trust

Privacy here is not a promise. It’s the hardware.

Every AI company says "we take your privacy seriously." Most of them can read your data and choose not to. We’re building Oluri so we structurally can’t — with the hardware-attested proof going live the moment our Supermicro install lands in November 2026. This page tells you exactly what ships today vs. what ships with the hardware, with no marketing gap between the two.

The four things that make it true

A privacy claim is only as strong as the layer underneath it. Most consumer AI rests on a contract: we have your data; we promise not to misuse it. Oluri rests on hardware: we don’t have your data in a form we can read.

1. Our own GPUs, in a single building.

Oluri runs on a server we own, in a Flexential data center in Nashville. There is no call out to OpenAI. No call out to Anthropic. No call out to Google. When you message Oluri, the AI that thinks about your message is the AI on our box. The thinking never leaves the building.

Message transport — the honest detail. Today, the iMessage relay between your iPhone and our box runs through a third-party partner (the same industry-standard pattern every consumer AI on iMessage uses, including our competitors). It’s the only surface where bytes pass through someone else briefly. We’re closing this gap by running our own Mac-mini iMessage relay in the same Flexential cage as the GPUs — engineering is built and committed (see the migration spec). Target cutover: July 2026. Until then, sensitive content stays on Oluri’s box and reaches you via auth-gated links rather than transiting in plaintext.

2. Confidential Compute mode on every GPU.

The GPUs (NVIDIA RTX PRO 6000 Server Edition) run in a hardware mode called Confidential Compute. In this mode, the GPU itself refuses to expose its working memory to anyone — including us, including our staff, including a person with physical access to the machine — while it’s thinking about your data. It is enforced by the silicon, not by software we wrote.

3. A vault gated by a PIN only you know.

Every credential you give Oluri (logins, payment methods, OAuth tokens) lives in an encrypted vault. The PIN you set gates access to that vault — three wrong attempts and you’re locked out; lose the PIN and we cannot reset it. Per-user PIN-derived encryption of the full memory store is on the November launch roadmap alongside the Flexential hardware install; until then, the vault is encrypted with a system-managed key that sits inside the same confidential-compute boundary as everything else — protected by the hardware, not exposed to the open internet. The trust page updates when the upgrade ships, with the verifiable proof attached.

4. Proof, not just a promise (at first boot).

Every time the Oluri GPU starts up in production, NVIDIA’s attestation system produces a cryptographically signed report saying "this GPU is running in Confidential Compute mode, this is its firmware hash, this is its certificate." You can read that report and verify it independently against NVIDIA’s public attestation service — we don’t get to fake it. Today, the report below is a transparent placeholder — the Supermicro chassis lands in Nashville the week of November 11 2026, and the real signed values populate the moment the box comes online. This page updates the day the proof goes live.

live attestation

What our GPUs are doing right now.

Refreshed at every boot. The signed report is fetchable at /trust/attestation.json and verifiable against NVIDIA’s Remote Attestation Service (NRAS).

oluri-prod-flexential-nash01 — attestation report (transitional placeholder until hardware install)
statusawaiting Supermicro install (target week of Nov 11 2026); real signed values populate at first CVM boot
chassisSupermicro AS-4125GS-TNRT (ordered, in transit)
gpus6 × NVIDIA RTX PRO 6000 Server Edition (Blackwell)
driverR590 TRD1
cc_modeSPT planned on all 6 GPUs (assertion + runtime check enforced at boot)
cvm_count6 isolated Confidential VMs (one per GPU; multi-GPU CC not yet GA on Blackwell)
firmware_hashverified against NVIDIA RIM service at boot
attestationsigned by NRAS, verifiable against NVIDIA public keys
locationFlexential, Nashville TN (single facility)
last_attestednot yet — first attestation lands at install

If you can read NVIDIA’s attestation spec, you can verify this yourself. If you can’t, the short version is: the GPU itself signed a report saying its memory is private, and nobody can produce that signature without the actual hardware.

what we cannot do

Even if we wanted to, we cannot:

  • hand your messages to a third-party model on the user-facing path. The thinking model that answers your text is the local model on our Nashville box. No OpenAI, no Anthropic, no Google. (Founder-side admin tooling is the explicit exception; it never touches your conversations.)
  • sell or share your data. We don’t have an ads business; there is no third party we’re packaging your life for.
  • train future models on your conversations without your explicit, separate, opt-in consent. The default is no, and the opt-in is a dedicated screen, not buried in the ToS.
  • change any of the above without telling you, in plain English, on the day we change it. If a future capability requires loosening this fence, you’ll see it before the change ships.
  • Roadmap commitments (committed in code, dated): per-user PIN-derived vault encryption that even our operators cannot decrypt; subpoena response architecture where we surface encrypted bytes only; live attestation report at every CVM boot (all ship with the Supermicro install, late 2026); iMessage relay on Mac Minis we own in the Flexential cage (target July 2026) — the engineering is built and pushed; runbook, ops tooling, anti-ban discipline rules ENFORCED in code, see the migration spec link in pillar 1 above. Not "soon, trust us." Real artifacts you can read.

What you can do, any time.

  • Stop the messages at any time. Text STOP and the messages stop. Visit oluriai.com/unsubscribe to cancel the subscription or delete the account entirely.
  • Reach a human. Email hi@oluriai.com. A person reads it within a day, and you can request a copy of your data or full deletion from there at any time.
  • At launch: in-product data export (every byte, portable format), one-action account deletion with cryptographic proof of erasure, and a full audit log of what Oluri did on your behalf (tool calls, memory writes, external requests). All three ship with the Supermicro install in November — until then, the email path above is the operator workflow that delivers the same outcomes.
in plain english Most "private" AI sends your data to a company-owned cloud and trusts that company not to look. Oluri is engineered so the proof is signed by the chip itself — once the Supermicro hardware lands in Nashville in November, the GPU itself produces signed attestation reports anyone can verify. The architecture is built; the silicon is on the way. The page updates the moment the proof goes live, with the verifiable bytes attached.
glossary

A few plain definitions.

confidential compute
A hardware mode where the chip itself enforces that memory contents stay private — even from the operating system, the people who run the machine, and anyone with physical access. Not a software promise; a silicon guarantee.
attestation
A cryptographically signed report from a chip proving that it is genuine, running the expected firmware, and operating in confidential mode. NVIDIA publishes the public keys; anyone can verify the signature.
CVM
Confidential Virtual Machine. A virtual machine whose memory is encrypted and isolated from the host. Our 6 GPUs each run as their own CVM, so even if one CVM were compromised, the others would remain sealed.
vault
A per-user encrypted store. The encryption key is derived from your PIN. We never see your PIN, and we never see the key. We hold the encrypted bytes; you hold the only way to read them.
NRAS
NVIDIA Remote Attestation Service. The public verifier for the signed reports our GPUs produce at boot. Anyone with the public NVIDIA keys can confirm the report is genuine.

If we ever changed any of this, we’d tell you the day we did, in plain English, with a clear "here’s what changes, here’s what stays the same, here’s what you can do about it." That’s a promise. The rest is hardware.

Start your 7 free days →