuable behavioral data even if the answers themselves are never read by a human.

Account compromise. If your cloud AI account gets breached, an attacker gets your entire conversation history. A self-hosted system with no login portal and Tailscale-only access has a fundamentally smaller attack surface.

What “Private AI” Actually Looks Like

A private AI setup has a few core properties:

It runs on infrastructure you control. Either a home server or a VPS with a provider in a privacy-friendly jurisdiction — Iceland, Switzerland, Netherlands. Not US-hosted. Not AWS. Not Google Cloud.

Conversations stay local. No cloud sync, no analytics endpoints, no telemetry. The conversation history is a file on your server, not a row in a database you’ll never see.

Access is gated. The assistant is only reachable over a VPN or mesh network like Tailscale. There’s no public login page to brute force.

You control the memory. What the AI remembers about you is a file you can read, edit, or delete. It’s not a black box maintained by a corporation.

Tool access is scoped. If your AI can search the web or read files, you decided exactly what it can access. You can audit and revoke permissions at any time.

The Tradeoff

Cloud AI is faster to start, easier to use, and often more capable — the large frontier models (GPT-4o, Claude 3.5) are genuinely better than what most people can run locally or afford to run through privacy-respecting APIs.

Self-hosted AI asks you to accept some capability tradeoff in exchange for actual privacy. Whether that tradeoff makes sense depends on what you use the AI for.

If you’re using AI to write marketing copy, the privacy tradeoff is probably acceptable. If you’re using it to work through a legal situation, plan your finances, process medical information, or think through anything sensitive — you should think very carefully about where that conversation lives.

The question to ask is simple: would you be comfortable if your AI provider handed a transcript of your last 100 conversations to your employer, your insurance company, or a government agency?

If the answer is no, your AI shouldn’t be running on someone else’s server.

Getting Started

Running a self-hosted AI assistant is a weekend project, not a career. The core stack:

  1. A VPS — 2GB RAM minimum, preferably Iceland or Switzerland
  2. Hermes Agent installed as a systemd service
  3. Signal or Telegram as the interface (so it works from any device without exposing a web port)
  4. Tailscale locking down the admin interface
  5. A model provider API that doesn’t log — or a local model if you have the hardware

The result is an AI that works on your phone, remembers your preferences, can run scheduled tasks, and has never sent a single message to a US server unless you explicitly asked it to.

That’s the version worth building.