What Gets Stored Gets Leaked
Researchers discovered that IDMerit — a cloud-based identity verification company that helps banks confirm who you are — left roughly one billion identity records sitting on the open internet. No password. No encryption. Just names, addresses, dates of birth, national ID numbers, and Social Security numbers. For 203 million Americans. Accessible to anyone who knew where to look.
The coverage has focused on IDMerit's negligence. That's understandable. But it's the wrong frame. The negligence isn't the point. The architecture is the point.
You Trusted a Bank. The Bank Trusted a Stranger.
Here's what actually happened: you opened a bank account. The bank asked you to verify your identity — standard Know Your Customer compliance. You uploaded your ID and provided your personal details. The bank handed all of that to IDMerit, a third-party cloud service you've almost certainly never heard of. IDMerit stored it in a database. The database had no password.
You made one decision — to trust your bank. But that decision traveled down a chain you couldn't see, and somewhere in that chain, basic security controls failed. This is not a story about one bad company. This is a story about what happens when sensitive data must leave your device at all.
You can't breach what was never stored. You can't leak what was never sent.
The Attack Surface Is the Architecture
Every system that collects your data creates an attack surface. It doesn't matter how good the security team is. Every server can be misconfigured. Every database can be exposed. Every vendor relationship extends the blast radius of a single failure. The only way to eliminate that surface is to eliminate the collection.
This is not a theoretical position. It's an engineering decision we made from day one. Private Assistant — our on-device AI — processes everything locally. It reads your calendar, drafts your emails, manages your tasks, and handles your personal information without any of it leaving your phone. There is no server receiving your data. There is no database that can be left unprotected. There is no vendor relationship to go wrong.
When there is nothing to breach, there is nothing to breach.
What "Privacy-First" Actually Means
The industry has trained people to evaluate privacy by reading policy documents. Does the company anonymize data? Do they sell to third parties? Is the server in Europe? These are the wrong questions, because they all assume the data left your device in the first place.
The right question is: does this company have my data at all?
If the answer is yes — even if they promise to protect it, anonymize it, or delete it on request — you are trusting a chain of humans and systems you cannot audit, over a time horizon you cannot predict. IDMerit's database was exposed for months before researchers discovered it. Automated bots scan the internet constantly and can copy exposed databases within minutes.
No privacy policy survives a misconfigured server.
The Architecture That Makes Breach Impossible
On-device processing isn't a premium feature. It's the only architectural choice that addresses the root cause instead of managing the symptoms. When your AI assistant runs on your phone, your data never travels to our infrastructure — because it has no reason to. The model is on your device. The processing is on your device. The results are on your device.
We cannot be IDMerit'd. Not because we have better security. Because we don't have your data.
That's the difference between a better lock and a door that doesn't exist. One billion records were exposed this week because someone forgot to put a lock on the door. We built our product so the door doesn't have to exist at all.
Private Assistant: AI that runs on your device. Not someone else's server.
See How It Works →