Tiles
Your private and secure AI assistant for everyday use. Developed as an independent open source project, made possible by wonderful sponsors.
Public Alpha for macOS 14+ on Apple Silicon Macs (M1 or newer). Recommended: 16 GB unified memory or more.
Runs fully on-device, with optional peer-to-peer sync. View CLI screenshots.
On-device Models
An opinionated package of prompt, tools, and models optimized for your hardware. Powered by MLX on Apple Silicon.
Decentralized Identity
Locally generated IDs, with the private key always stored locally on device.
P2P Sync
Encrypted peer-to-peer sync for chats across your linked devices, online or on your local network. Powered by Iroh’s networking stack.
Offline Installer
Bundled dependencies run in a self contained environment without modifying your system, with a fully offline installer available for secure and air gapped installations.
Tilekit SDK
Customize local models and agent experiences within Tiles. Built in Rust, based on open-source specifications such as Modelfile and the Open Responses API.
Private AI comparison
A quick comparison of private AI assistant tools across app experience, integrations, models, and private deployment features.
| Capability | Tiles | Ollama | LM Studio | Jan | Osaurus |
|---|---|---|---|---|---|
| CLI | Supported | Supported | Supported | Supported | Supported |
| Client app | Not supported | Supported | Supported | Supported | Supported |
| Decentralized Identity | Supported | Not supported | Not supported | Not supported | Supported |
| Encryption | Supported | Not supported | Partially supported | Not supported | Partially supported |
| Sync | Supported | Not supported | Not supported | Not supported | Not supported |
| On-device models | Supported | Supported | Supported | Supported | Supported |
| Cloud models | Not supported | Supported | Not supported | Supported | Supported |
| In-house models | Not supported | Not supported | Not supported | Supported | Not supported |
| Modelfile | Supported | Supported | Not supported | Not supported | Not supported |
| Agent Harness | Not supported | Supported | Partially supported | Not supported | Supported |
| Memory | Not supported | Not supported | Not supported | Not supported | Supported |
| Connectors | Not supported | Supported | Supported | Supported | Supported |
| Remote link | Not supported | Not supported | Supported | Not supported | Supported |
| Shared Links | Not supported | Not supported | Not supported | Not supported | Not supported |
| Offline Installer | Supported | Not supported | Not supported | Not supported | Not supported |
| Cross platform | Not supported | Supported | Supported | Supported | Not supported |
| Open source | Supported | Partially supported | Partially supported | Supported | Supported |
Frequently asked questions
Short answers drawn from our security documentation. For full context and limits, read that page.
What does local-first mean for Tiles?
Tiles is designed so the default experience runs on-device. The local server binds to localhost, which limits exposed network surface during normal use. Configuration and application data live in standard local directories, and you can change the user data path when needed.
Are chat and account databases stored as plain SQLite files?
No. Application state is persisted locally with encryption at rest. The Rust build uses SQLCipher-enabled SQLite, and database connections use a passkey from secure storage. That raises the bar against casual inspection of copied files, though it does not remove all local risk.
How does Tiles handle identity and secret material?
Public identity is separated from private keys. Device and account identity use did:key identifiers from Ed25519 keys. Private keys and database passkeys are stored in the operating system’s secure credential store, not in plaintext app configuration files.
How does device linking and chat sync work?
Peer-to-peer linking is user-mediated, not automatic. One device shows a ticket or local code; the other enters it and explicitly accepts or rejects. In release builds, endpoints derive from your stored secret key, and peer identity is checked against the delivered public key. Sync includes defensive controls, including a maximum size cap for downloaded deltas before they are applied.
Sync uses Iroh for device-to-device networking. When a direct path is not practical, Iroh's public relays can help establish the connection; we list that relay use on our sub-processors page.
Does Tiles include product analytics, and what is logged locally?
The product does not currently bundle obvious analytics SDKs such as Sentry, PostHog, Segment, Mixpanel, or similar telemetry. There is still local logging: the Python server may log request metadata and bodies to files under the Tiles data directory, so prompt content can appear in local logs unless logging changes.
How do updates, signing, and bundled dependencies relate to trust?
Updates can check GitHub releases and install via the hosted installer script, which depends on release and hosting integrity rather than a stronger built-in end-user verification workflow. Dependencies are pinned and reviewed. The macOS package is code signed, notarized, and stapled. Bundled dependencies are self-contained so normal installation and use do not require live package downloads from the internet.
How do I report a security vulnerability?
Use the published security policy and private disclosure path. Researchers can use GitHub Security Advisories or email security@tiles.run, with expectations for acknowledgement, triage, and coordinated disclosure. See SECURITY.md.