SECURITY WHITEPAPER

Security Whitepaper

We believe real security comes from architecture, not promises. This document fully explains how NewMax AI handles your data — open for your review and verification.

Last updated: February 2026

TL;DR

Three Key Takeaways

01

We don't store your data.All conversations, files, and configurations are saved on your local device. Our servers store zero user content.

02

AI conversations go directly to your chosen model provider.We only act as an encrypted relay — no logging, no analysis, no secondary use of your conversations.

03

Don't trust us? Verify it yourself.We provide complete verification methods. You can inspect network traffic anytime to confirm no data is being sent elsewhere.

01

Local-First Architecture

NewMax AI is built on a Local-First architecture. This means all your data — conversations, uploaded files, app settings, model preferences — is stored entirely on your local device. Our servers don't participate in data storage and have no ability to access your local data.

  • Conversations are stored in a local database — never uploaded to the cloud

  • Uploaded files are processed and parsed locally; originals stay in place after processing

  • App settings and user preferences are stored in local configuration files

  • Uninstalling the app completely erases all data — no need to contact us for account deletion

User Device

Chats / Files / Config

All stored locally

HTTPS

NewMax AI

Pass-through · Zero storage

HTTPS

AI Model Provider

OpenAI / Gemini / Kimi

Chosen by the user

When using local models, data never leaves your device

02

AI Message Relay Mechanism

When you use cloud AI models (e.g., OpenAI GPT, Google Gemini, Kimi, Minimax), your conversations are sent to the respective model provider for processing. Our role in this process is a transparent encrypted relay:

  • Messages are transmitted via HTTPS with full TLS protection

  • Zero-log relay — we don't record, cache, or store any conversation content

  • No analysis, annotation, or secondary processing of message content

  • Your data is never used for model training or any other commercial purposes

Bring Your Own API Key

You can enter your own API Key in Settings to connect directly with model providers. In this mode, messages bypass our servers entirely — the data path is shortened to: Your Device → Model Provider API. This is the highest security level.

03

Fully Offline Mode

For scenarios with the strictest data security requirements (legal documents, medical records, financial data), NewMax AI supports local models for physical-level privacy protection:

  • Supports Ollama, LM Studio, and other local model services

  • Full functionality even in physically air-gapped environments

  • Data is generated, processed, and stored entirely on your device

  • Passes even the most rigorous enterprise security audits with confidence

04

What We Collect

Transparency is the foundation of trust. Here's the complete list of what we do and don't collect:

We Collect

  • Anonymous app launch counts
  • Feature usage frequency (anonymous)
  • Crash reports (no conversation content)
  • OS and app version numbers
  • IP address and approximate geolocation (city-level)
  • Skills you choose to publicly share

We Don't Collect

  • Any conversation content or chat history
  • Uploaded files and document content
  • User API keys and credentials
  • Personal identity information (name, email, etc.)
  • Browsing behavior and detailed usage patterns
05

Verify It Yourself

We encourage every user to personally verify our security commitments. Here are the methods you can use:

01

Network Traffic Analysis

Use network analysis tools like Charles, Wireshark, or mitmproxy to monitor all of NewMax AI's network requests. Confirm that only API requests to your chosen AI model provider are made — no data is sent to us or any third party.

02

Local Data Inspection

All data is stored in locally accessible directories. You can browse, export, or delete these files at any time. We don't use hidden directories or encrypted containers to store user data — everything is transparent and visible.

03

Offline Test

Disconnect from the internet, connect a local model, and verify that NewMax AI works fully in a completely offline environment. If data needed to be "phoned home," functionality would degrade offline — but our app runs fully offline.

06

How We Differ from Cloud AI

NewMax AITraditional Cloud AI
Conversation storageLocal deviceCloud servers
Used for trainingNoPossibly
Works offlineYes (local models)No
Data deletionDelete locally, doneRequest needed, unverifiable
Third-party sharingNonePossibly shared with partners
Audit verificationUser can inspect trafficRelies on platform promises

CONTACT

Security is an architecture choice, not a marketing slogan.

If you have any questions about our security mechanisms, or discover anything unusual during verification, please contact us. We value every question — because scrutiny makes us better.

Contact Us