Does Leapable train on our data?

No. Leapable does not train models on customer data.

Security brief

Local-first by architecture. Not by marketing.

Q: Can we deploy on-prem?

Yes. Today Leapable is local-first per user machine; self-hosted aiwonder instructions exist for customer-run backend services.

Q: Air-gapped?

Local Markdown and text files plus a local AI model can support air-gapped work. Cloud OCR, embeddings, and reranking require network access.

Leapable's vault SQLite runs on the user's machine. Markdown and text files never leave your disk. PDFs and images use transient cloud OCR, wiped per run. SHA-256 chain hashes track source byte to final answer, and the audit log is trigger-enforced append-only.

Read the Security Brief Talk to security

SOC 2 Type II is in progress for Q3 2026. Customer documents are not used to train Leapable models.

Leapable security data-flow diagram showing local vault storage, transient OCR, and cited answers

Architecture

Data-flow boundaries

The diagrams below separate local vault state, transient cloud processing, and the customer-selected AI client boundary.

Leapable data-flow diagram separating local vault, transient cloud services, and customer AI client — Local versus transient cloud processing boundary.

Leapable provenance graph showing file hash, documents, chunks, embeddings, and chain hash — Source byte to cited answer provenance chain.

60-second security demo

Watch the data boundary walkthrough.

The walkthrough follows one file from local vault ingest through transient OCR, provenance hashing, AI-client retrieval, and source verification.

Transcript pending until the security walkthrough is uploaded.

Source-linked facts

Architectural facts

SQLite vault PRAGMAs

Per-vault SQLite uses WAL, foreign keys, synchronous NORMAL, memory temp store, and a 64 MiB journal size limit.

Open source lines

sqlite-vec in-process

Embedding vectors are 768-dimensional and stored in local sqlite-vec virtual tables.

Open source lines

Append-only audit triggers

SQLite triggers reject UPDATE and DELETE against the local audit log at the database engine level.

Open source lines

Cloud OCR fails loud without CUDA

The worker refuses to continue when a CUDA-pinned OCR image resolves away from GPU.

Open source lines

aiwonder central PostgreSQL

Billing, sessions, payouts, and operational state use central PostgreSQL with bounded statement and transaction timeouts.

Open source lines

Text-fast local path

Markdown and text files are processed locally with zero OCR compute cost and no cloud OCR dispatch.

Open source lines

Control

What you control

Toggle each setting to see the operational consequence. These are educational states; the linked Workbench settings are the source of truth.

Vault storage location Override vault location with LEAPABLE_DATABASES_PATH, or stay on the installer default. Custom vault root Open Data settings LLM endpoint You bring the AI client and provider account; Leapable supplies cited MCP tools. AI client selected Open AI Client settings Cloud OCR opt-out The runtime currently returns cloud mode for OCR/VLM processing in end-user deployments, with local text-fast preserved for supported text files. Cloud OCR allowed Open Ingest settings Open source lines Telemetry toggle Default off in Workbench preferences. Telemetry off Open Privacy settings Crash reports toggle Crash reports send crash metadata without document contents. Crash reports on Open Privacy settings

Custom vault root

Vault storage location

The sidecar reads vaults from the absolute path in LEAPABLE_DATABASES_PATH. That path must exist before the managed runtime starts.

Compliance

Current status

SOC 2 Type II

IN PROGRESS. Target Q3 2026. No completed certification is claimed. Read the status page.

HIPAA-ready architecture

Local-first storage keeps customer-controlled data local unless a user chooses a cloud processing path or sends context to an AI provider.

GDPR-friendly controls

Data minimization and local vault ownership support residency and deletion workflows.

State privacy laws

Architecture supports minimization, customer-controlled storage, and processor review.

Outbound audit

Connections Leapable can make

Everything else is local to the user's machine.

Marketplace API (marketplace.leapable.ai) sidecar → API

Purpose: license validation, billing, cloud OCR dispatch, embeddings, and reranking.

Data sent: license/account headers, job metadata, and processing payloads needed for the requested operation.

Open source lines

Cloud OCR (RunPod serverless) API → OCR worker

Purpose: OCR for PDFs, images, and Office-style files that need document parsing.

Data sent: file bytes for the job. Retention: transient job processing, then cleanup.

Open source lines

TEI embedder (aiwonder) sidecar/API → embedder

Purpose: convert text into 768-dimensional vectors.

Data sent: text selected for vector conversion; response is vectors and model metadata.

Open source lines

TEI reranker (aiwonder) sidecar/API → reranker

Purpose: score top candidate passages for relevance.

Data sent: request-scoped question and candidate passages; candidate text is not persisted by the reranker.

Open source lines

Customer AI provider AI client → provider

Purpose: final answer generation in the user's selected AI client.

Data sent: whatever the user and client choose to include from cited Leapable results.

Open source lines

Subprocessors

Current subprocessor list

Stripe

Billing, subscriptions, taxes, invoices, payment processing, and Connect payouts.

Resend

Transactional email for sign-in and account notifications.

Cloudflare

DNS, Pages, Tunnel, Access, edge security headers, and routing.

RunPod

Transient GPU OCR workers for PDFs, images, and document parsing.

AWS

Limited backups and infrastructure support where configured.

No-training policy

Your documents are not training data

Leapable does not train models on customer documents. Customer vault files are independent local SQLite files. Shared operational state is central PostgreSQL state for accounts, billing, jobs, sessions, and support operations, not a pooled customer-document training set.

CISO FAQ

Questions IT teams ask first

Can we deploy on-prem?

Yes. Today Leapable is local-first per user machine. Self-hosted aiwonder deployment instructions exist for customer-run backend services. Read the on-prem guide.

Air-gapped?

Local .md and .txt files plus a local AI model can support air-gapped work. Cloud OCR, embeddings, and reranking require network access.

Penetration test reports?

Available under NDA. Contact security@leapable.ai.

Subprocessor list?

Stripe, Resend, Cloudflare, RunPod, and AWS. A DPA template is available for review.

Where is my data stored?

Vault SQLite files live on the user's machine: macOS ~/Library/Application Support/Leapable/, Windows %APPDATA%\Leapable\, and Linux ~/.local/share/Leapable/. Override with LEAPABLE_DATABASES_PATH.

Audit log retention?

The local audit log is append-only. Leapable's local SQLite triggers reject update and delete attempts on that table.

Does this work in regulated environments?

The architecture is designed for regulated review with local-first storage, minimization, and source-linked auditability. No FedRAMP certification is claimed.

What happens if Leapable shuts down?

Vault files are standard SQLite files on the user's machine. You keep them, and the source documents remain yours.