Skip to content
PrivateAI
← Back to Home
Privacy Workflows

The Developer's Private AI Toolkit: Stop Leaking Code and Prompts to Big Tech

10 min read min readBy PrivateAI Team

Here's the uncomfortable truth: every prompt you paste into ChatGPT, every autocomplete suggestion Copilot generates from your code, and every query you run through a cloud AI assistant is a data point — collected, potentially reviewed, and used to train the next model. For most developers, that means client code, internal architecture decisions, API keys accidentally left in context, and competitive logic are all flowing to servers you don't control.

The good news: a practical, layered private AI stack exists right now. It doesn't require exotic hardware. It takes an afternoon to set up. And it covers 90% of what cloud AI does — without the exposure.

This guide walks through four layers: local inference, private web research, encrypted prompt storage, and secure team collaboration. Use all four for full coverage, or start with the layers that match your biggest risk.


Why Your Current AI Workflow Is a Leak Surface

Before you fix anything, understand what's actually being collected.

OpenAI / ChatGPT: By default, conversation history is used to improve models unless you opt out in Settings → Data Controls. Even with opt-out enabled, conversations may be retained for abuse monitoring. Enterprise plans have stronger guarantees, but most developers use personal accounts.

GitHub Copilot: Code suggestions are generated server-side. GitHub's telemetry documentation confirms that code snippets surrounding your cursor are sent to their servers on every suggestion request — including code in open files, not just what you're typing. Business/Enterprise plans exclude training, individual plans do not.

Claude / Anthropic: Similar story. Free and Pro users' conversations may be used for safety training. Enterprise agreements offer opt-out.

The hidden risk: It's not just the code you paste intentionally. It's the .env file you opened in the same editor session, the internal hostname that appears in a stack trace, the proprietary algorithm structure visible in your surrounding context window.

A local stack doesn't call home. Period.


Layer 1: Local Inference — The Non-Negotiable Foundation

Ollama is the fastest path to running production-quality LLMs on your own hardware. It handles model download, quantization management, and exposes a local OpenAI-compatible API at localhost:11434. No account required. No telemetry by default.

Hardware minimums that actually work:

| RAM | What You Can Run | Use Case |

|-----|-----------------|----------|

| 8 GB | Llama 3.2 3B, Phi-3 Mini | Fast autocomplete, simple Q&A |

| 16 GB | Llama 3.1 8B, Mistral 7B, Gemma 2 9B | Solid coding assistant, document analysis |

| 32 GB | Llama 3.3 70B Q4, Qwen2.5 32B | Near-GPT-4 quality reasoning |

| 64 GB+ | DeepSeek-R1 70B, full Llama 70B | Complex multi-step reasoning |

Getting started:

```bash

Install Ollama

curl -fsSL https://ollama.com/install.sh | sh

Pull a strong coding model

ollama pull qwen2.5-coder:14b

Run it locally

ollama run qwen2.5-coder:14b

```

For IDE integration, Continue.dev (VS Code / JetBrains) connects to your local Ollama endpoint and replaces Copilot with zero telemetry. In ~/.continue/config.json:

```json

{

"models": [

{

"title": "Qwen 2.5 Coder (Local)",

"provider": "ollama",

"model": "qwen2.5-coder:14b"

}

]

}

```

Your keystrokes stay on your machine. Your code never touches a cloud API.

Trade-off to be honest about: Local models at Q4 quantization are slightly behind the frontier models on complex reasoning tasks. For architecting a new distributed system from scratch, you might still reach for Claude or GPT-4. For the daily work — code review, refactoring, documentation, boilerplate — local models are indistinguishable from cloud in practice.


Layer 2: Private Research — When You Actually Need the Web

Local models have a hard cutoff date and no internet access. For research tasks — finding a new library, checking recent CVEs, understanding a framework update — you need web access. The question is which search-AI tool respects your privacy.

Perplexity AI is the most privacy-conscious option in the AI search category that actually delivers useful results. Unlike Google (which has your entire search history, logged-in identity, and location) or ChatGPT Browsing (which ties research to your OpenAI account), Perplexity offers:

  • No account required for basic use — queries aren't tied to a persistent profile
  • Perplexity Pro includes access to Claude and GPT-4 level models for deeper research without the full data profile those companies maintain on you
  • Source citations — you can verify claims rather than trusting a summarization black box
  • Focus modes — Academic, YouTube, Reddit scopes for targeted research without scattering queries across multiple services

Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.

How to structure your private prompt library:

```

Proton Drive/

└── AI-Workspace/

├── system-prompts/

│ ├── code-review.md

│ ├── architecture-planning.md

│ └── documentation-generator.md

├── ollama-configs/

│ └── modelfiles/

└── project-contexts/

├── client-a-context.md

└── internal-api-context.md

```

The project-contexts/ folder is particularly important: it holds the background context you paste at the start of long sessions. That context often contains internal architecture details, client names, and proprietary business logic — exactly what you don't want in Notion or an unencrypted Dropbox.

Bonus: Proton Drive's desktop app creates a local folder that syncs automatically, so you can reference your prompts from scripts or IDE keybindings without manually downloading files.


Layer 4: Team Collaboration Without Leaking Client Work

If you work with a team or handle client engagements, Layer 3's personal storage isn't enough. You need encrypted sharing with access controls — where you can revoke access, audit who downloaded what, and ensure client deliverables never hit an unencrypted server.

Tresorit is purpose-built for this use case. It's end-to-end encrypted like Proton Drive but adds enterprise-grade collaboration features:

  • Encrypted shared workspaces — team members get E2E encrypted access; Tresorit itself cannot read the files
  • Granular permissions — read-only links for clients, edit access for team, expiring share links
  • Compliance-ready — GDPR, HIPAA, SOC 2 Type II; useful if your clients are in regulated industries
  • Remote wipe — if a team member's device is compromised, you can revoke access and wipe their cached files
  • Full audit log — who accessed what, when, from which IP

Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.