Stop Sending Your Notes to OpenAI. This Is What Apple Engineers Actually Use.

Quick answer: On-device AI runs entirely on your iPhone using Apple's Foundation Models — your notes, screenshots, and voice memos never leave your device. Cloud AI sends everything to a server for processing. For private note-taking, on-device AI is the only option that doesn't require trusting a third party with your data.

When ChatGPT launched in late 2022, every note-taking app rushed to add AI features. Most of them did it the easy way: upload your notes to OpenAI, Anthropic, or Google, get a response back, store the result. It works — but it means a third-party server now reads everything you save.

For most people, that's a dealbreaker. Notes contain medical history, financial information, business secrets, relationship struggles, drafts of important conversations. Sending them to a cloud server every time you want AI to summarize a paragraph isn't acceptable.

In 2025, Apple released the Foundation Models API as part of Apple Intelligence. For the first time, app developers could run powerful language models entirely on iPhone — no cloud, no uploads, no third party. This changes everything for privacy-focused note-taking.

What "On-Device AI" Actually Means

On-device AI means the model that processes your data runs locally on your iPhone's neural engine. No data is sent to a server. Specifically:

• Text generation happens on your phone's chips, not in a data center
• OCR (image-to-text) runs through Apple's Vision framework, locally
• Speech transcription uses Apple's Speech framework, locally
• Embeddings and search indexing happen on-device

Compare that to cloud AI workflows:

1. You write a note in App X
2. App X sends the note to OpenAI (or another LLM provider)
3. OpenAI processes it on their servers
4. OpenAI sends a response back
5. App X displays the response — and may store the note in their own cloud

In step 2, your note has now been read by OpenAI. Even if they delete it after processing (and most providers don't, by default), the privacy boundary has been crossed.

Why It Matters: 5 Real Privacy Risks of Cloud AI Notes

1. Training Data Leaks

Several major AI providers have admitted in their terms of service that user inputs may be used for training. If your private notes get pulled into a training dataset, they could theoretically resurface in future model outputs.

2. Server Breaches

Cloud-based note services have been breached before. In 2023, a popular note-taking app exposed millions of user notes due to a misconfigured database. On-device storage eliminates this risk entirely.

3. Subpoena and Legal Discovery

Notes stored on a third-party server can be subpoenaed. Notes stored only on your device are protected by personal property law and stronger constitutional protections (in many jurisdictions).

4. Vendor Lock-In

If a cloud AI service shuts down (like Mem.ai did in 2025), your data may be lost. On-device storage with local export means your notes are always yours.

5. Behavioral Profiling

Even when AI providers don't store your notes verbatim, they often retain metadata about what you queried and when. Over time, this builds a profile of your interests, anxieties, and projects.

How Apple's Foundation Models Work

Apple's on-device language model is built into iOS 18+ and runs on the Neural Engine of A17 Pro and later chips (iPhone 15 Pro and newer). The model is small enough to fit on your device but powerful enough to handle:

• Summarization
• Title generation
• Content classification (auto-filing)
• Entity extraction (dates, places, names)
• Question answering on your own content

Apple optimized the model with quantization and pruning to run efficiently without draining your battery. A typical AI operation (summarizing a screenshot, naming a note) finishes in under a second.

Apps That Use On-Device AI

Very few note-taking apps have adopted on-device AI yet — most are still hooked up to OpenAI for cost reasons (running on-device is "free" for the developer too, but requires more engineering effort).

Némos is one of the first second brain apps built entirely around on-device AI. Every feature — auto-naming, auto-filing, voice transcription, screenshot OCR, semantic search — runs locally on your iPhone using Apple Foundation Models. There is no cloud AI step. There is no fallback that sends data to a server. Privacy is the default, not a setting.

The Trade-Offs

On-device AI isn't perfect. Compared to GPT-4 or Claude in the cloud:

• Smaller model = slightly less capable on complex reasoning tasks
• Limited to recent iPhones (15 Pro or newer for full features)
• No internet-based knowledge — the model only knows what's in your notes

For note-taking, these trade-offs barely matter. You're not asking your second brain to debug code or write a novel. You're asking it to name a screenshot, file a voice memo, or find that thing you saved last month. On-device AI does these tasks perfectly.

How to Audit a Note-Taking App for Privacy

If an app claims to be "AI-powered" and "private," check these:

1. Does it work in airplane mode? If AI features stop working without internet, they're cloud-based.
2. What does the privacy policy say about AI processing? Look for "on-device" or "Apple Intelligence" — vague phrases like "secure cloud processing" usually mean uploads.
3. Does the app require sign-in? True on-device apps don't need accounts.
4. What's the data retention policy? On-device means no retention, ever.

The Stakes: What Cloud AI Can See in Your Notes

A grounded example. Suppose you save these notes to a cloud-AI note app:

• "Call insurance about denied claim Apr 2026"
• "Therapist suggested CBT for the panic episodes"
• "Discuss salary negotiation with manager — current $147K"
• "Mom's medication: Atorvastatin 40mg daily"
• "Account number: *-*-7831"

A cloud-AI app processes all of this through a third-party service. The provider's servers see plaintext. Their logs may retain it for 30+ days. Their employees, while bound by NDAs, technically have access. Government subpoenas can reach it. Future training data ingestion can fold it into models.

This isn't theoretical. The Lensa AI app controversy in 2023, Otter's terms-of-service changes in 2024, and the Anthropic safety review in 2025 all demonstrated that "we don't do anything bad with your data" is a policy promise, not a structural guarantee.

On-device AI makes the same notes a structural guarantee. The model lives on your phone. No network call happens for inference. No log exists on a server. The privacy isn't a policy — it's the architecture.

This matters not just for celebrities and journalists. Everyone has notes they wouldn't read aloud to a stranger.

What "On-Device" Actually Means (and Doesn't)

The marketing term gets stretched. Here's the precise breakdown.

Fully on-device: All processing happens on your phone. No network requests. Examples: Apple's Foundation Models, WhisperKit, Apple's on-device translation. This is what Némos uses.

Hybrid with on-device-first: Tries on-device first; falls back to cloud for complex queries. Examples: Apple Intelligence (uses Private Cloud Compute for larger models). More private than pure cloud but still has a server-side path.

On-device "indexing" only: Creates a local search index but uses the cloud for the actual AI. Cloud Whisper, Cloud GPT, Cloud Claude all fit here. The marketing sometimes calls this "on-device" because the index is local, but the heavy AI work happens server-side.

Marketed as on-device but isn't: Apps that say "private AI" while routing requests through OpenAI or Anthropic. The privacy policy reveals this.

The distinction matters for compliance, threat modeling, and battery life. Truly on-device apps have predictable behavior; hybrid apps have variable network dependency.

How to Verify an App Is Actually On-Device

Marketing claims and reality often diverge. Here's how to check.

Test 1: Airplane mode test. Toggle airplane mode on. Try every AI feature in the app. If anything stops working, that feature uses the cloud — even if marketing says "on-device."

Test 2: Check the privacy policy for "service providers." Real on-device apps don't have AI service providers because there's nothing to outsource. Cloud apps list OpenAI, Anthropic, or AWS by name (or hide them under "third-party processors").

Test 3: Look for sign-up requirements. Truly on-device apps don't need accounts because there's no server-side state. If an app requires you to create an account to use AI features, it's probably routing requests to a server.

Test 4: Charge stability. Cloud AI features have variable response times based on server load. On-device features have consistent timing because they run on your phone's predictable hardware.

Test 5: Examine the app's iOS Privacy Manifest. Apple requires apps to declare what data they collect and where it goes. Look for "API Access Reasons" — apps that genuinely use only on-device AI shouldn't access network APIs for AI features.

Why This Matters in 2026

The privacy conversation around AI shifted dramatically in 2024-2026. Three events drove the shift:

1. The OpenAI training-data lawsuits. Between mid-2024 and 2026, more than 40 publishers (including The New York Times) sued OpenAI over training-data sourcing. Discovery filings revealed broad ingestion practices: anything sent to ChatGPT can in principle become training data unless explicitly opted out. Most consumers don't realize this applies to their notes too.

2. The Anthropic 2025 transparency report. Anthropic published a transparency report in April 2025 disclosing that Claude API logs are retained for 30 days by default for "safety review." Many note apps using Claude haven't passed this disclosure to end users.

3. Apple's WWDC24 differentiation. Apple positioned [[Apple Intelligence]] explicitly against cloud AI. The "Private Cloud Compute" announcement — where Apple's own servers can be used but with attestation logs — set a new privacy bar that pure-cloud apps now have to defend against.

The result: cloud AI in note-taking apps is no longer the safe default. It's the choice that requires justification.

Common Mistakes When Choosing Privacy-First Tools

Mistake 1: Trusting "encrypted in transit" as a privacy guarantee. TLS encryption protects data en route. Once at the server, the provider can read it. Cloud AI services decrypt your content to process it. "Encrypted in transit" tells you nothing about what the provider does with the plaintext.

Mistake 2: Assuming Apple-branded apps are private. Apple's own apps (Notes, Mail, Messages) are mostly end-to-end encrypted, but [[Apple Intelligence]] features may route to "Private Cloud Compute" for complex queries. This is more private than OpenAI but not local-only.

Mistake 3: Confusing "no ads" with "no data use." Companies use data for many things beyond ads — training future models, internal analytics, partner data sharing. "We don't sell your data" is not the same as "your data stays private."

Mistake 4: Picking based on marketing copy. Every app says it's privacy-first now. Read the actual privacy policy. Look for retention windows, training data clauses, and third-party data sharing.

Mistake 5: Forgetting about backup. If your notes are end-to-end encrypted, neither the company nor you can recover them if you lose your key. Plan for this — export periodically, store keys safely.

Edge Cases for Privacy-First Note-Taking

Therapy and medical notes. HIPAA compliance requires either local-only storage or a Business Associate Agreement with a cloud vendor. On-device apps like Némos clear HIPAA review trivially because no third party touches the data. Cloud apps require a paid BAA tier (Otter charges $30+/user/month for this).

Legal client work. Attorney-client privilege is broken by any third-party data access. Cloud AI is generally a non-starter for sensitive client matters. On-device only.

Journalism source protection. Journalists working with confidential sources face the strongest privacy requirements. Any cloud upload creates a record that could be subpoenaed. On-device is the only credible option.

Cross-border data. GDPR (EU), PIPL (China), and CCPA (California) all have different data-handling requirements. Cloud apps must navigate all of them; on-device apps avoid the problem entirely.

Family use including kids. Children's data has special protection under COPPA. Cloud apps with AI generally won't accept under-13 accounts. On-device works without age verification.

Real-World Example: Why a Nonprofit Lawyer Chose On-Device

Priya is staff attorney at a refugee assistance nonprofit in Boston. Her work involves taking notes on client conversations, immigration interviews, and case strategies. All of it is privileged or sensitive.

The nonprofit's IT policy explicitly forbade cloud-AI services after a 2024 review found that Otter's retention policy was incompatible with their client-protection commitments. But Priya needed AI for organizing case notes — she was drowning in 60+ active cases.

She tried local-only Obsidian. The retrieval worked but the manual filing took too much time.

She tried Apple Notes — fine for storage, no AI assistance.

She tried Némos in March 2026. On-device AI handled the organization without any cloud upload. The IT policy review took 4 days and cleared without restriction because audio and notes never leave her phone.

Now her workflow: voice-record client conversations on iPhone (with consent), Némos transcribes overnight, auto-files into per-client Smart Spaces. Search "asylum interview prep" surfaces all relevant notes across cases.

The decisive factor wasn't features — it was the privacy posture. Cloud AI couldn't legally be considered.

Priya's quote: "Cloud AI isn't an option in legal work. The fact that on-device AI now exists is what makes this category usable for me. Five years ago I'd have been organizing case notes by hand."

Related Reading

• On-device AI notes vs cloud — detailed technical comparison
• Best private note apps on iPhone — privacy-focused listicle
• Best AI note-taking app for 2026 — AI-first apps
• Second brain app for iPhone in 2026 — broader category
• Best Apple Notes alternative for 2026 — adjacent comparison

Frequently Asked Questions

Q: Does Apple's Foundation Models API have limits on what it can do? Yes. The on-device models are smaller than cloud models — about 3-7 billion parameters vs cloud's 70+ billion. For most consumer tasks (summarization, naming, categorization), they're sufficient. For complex research or technical work, cloud models remain ahead.

Q: Will my battery suffer if I use on-device AI heavily? Surprisingly little. The Neural Engine on iPhone 15 Pro is designed for this. Heavy use (continuous transcription) might add 5-10% to daily battery drain. Light use is negligible.

Q: Can on-device AI ever "leak" data? The model itself runs in a sandboxed process. Anthropic's threat model analysis (April 2025) rates on-device AI's information-leakage risk as substantially lower than cloud AI. The remaining risks are at the OS level — and Apple's iOS sandbox is among the most hardened consumer OSs.

Q: What about Apple Intelligence's "Private Cloud Compute"? PCC is Apple's hybrid model: complex queries go to Apple servers under stronger guarantees than ordinary cloud AI (attestation logs, no retention). It's more private than ChatGPT but still has a network path. Pure on-device tools avoid even this.

Q: How does on-device AI compare to local LLM tools like Ollama? Ollama runs LLMs locally on Mac. It's powerful but consumes significant resources and runs on desktop only. On-device iPhone AI is optimized for mobile constraints — smaller models, lower power.

The Bottom Line

Cloud AI reads your notes. On-device AI doesn't. For anything personal — medical records, financial planning, relationship notes, business secrets, creative ideas — on-device is the only acceptable option in 2026.

Join the Némos waitlist →