Trust & security
Last updated June 13, 2026
Why "local" is the strongest guarantee
Most AI products ask you to trust a privacy policy: that a company won't read, store, or train on what you type. Garnet removes the need for that trust. The downloaded app does the thinking on your machine, so there is simply no outbound copy of your conversation to protect. You can prove it to yourself — unplug your internet and Garnet keeps answering.
The one exception: the demo on this site
The quick "try it" chat on the homepage runs on Garnet's secure cloud (Cloudflare Workers AI) so anyone can try it instantly without a download — those messages aren't stored or used for training. The Garnet you install does not use that path; it runs entirely on your machine. We call this out plainly rather than blur the line.
How your data is handled on the website
The website itself only handles what you give it: a booking or waitlist email, and minimal, privacy-respecting traffic analytics (no advertising profiles). It's hosted on Cloudflare and email is sent through our own mail server — that's the full list of who touches your data. See the Privacy Policy for specifics and your rights.
What we're honest about not being
Garnet is an early, independent consumer product. We are not SOC 2, ISO 27001, or HIPAA certified, and we won't claim to be. If you have regulated-compliance requirements, choose a vendor whose certifications match them. What we offer instead is a design where the sensitive data never leaves your device in the first place — and we'd rather tell you that than sell you a badge.
Reporting a security issue
Found a vulnerability? Email security@garnetgrid.com with a description and a reproducible proof of concept. We aim to acknowledge within 24 hours and will not pursue legal action against good-faith research. We don't run a paid bounty, but we'll credit you (with your consent) for material findings.