Local by default.
Honest after release.

Ninai keeps the complete vault on your machine. A selected packet leaves the device only when you use it with a cloud AI provider.

MVP model · July 2026
YOUR MACHINE
Complete Ninai vault

Memories · sources · scopes · logs

permission + retrieval + composition
release event2 facts
263 tokens
AI PROVIDER
Selected context packet

The provider’s data policy applies here.

02

Compact memory with evidence.

The MVP stores durable content, memory type, scope, source URI, importance, confidence, timestamps, permission grants, and disclosure logs in SQLite.

  • Decisions, commitments, facts, preferences, procedures, and events
  • Source references such as linear://NIN-42
  • Which client received which memory and why
03

Credentials are not memory.

Ninai rejects common private-key, bearer-token, GitHub-token, and API-key patterns. The hook selects durable outcome fields instead of persisting whole tool responses.

api_key=sk-••••••••[REDACTED_SECRET]
04

One client. Explicit scopes.

A grant applies to a named client and one scope. Access to project memory does not imply access to personal, health, or finance memory. Revocation takes effect on the next recall.

project · allowpreference · allowpersonal · denyhealth · denyfinance · deny
05

An MVP, not a security certification.

The MVP implements the policy layer. It has not completed the controls required for high-risk production data.

  • No SQLCipher or full-database encryption yet
  • No signed and notarized desktop package
  • No prompt-injection classifier or independent audit
  • No cloud sync, account system, or remote relay

Inspect before you trust.

Ninai is open for technical review. Security reports are welcome.

View source ↗security@ninai.io
Continue to installation →