On Local-First Data Sovereignty.
The note that explains why mazemaker is built the way it is. Written in April 2026. Unchanged since.
mazemaker engineering · april 2026
There is a quiet assumption embedded in most cloud software: that the most convenient place to store your data is also the most convenient place for someone else to process it. We have normalized this tradeoff so thoroughly that its costs are nearly invisible. Your queries, your associations, your patterns of thought as expressed through an AI assistant — all of it, accumulated on infrastructure you do not control, analyzed under terms of service you will never read in full, held by companies whose interests are structurally misaligned with yours.
The AI memory problem is a crystallization of this. When an AI assistant remembers what you told it last week, that memory has to live somewhere. The obvious place is the provider’s servers. The obvious business model is surveillance: your memories improve their model, their ads, their understanding of who you are and what you want. This is not malice. It is gravity.
We built mazemaker because we believe the alternative is tractable. A modern developer laptop is capable of running the full embedding and retrieval stack that powers meaningful long-term AI memory. The computation is not expensive. The latency is acceptable. The only reason to centralize it is convenience — and convenience, in this case, is a cost borne by people who did not agree to pay it.
Our architecture makes an explicit choice: your data does not leave your machine. Not your memories, not your queries, not your embeddings. The mazemaker backend exists to answer exactly one question: “is this license valid?” It counts tool calls for billing purposes. It cannot see what you are counting. This is not a privacy policy promise — it is a structural guarantee enforced by what the server is and is not given.
The vault key is derived from your hardware fingerprint. The pod runs rootless on your own machine. The embedding model processes text on your CPU, or, if you opt into a managed provider, under an API key you own and can revoke. We sign JWTs with Ed25519 and expire them every twenty-four hours, not because we need to prevent you from using the software, but because cryptographic expiry is the only honest mechanism for a license boundary.
Local-first is not a political statement. It is an engineering decision with downstream consequences for trust, auditability, and longevity. Software that centralizes your data can be discontinued, acquired, breached, or subpoenaed. Software that runs on your machine, with your keys, under your control, has none of these failure modes. It has different ones — you have to maintain it, update it, back it up. We think that is a reasonable trade.
The free tier exists because the marginal cost of letting someone run FastEmbed on their own CPU is zero. We do not subsidize it with your data. We do not sell attention. If the free tier is useful to you, we are glad. If you eventually pay us forty-nine dollars a month, we will continue to earn it by keeping the pod running, the license server fast, and the architecture honest.
This is what we are building. Not a memory product with a privacy policy. A memory product where the architecture is the policy.