# Your AI Vendor Says 'Trust Us' with Your Data. There's a Better Option. > Source: > Published: 2026-06-05 09:24:34+00:00 Your AI vendor says "trust us" with your data. At the end of June, ByteDance's Doubao (豆包) officially ends its free tier and starts charging for API calls. The discussion in developer communities quickly shifted from pricing to a different question: all this data flowing to cloud AI services every day — where exactly does it go? Around the same time, NVIDIA spent significant stage time at GTC 2026 presenting the full-stack confidential computing capabilities of the Vera Rubin architecture. Jensen Huang's message was clear: future AI chips need to keep data encrypted throughout the computation process, making it inaccessible in plaintext to anyone — including the cloud service provider. Two signals pointing to the same trend: data security in AI services has moved from "someone mentioned it once" to "you need to answer this directly." Most developers have a simple mental model of cloud AI: I send a request, the model returns a result, and my data is gone. The actual data flow is more involved. A typical cloud AI call touches these steps: At each step, data is potentially accessible. Providers typically say "we don't look at your data" and "your data won't be used for training" in their privacy agreements. These are contractual commitments. You need to trust that they'll honor them. This is the "Trust Me" model. If you roughly categorize data protection approaches in AI services, two paradigms emerge: **Trust Me** Data leaves your device and is processed by a third party. The provider guarantees security through contracts, security audits, and compliance certifications. You can't independently verify that your data wasn't accessed — you trust their word. Most cloud AI services operate this way. OpenAI, Anthropic, Doubao, and others. NVIDIA's Vera Rubin confidential computing adds a hardware-level protection layer (TEE — Trusted Execution Environment), encrypting data during computation so even the service provider can't see plaintext. This is a significant upgrade to the Trust Me model, but fundamentally, your data still left your device. **Verify Yourself** Data never leaves your device. Inference runs locally. Screenshots and task descriptions are not uploaded to any external server. You don't need to trust any third party because the data physically stayed put. This is the core advantage of on-device AI. No privacy policy fine print to review. No provider security compliance to evaluate. No cross-border data transfer regulations to worry about. Data doesn't leave the device — that's the simplest and most thorough protection there is. The open-source community is already shipping this model. [Mano-P](https://github.com/Mininglamp-AI/Mano-P) is an Apache 2.0 licensed GUI agent project built for edge devices. It runs inference entirely on-device on Macs with Apple M4 chip and 32GB RAM. In local mode, all screenshots and task descriptions are processed on-device with zero network transmission. The full source code is public and the data flow path is auditable. To avoid swinging to the other extreme: not every scenario requires an on-device solution. A more practical approach is to classify your data into tiers and choose the appropriate processing method for each: **Public Data (D₁)** Searching public information, generating generic copy, translating public documents. The data itself has no sensitivity. Cloud services work fine — pick whichever model is strongest. **Enterprise Data (D₂)** Internal document processing, business data analysis, internal system operations. This involves trade secrets and proprietary information. Best processed in controlled environments: private cloud, edge servers, or security-certified third-party services. **Personal Data (D₃)** Chat histories, private photos, personal financial data, medical records. This is the most sensitive tier, and where on-device AI delivers the most value. Data stays on your hardware, never passes through any third party. What many AI users don't realize is that even routine-looking tasks can involve D₃-level data. Having AI organize your chat messages means your social relationships and communication content go to the cloud. Having AI do your budget means your income and expenses are on someone else's server. Having a GUI agent operate your desktop means screenshots may capture anything currently displayed on screen. GUI agents are one of the most privacy-sensitive AI application categories. With a traditional LLM call, you know what you're sending: a text prompt, a question. But GUI agents continuously capture screen content to understand the current state. Everything on your screen goes into the model. Your bank balance displayed while you're on a banking website. The commercial terms in a contract you're editing. The subject lines of other emails visible while you're composing a reply. A GUI agent needs to "see" all of this to function. If inference runs in the cloud, every screenshot gets uploaded. This is why on-device inference in GUI agent scenarios isn't just "a better option" — in many cases it's a requirement. Mano-P's 4B on-device model achieves roughly 80 tokens/s decode speed on Apple M5 Pro — responsive enough for smooth GUI automation. With the [Cider](https://github.com/Mininglamp-AI/cider) inference acceleration SDK, W8A8 activation quantization delivers approximately 12.7% prefill speedup over the W8A16 baseline. The entire inference pipeline runs locally with no network dependency. The data privacy promise of on-device AI needs open source as the trust foundation. If an on-device AI application claims "data never leaves your device" but the source code is closed, you still can't verify whether it's quietly uploading something in the background. A closed-source on-device app and a cloud service are fundamentally the same trust model — both are "Trust Me." Real "Verify Yourself" requires two conditions: data stays on-device AND source code is auditable. Mano-P is transparent on both counts: fully open-source under Apache 2.0, client source code publicly reviewable, zero external network calls in local mode. The benchmark results are worth noting. The project's 72B evaluation model achieves 58.2% accuracy on OSWorld, ranking #1 among specialized models. On WebRetriever Protocol I, it scores 41.7 NavEval — ahead of Gemini 2.5 Pro at 40.9 and Claude 4.5 at 31.3. Note: the 72B model is used for evaluation; the actual on-device deployment uses the 4B version. Back to the Doubao pricing news. Charging for AI services is a reasonable business model. Good models deserve to be paid for. The real question isn't "should I pay" but "while I'm paying, what's happening to my data." For public information retrieval and generation, cloud services remain the most efficient option. For scenarios involving personal privacy and enterprise confidentiality, spending the cost of a Mac mini to move inference on-device might be the more prudent approach. You can switch tools. Data leaks are irreversible. If you're looking for a GUI agent solution that runs entirely on-device, check out [Mano-P](https://github.com/Mininglamp-AI/Mano-P) on GitHub. Apache 2.0 open source, supports M4+ devices with 32GB RAM, install via `brew tap Mininglamp-AI/tap && brew install mano-cua` . If you find the project useful, a GitHub star would be appreciated.