Tiles
Your private and secure AI assistant for everyday use. Developed as an independent open source project, made possible by wonderful sponsors.
Public Alpha for macOS 14+ on Apple Silicon Macs (M1 or newer). Recommended: 16 GB unified memory or more.
Runs fully on-device, with optional peer-to-peer sync. View CLI screenshots.
On-device Models
An opinionated package of prompt, tools, and models optimized for your hardware. Powered by MLX on Apple Silicon.
Local-First Identity
Locally generated decentralized IDs, with the private key always stored locally on device.
Sync
Encrypted peer-to-peer sync for chats across your linked devices, online or on your local network. Powered by Iroh’s networking stack.
Portable Packaging
Bundled dependencies run in a self contained environment without modifying your system, with a fully offline installer available for secure and air gapped installations.
Tilekit SDK
Customize local models and agent experiences within Tiles. Built in Rust, based on open-source specifications such as Modelfile and the Open Responses API. See Tilekit SDK docs.
Private AI comparison
A quick comparison of private AI assistant tools across app experience, integrations, models, and private deployment features.
| Capability | Tiles | Ollama | LM Studio | Jan | Lumo |
|---|---|---|---|---|---|
| CLI | Supported | Supported | Supported | Supported | Not supported |
| Client app | Not supported | Supported | Supported | Supported | Supported |
| Decentralized Identity | Supported | Not supported | Not supported | Not supported | Not supported |
| Encryption | Supported | Not supported | Not supported | Not supported | Supported |
| Sync | Supported | Not supported | Not supported | Not supported | Supported |
| On-device models | Supported | Supported | Supported | Supported | Not supported |
| Cloud models | Not supported | Supported | Not supported | Supported | Supported |
| In-house models | Not supported | Not supported | Not supported | Supported | Not supported |
| Open source | Supported | Partially supported | Partially supported | Supported | Partially supported |
| Modelfile | Supported | Supported | Not supported | Not supported | Not supported |
| Agent Harness | Work in progress | Supported | Partially supported | Not supported | Not supported |
| Memory | Work in progress | Not supported | Not supported | Not supported | Not supported |
| Connectors | Work in progress | Supported | Supported | Supported | Not supported |
| Shared Links | Work in progress | Not supported | Not supported | Not supported | Not supported |
| Offline Installer | Supported | Not supported | Not supported | Not supported | Not supported |
| Cross platform | Work in progress | Supported | Supported | Supported | Supported |
Get to know Tiles Privacy
Our mission is to bring privacy technology to everyone.
Tiles Privacy was born from the User & Agents community with a simple idea: software should understand you without taking anything from you. We strive to deliver the best privacy-focused engineering while also offering unmatched convenience in our consumer products. We believe identity and memory belong together, and Tiles gives you a way to own both through your personal user agent.
Founded by Ankesh Bharti (@feynon), an independent researcher and technologist, Tiles is built for privacy conscious users who want intelligence without renting their memory to centralized providers. Our first product is a private, secure AI assistant for everyday use, along with an SDK that enables developers to customize local models and agent experiences within Tiles.
We are seeking design partners for TEE based cloud workloads that align with our goal of a verifiable privacy perimeter. Contact us at hello@tiles.run.
Want to contribute? See how you can make Tiles better.
Frequently asked questions
Short answers drawn from our security documentation. For full context and limits, read that page.
What does local-first mean for Tiles?
Tiles is designed so the default experience runs on-device. The local server binds to localhost, which limits exposed network surface during normal use. Configuration and application data live in standard local directories, and you can change the user data path when needed.
Are chat and account databases stored as plain SQLite files?
No. Application state is persisted locally with encryption at rest. The Rust build uses SQLCipher-enabled SQLite, and database connections use a passkey from secure storage. That raises the bar against casual inspection of copied files, though it does not remove all local risk.
How does Tiles handle identity and secret material?
Public identity is separated from private keys. Device and account identity use did:key identifiers from Ed25519 keys. Private keys and database passkeys are stored in the operating system’s secure credential store, not in plaintext app configuration files.
How does device linking and chat sync work?
Peer-to-peer linking is user-mediated, not automatic. One device shows a ticket or local code; the other enters it and explicitly accepts or rejects. In release builds, endpoints derive from your stored secret key, and peer identity is checked against the delivered public key. Sync includes defensive controls, including a maximum size cap for downloaded deltas before they are applied.
Sync uses Iroh for device-to-device networking. When a direct path is not practical, Iroh's public relays can help establish the connection; we list that relay use on our sub-processors page.
Is memory Python execution a hardened sandbox?
No. The memory-agent flow runs generated Python with path restrictions and basic size limits on a designated memory path. This is restricted execution, not strong OS-level isolation, virtualization, or container sandboxing. This path is transitional and may be removed or replaced after Pi agent harness work.
Does Tiles include product analytics, and what is logged locally?
The product does not currently bundle obvious analytics SDKs such as Sentry, PostHog, Segment, Mixpanel, or similar telemetry. There is still local logging: the Python server may log request metadata and bodies to files under the Tiles data directory, so prompt content can appear in local logs unless logging changes.
How do updates, signing, and bundled dependencies relate to trust?
Updates can check GitHub releases and install via the hosted installer script, which depends on release and hosting integrity rather than a stronger built-in end-user verification workflow. Dependencies are pinned and reviewed. The macOS package is code signed, notarized, and stapled. Bundled dependencies are self-contained so normal installation and use do not require live package downloads from the internet.
How do I report a security vulnerability?
Use the published security policy and private disclosure path. Researchers can use GitHub Security Advisories or email security@tiles.run, with expectations for acknowledgement, triage, and coordinated disclosure. See SECURITY.md.