Local-first AI for confidential work

Ask questions across your confidential files — answered on your own machine, with citations.

An AI workspace that runs entirely on your own computer — your documents never leave the machine. For anyone whose work belongs to a client, a patient, a source, or a court: lawyers, clinicians, accountants, researchers, journalists, and beyond.

Buy a licence — from $199 How it works
  • 30-day refund No questions asked
  • Local-first Nothing leaves your machine
  • Own your licence 3-year term, not a rental

See the product

See it work, before you buy it.

A minute of video and three screenshots will tell you more than any feature list. The actual app, on a real laptop, doing the work.

60-second walkthrough — drop a folder, ask a question, get cited answers.
  1. Screenshot: SealedBrief watching a documents folder being dragged in.

    Drop a folder

    Point SealedBrief at any folder of documents on your machine. Indexing runs locally and incrementally — no cloud upload, no third-party copy.

  2. Screenshot: SealedBrief query box with a question being typed.

    Ask a question

    Type any question in plain language. The retrieval engine pulls the relevant passages from your corpus and hands them to a local LLM.

  3. Screenshot: SealedBrief answer with inline citations linked to source passages.

    Get cited answers

    Every answer cites the source passages. Click any citation to jump straight to the original document — page, paragraph, exact line.

The honest case against cloud AI

What you give up to use cloud AI

  • Your prompts train someone else's model

    Cloud LLM providers reserve the right to retain inputs and reuse them for model improvement. The contract is one-way: you contribute, they keep.

    Source: EFF — Privacy

  • Privileged documents in third-party logs

    Uploading client material to a hosted AI service may breach attorney-client privilege and the duty of confidentiality. Most professional-conduct rules predate the cloud and don't carve an AI exception.

    Source: Attorney–client privilege

  • Air-gapped means air-gapped

    Trade secrets, unpublished research, and work under NDA have no exception for 'just this one prompt'. The cloud is the boundary, and modern AI tooling assumes you don't have one.

    Source: Air gap (networking)

How it works

Two processes. One contract.

SealedBrief runs as two operating-system processes that can't swap roles. One talks to the world. The other never does.

Split-Brain process model Process A (Presentation) on the left talks to the cloud for license validation only. Process B (Compute) on the right runs the LLM and indexes your local documents. The two communicate via IPC queues. Process B has no network egress; the network connection is severed by construction. ☁ sealedbrief.com license + updates Process A Presentation Flet UI License validator Update checker Process B Compute LLM inference RAG + FTS5 + vault OCR + ingestion cmd_queue evt_queue no egress
Process A talks to the world. Process B talks to your documents. They never swap roles.
A Presentation Plane contents
  • The Flet desktop window you actually see
  • License validation against sealedbrief.com
  • Optional update checker
  • NO document content ever crosses this boundary
B Compute Plane contents
  • The local AI model that answers your questions
  • Search across your documents — by keyword and by meaning
  • Reads PDFs, Office files, and scanned images (on-device OCR)
  • Encryption at rest (AES-256-GCM, SQLCipher AES-256)
  • Zero network egress — verifiable with a packet capture during a query session

Regulatory fit · draft

The regulators that bind your work — and how SealedBrief's design addresses the third-party-processing risk.

Every regulator-specific claim below is a legal claim. The text on this page is the engineering team's plain-English first draft; final copy is reviewed and approved by the operator's legal counsel before production deploy.

  • Lawyers

    ABA Model Rule 1.6 + state-bar opinions on AI tooling

    Client confidentiality under Rule 1.6 prohibits sharing privileged information with third parties absent informed consent. Cloud LLM providers are third parties. SealedBrief processes documents entirely on the lawyer's machine — no third party touches the file, the query, or the answer.

  • Clinicians & healthcare

    HIPAA — Privacy + Security Rules

    PHI shared with a cloud AI provider triggers the Business Associate Agreement (BAA) regime. SealedBrief runs on the practice device — the part that processes your documents sends nothing to anyone, so no BAA with us is required. (Your broader HIPAA Security Rule duties — device security, access controls, backups — still apply.)

  • Accountants & advisors

    IRS Pub 4557 + Gramm-Leach-Bliley Safeguards Rule

    Tax preparers and financial advisers must maintain a written information security program covering client PII (SSNs, financial records, etc.). SealedBrief keeps all client data on the practice machine, encrypted at rest, with no upload path. Because no third party is in the data path, the Safeguards Rule's third-party-vendor due-diligence requirement falls away for this tool — your broader security-program obligations remain.

Security evidence

Four claims. Each one verifiable on your own machine.

Marketing claims about confidentiality are easy to write and impossible to audit. Each claim below isn't an assertion — it's something you (or an IT person you trust) can verify on the live software in minutes. Step-by-step instructions ship with the product.

  1. Zero network traffic from the part that handles your documents

    Two processes run when the app is open: one talks to our licence server (and only our licence server); the other handles your documents and never opens a network connection. Monitor every connection the document-handling process tries to make — anything that isn't your own machine talking to itself is an immediate finding. Your IT person can reproduce this in five minutes.

    Network audit Independent network-traffic capture during a query session.

  2. Encryption at rest is real, not just claimed

    Open the database file SealedBrief writes to disk. It must be unreadable randomness — not your document text in a slightly-shuffled form. We pin the entropy floor at 7.5 bits per byte across every encrypted page; anything lower would mean plaintext is leaking through.

    Entropy audit Entropy floor on the encrypted database file.

  3. We pin and wipe the raw key bytes we control — and say what that doesn't cover

    Your encryption key lives in the OS keychain and is read into RAM only while your vault is unlocked. For the raw 32-byte form of the key that SealedBrief handles directly, we ask the OS to pin its memory page out of swap — and on the rare machine that refuses, we log a warning rather than fail silently. The moment we finish deriving your per-record keys from it (an HKDF step), we overwrite those raw bytes with zeros. We will not pretend a dump of the running process finds nothing: while the vault is unlocked your key is genuinely in use, so the keychain and the open database engine each hold their own working copy, and Python cannot force-zero the immutable text form of a key — a live dump can still contain it. Our guarantee is narrower and testable: for the raw key bytes we manage, no copy survives once the per-record keys are derived, and after you lock the vault our own memory-dump scanner finds no copy of those controlled key bytes.

    Key handling Run the heap-scan unit tests (tests/unit/security/test_secure_key_buffer.py) for the raw key buffer, then take a process dump AFTER locking the vault and run scripts/security/scan_memory_for_key.py — it reports zero hits for the raw key bytes we control.

  4. Every metadata field is encrypted, not just the obvious ones

    Per-format coverage test reads the on-disk artefact for each supported document type and asserts no plaintext leaks. New ingestion formats fail this gate until they're wired through the field-encryption layer.

    At-rest audit Forensic check on every persisted document field.

Every claim above is checkable against the binary on your own machine. Walkthroughs ship with the product so you can reproduce the audit step-by-step.

Who built this

Built by one engineer with skin in the game.

Portrait of Alexandre Ashade, founder of SealedBrief.

I built SealedBrief because I watched colleagues paste confidential client documents into ChatGPT to save themselves twenty minutes — and saw nobody flinch. The lawyers and clinicians I know want the productivity. They don't want the contract violation. So I built the version that doesn't ask them to choose: the same retrieval engine, running entirely on the laptop they already own. No data leaves. No trust required of a third party. The audit harness ships in the box.

Alexandre Ashade Engineer · 15+ years building infrastructure for regulated industries

Who it's for

Built for anyone whose work can't go to the cloud.

  • Legal

    Lawyers & legal teams

    litigation, transactional, IP, or immigration — solo to boutique or in-house

    Drops a folder of PDF depositions, contract drafts, and discovery exports into the watch directory. Asks the LLM to summarise opposing counsel's position across 800 pages without uploading a single one. Cites the resulting brief by paragraph and page number, lifted directly from the original PDFs.

  • Healthcare

    Clinicians & healthcare

    therapists, physicians, nurses — anyone handling PHI

    Indexes a private library of session notes, treatment plans, and intake forms — material covered by HIPAA that simply cannot ride a third-party API. Asks the LLM to surface themes across a long-running case, draft a referral letter from the relevant notes, or check a treatment plan against published guidelines. Nothing leaves the practice machine.

  • Finance

    Accountants & advisors

    CPAs, EAs, consultants, and M&A advisors under NDA

    Ingests client returns, 1099s, K-1s, brokerage statements, and a decade of correspondence — all of it bound by client confidentiality. Asks the LLM to spot the line-item that changed year over year, draft a response to an IRS notice, or walk back the basis on an inherited asset. Personally identifiable financial data stays where it belongs.

These are examples, not limits. Researchers, journalists protecting sources, IP and patent teams, consultants under NDA, and anyone with a private corpus they can't paste into the cloud use SealedBrief the same way — in English, Portuguese, or French. If your documents can't leave the machine, it's for you.

What this is not

Honest about what SealedBrief doesn't do.

Every privacy product over-promises. Here is the list of what we don't do — read it before you buy. If something on the list is non-negotiable for your workflow, this isn't the right tool, and we'd rather you know now than ask for a refund in three weeks.

  • The AI can be wrong — verify the citations.

    Answers come from a local open model (Qwen3), not GPT-4. It is grounded in your own documents and cites its sources, but it can still be incomplete or mistaken. Treat every answer as a junior associate's draft: read the cited passages before you rely on it.

  • Needs a real machine to feel fast.

    A 12 GB+ GPU (NVIDIA, or an Apple-Silicon Mac from V1.0.1) gives answers in seconds. It runs on weaker hardware and CPU-only too, but generation is noticeably slower there. If you're on a thin laptop with no GPU, expect tens of seconds per answer.

  • Windows isn't supported yet.

    V1.0 is Linux; macOS arrives in V1.0.1; Windows is V1.1. If you're on Windows today, join the waitlist below — we'll email you the moment the build is ready, and we won't charge you until then.

  • Doesn't transcribe audio or video.

    Still images (PNG, JPG, TIFF) are supported — text is extracted on-device via OCR, without the image ever touching disk. But there is no audio or video transcription. If your workflow is transcribing recordings or analysing footage, this isn't the tool.

  • Doesn't act as an agent.

    SealedBrief reads your documents and answers questions about them. It doesn't browse the web, send emails on your behalf, file court documents, or execute commands on your machine. There is no "agent loop" — every interaction is a single ask-and-answer.

  • Doesn't research the internet.

    Every answer is grounded in your own corpus. The LLM cannot reach for external sources mid-conversation — no Wikipedia lookup, no Westlaw search, no PubMed query. If you want current case law or fresh financial filings, paste the document into your folder and re-index.

  • Doesn't replace specialist tools.

    SealedBrief is a reading + recall layer over your documents. It is not a case-management system, an EHR, a general-ledger product, or a billing platform. It complements those tools by letting you query the documents they hold; it doesn't replace them.

  • Doesn't run on a server in V1.0.

    Single-user, single-machine. Your licence is bound to a human, not a workstation, and you can run it on as many of your own machines as you want — but the documents on machine A are not visible from machine B unless you copy them. Multi-user / shared-vault / server-mode is V2 scope.

Pricing

Two tiers. A licence you own.

A 3-year term licence — not a perpetual licence, not a subscription. Backed by a 30-day, no-questions refund, so you can try it risk-free. Year-1 updates and support are included in the purchase price.

Personal

For your own confidential work.

199 for a 3-year term

+ $49/yr support in years 2 & 3

$297 total over the 3-year term

  • The full SealedBrief workspace — local RAG over your own documents
  • Linux desktop (.deb + .AppImage) — macOS in V1.0.1, Windows in V1.1
  • Ed25519-signed licence, verified offline
  • 1 device
  • Year-1 updates & support included in the price
  • Best-effort email support
Buy Personal — $199

Recommended

Professional

For paid client work you must be able to prove is private.

499 for a 3-year term

+ $109.99/yr support in years 2 & 3

$718.98 total over the 3-year term

  • Everything in Personal, plus:
  • Commercial-use licence — covers paid client work
  • Up to 3 devices
  • Compliance & audit evidence surface — exportable at-rest encryption proof, network-egress attestation, and an ingestion audit log
  • Priority support with a response SLA
Buy Professional — $499

What Professional adds

Feature Personal Professional
Commercial use (paid client work) Granted
Devices per licence 1 Up to 3
Compliance & audit evidence surface Included
Support Best-effort Priority, response SLA
  • ChatGPT Plus $240/yr
  • Microsoft Copilot $360/yr/seat
  • SealedBrief Personal $297 / 3 yrs

How the 3-year term works: you buy a 3-year licence. Year 1 includes every update and support. In years 2 and 3 an annual support fee keeps updates, model refreshes, and support coming. When the term ends, renew to continue — your vault, settings, and device registrations carry over. A lapsed licence opens read-only; your documents are always yours.

FAQ

Frequently asked, plainly answered.

  • Does any data leave my machine?

    No. The Compute Plane — the part that touches your documents — has no network egress by construction. The Presentation Plane talks to sealedbrief.com only for licence validation and update checks. You can verify the contract yourself with a packet capture during a query session.

  • What hardware do I need?

    A Linux workstation with a 12 GB+ NVIDIA GPU gives the best experience — answers in seconds, on the larger Qwen3-14B model. It also runs on 8–12 GB GPUs (the Qwen3-8B model) and on CPU-only machines, where generation is slower (tens of seconds per answer). Plan on 16 GB RAM and ~20 GB free disk. Apple-Silicon Macs are supported from V1.0.1.

  • Why Linux first? When macOS or Windows?

    V1.0 ships Linux (.deb + .AppImage) because the toolchain stabilised there first. macOS lands in V1.0.1 once Apple notarisation is in place. Windows follows when an encryption-library dependency we rely on is fully resolved on Windows.

  • How does the licence work offline?

    Each licence is an Ed25519-signed file you download once at purchase. The app verifies the signature locally — no network round-trip needed. Only the initial activation and optional update checks call sealedbrief.com.

  • Do you collect telemetry?

    No, by default. The app ships with crash reporting opt-in disabled. If you opt in (offered during the first-20-customer onboarding), only anonymised stack traces and error types are sent — never document content, never user prompts.

  • What happens if you stop maintaining the product?

    Your licence is an Ed25519-signed file the app verifies offline — there's no server you depend on for the product to function past activation. If we disappeared tomorrow, SealedBrief keeps working for the rest of your 3-year term. Your documents stay in standard formats you can always open elsewhere.

  • How accurate are the answers?

    Every answer is grounded in retrieved passages from your own documents and shows the source paragraphs alongside the response. The LLM is constrained to cite — when it can't ground a claim in your corpus it says so rather than inventing a citation. Treat the output the way you'd treat a junior associate's draft: review the citations before you use it.

  • What models can I use?

    The app ships with Qwen3-8B (for 12 GB GPUs) and Qwen3-14B (for larger GPUs), auto-selected by your VRAM — both Apache-2.0 and fully local. You can swap in any GGUF-format model you trust that fits your hardware; the loader cares only about the file format, not the provenance.

  • How do I migrate from ChatGPT or Notion AI?

    Export your existing notes, conversations, and documents to a folder. Point SealedBrief's watcher at it and the ingestion engine indexes everything in place — there's no proprietary store. Standard formats are supported: PDF, DOCX, TXT, MD, EPUB, HTML, and more.

  • Refunds?

    30 days, no questions asked. Email refunds@sealedbrief.com and we issue the refund through Stripe within 5 business days. Your licence is then added to the revocation list (CRL) so it can no longer activate.

Free whitepaper

Not ready to buy? Read the audit framework first.

A 5-page PDF covering the security claims SealedBrief makes — what they mean for your regulatory regime, how to audit each one yourself, and what to ask any vendor before trusting them with confidential documents. Free, ungated by everything except a single email field.

Download the whitepaper (PDF)

Want updates on the launch? Email us — we'll add you to the announce-only list.

One email when the whitepaper sends, then a short 4-email series over three weeks. No marketing blasts, no third-party trackers, no resale. You can ask us to delete your address any time.

Mac & Windows

On a Mac or Windows? We'll email you the moment your build ships.

V1.0 ships Linux first. macOS follows in V1.0.1 once Apple notarisation is in place; Windows in V1.1. Drop your email and we'll send a single message when your platform's download is available — no marketing, no drip campaign, one email and that's it. We won't charge you until then.

Email us to join the waitlist

We use your email only to notify you when your build ships. We don't share it, sell it, or use it for anything else. You can ask us to delete it any time.