Privacy & data security.
Built from the ground up.

Your content stays your content

Everything you do with Indiebox stays on the box. Texts, files, prompts, answers, and intermediate results are processed exclusively locally.

There is no:

• Listening in
• Reading along
• Classifying
• Scoring
• Processing beyond your use

Indiebox does not observe content or draw conclusions from it. What you input serves one purpose only: your request.

Local instead of cloud

By default, Indiebox runs entirely without external AI services. The models run directly on the system and do not require an internet connection.

That means:

• No automatic transfer to third parties
• No hidden cloud dependencies
• No external privacy promises

Privacy is achieved here through physical and technical separation — not contracts.

Optional external services. Deliberate and controlled.

If you want, Indiebox can integrate external AI services. Data sources or tools can also be connected selectively via MCP or API.

The principle is:

• External services are optional, not required
• Connections are explicit and controlled
• No silent background connections

You decide if and which data leaves the system. Indiebox does not enforce external usage.

No analysis. No profiles.

Indiebox does not create usage profiles. It does not analyze topics, frequency, or sentiment.

There is no:

• Content classification
• Topic assignment
• User statistics
• Behavior analysis

The box doesn’t know what you’re talking about — and it doesn’t need to.

Open models. No black box.

Indiebox can run open, auditable AI models, as long as their use is legally permitted. These models run locally and independently.

That means:

• No training on your data
• No hidden functions
• No external access

Which models are used is decided by the operator — not the platform provider.

A system you can verify

Indiebox is built so its behavior remains traceable. Network connections, processes, and data storage can be verified locally.

Privacy is not a promise here, but a verifiable reality.

Secure system foundation

Indiebox runs on an access-protected operating system (Ubuntu, latest version). This foundation is established in enterprise environments and provides clear separation between users, services, and permissions.

Security is created through:

• Controlled access
• Clear roles
• Local data storage
• Regular updates

Updates under your control

System and software updates follow the privacy principle as well. Updates are not rolled out or enforced automatically.

Automation is optional but disabled by default. Updates run only when you deliberately trigger them.

That means:

• Updates are triggered locally
• Timing and scope are controllable
• No unobserved background updates

You stay in control of when the system changes.

Separate user spaces

Multiple users can use Indiebox in parallel. Content is separated and not visible to each other.

Chats, documents, and configurations belong to the user who created them. Sharing is deliberate — not automatic.

Admin access with responsibility

As with any local IT system, an administrator can technically access stored content. However, there is no automatic reading along and no hidden inspection features.

The difference to cloud systems: the administrator belongs to your own organization. Control stays internal.

Agent system and licenses

Indiebox clearly distinguishes between models and functions.

The AI models themselves do not require ongoing licenses. They run locally and independently.

An optional agent system extends Indiebox functionality and is subject to licensing. This license governs only the use of software functions.

Important:

• No content is transferred for license checks
• No analysis of tasks or data
• No connection to external systems

The license concerns function. Not content.

Privacy by architecture

Indiebox is not a product that adds privacy later. It is a system designed without external dependencies.

No cloud.
No classification.
No observation.

Your data. On your system.