Privatemode.ai: Using Claude Without Exposing Sensitive Data

One of the most practical barriers to adopting Claude in corporate environments isn't price or model capability: it's the question of where the data goes. Contracts, medical records, proprietary code, customer conversations. All of it has to pass through an external API, and that raises legal and compliance flags that security teams aren't willing to overlook.

Privatemode.ai surfaced this week on Hacker News with a straightforward pitch: enable the use of AI models, including Claude, without compromising data security or privacy. The approach relies on confidential computing, a technique that executes workloads inside Trusted Execution Environments (TEEs) at the hardware level, where even the infrastructure provider cannot inspect data in use.

What is confidential computing and why it matters here

Most cloud services encrypt data at rest and in transit, but data gets decrypted the moment the server processes it. That's the exposure window. TEEs, implemented in chips like Intel TDX or AMD SEV, keep data encrypted even during processing and generate cryptographic attestations that allow you to verify the code being executed is exactly what you expect, unmodified.

Applied to LLM inference, the theoretical result is that the service provider (in this case, Privatemode) cannot read your queries or responses. Users can cryptographically verify what's running. It's a different model from trusting a provider's privacy policies: the guarantee is technical, not contractual.

Who it's for

The most obvious use case is enterprises under regulatory constraints: law firms, clinics, financial institutions, or any company subject to GDPR that needs to demonstrate personal data doesn't leave a controlled boundary. Also engineering teams working with sensitive source code who don't want their queries to an AI assistant feeding any training system or sitting in logs accessible to third parties.

For teams already using Claude Code with MCP servers or sub-agents in complex workflows, the question about where intermediate data is processed is legitimate. If part of the pipeline goes through an external model, data custody becomes complicated. Solutions like Privatemode address exactly that friction.

What remains unclear

The proposal is technically sound in concept, but the website, at the time of publication, lacks operational details. It's not entirely clear which models are available in production or which TEE infrastructure they rely on exactly. It's also not specified whether Claude integration happens through Anthropic's official API with some confidential wrapper layer, or whether models are deployed locally within the enclave.

This matters because offering a confidential proxy over Anthropic's API (where the model stays external) is different from running a model instance inside the TEE itself. The first reduces exposure in transit; the second offers stronger guarantees on inference confidentiality.

The Hacker News thread, with zero comments at publication, provides no additional technical context so far. The project is likely in very early stages or private access.

Our take

The direction is right: the enterprise market needs more than acceptable use policies to move sensitive workloads to external LLMs. That said, until Privatemode publishes detailed technical documentation on its attestation architecture and available models, it's hard to judge whether the proposal lives up to the problem it claims to solve.