Feature

Privacy and architecture

Recense is local-first by design. Tabulation runs in your browser. Cloud features are an opt-in, encrypted on your machine before they leave it. The architecture is the privacy story — not a policy page on top of a default-cloud product.

Where computation runs

The Recense engine is compiled from Rust to WebAssembly and runs in your browser. When you open a local SPSS file, the bytes are read by your browser, parsed in WASM, and held in your browser's memory and IndexedDB. Tabulation, derived variables, weighting, and significance testing all happen on your machine. No data is sent to a Recense server for any of this.

The engine is closed-source today, but the entire compute path is client-side: the WASM that runs in your browser is the implementation, and tabs like /verify let you confirm no analysis data leaves the device. Open-sourcing the engine is on the post-launch roadmap.

A local SPSS file being analysed in the browser with no network traffic indicator.
Tabulation, weighting, derives, sig tests — all on your machine.

What touches the network, and when

  • Local files. Nothing leaves your browser. The whole tabulation surface works offline once Recense is loaded.
  • Cloud projects. If you choose to save a project to the cloud, the bytes are encrypted on your machine with AES-256-GCM before upload. We hold no decryption keys.
  • Cloud datasets. Same model — client-side encryption before upload, plus the minimum catalogue metadata needed to organise the library.
  • Hosted compute (enterprise). A separate mode for datasets your organisation explicitly publishes. Not the default, and not on by accident.
A cloud project sync dialog showing client-side encryption before upload.
Cloud is opt-in. Bytes are encrypted on your machine before they leave it.

How AI is wired up

  • Bring your own key. Conversations go directly from your browser to your chosen provider (Anthropic, OpenAI, Google, Fireworks). Recense never sees them. Keys are stored locally and never transmitted.
  • Built-in agent. Conversation messages are proxied to the selected provider. Recense doesn't store the text. Per-request metadata (user, model, token counts) is retained for billing and abuse detection only.
  • No model training on your data. We don't use your data or conversations to train models, and we don't direct providers to do so either.
The provider key configuration screen for Anthropic, OpenAI, Google, and Fireworks.
Bring your own key, or use the managed agent — neither retains your conversations.

What we don't do

  • No third-party analytics or tracking pixels on the product.
  • No selling, renting, or sharing of customer data.
  • No remote raw-data access path in the hosted product.
  • No retained AI conversations after the request completes.
A concise list of practices Recense doesn't engage in: tracking, data sales, retained AI conversations.
Things absent from the product, by design.

For procurement and InfoSec

The detailed security page covers encryption layers, sub-processors and their compliance posture, account data handling, error tracking, GDPR posture, and responsible disclosure.

Read the full security page →

Try Recense without uploading anything

The free tier works on local files. No upload, no card, no sales call.

Start free Contact