Where computation runs

The Recense engine is compiled from Rust to WebAssembly and runs in your browser. When you open a local SPSS file, the bytes are read by your browser, parsed in WASM, and held in your browser's memory and IndexedDB. Tabulation, derived variables, weighting, and significance testing all happen on your machine. No data is sent to a Recense server for any of this.

The engine is closed-source today, but the entire compute path is client-side: the WASM that runs in your browser is the implementation, and tabs like /verify let you confirm no analysis data leaves the device. Open-sourcing the engine is on the post-launch roadmap.

A local SPSS file being analysed in the browser with no network traffic indicator.
Tabulation, weighting, derives, sig tests — all on your machine.

What touches the network, and when

  • Local files. Nothing leaves your browser. The whole tabulation surface works offline once Recense is loaded.
  • Cloud projects. If you choose to save a project to the cloud, the bytes are encrypted on your machine with AES-256-GCM before upload. By default (convenience mode) Recense can technically decrypt them to run cloud features; switch on zero-knowledge mode in settings and the keys are wrapped under a passphrase only you hold, after which Recense cannot.
  • Cloud datasets. Same model — client-side encryption before upload, plus the minimum catalogue metadata needed to organise the library. The convenience-vs-zero-knowledge choice applies here too.
  • Hosted compute (enterprise). A separate mode for datasets your organisation explicitly publishes. Not the default, and not on by accident.
A cloud project sync dialog showing client-side encryption before upload.
Cloud is opt-in. Bytes are encrypted on your machine before they leave it.

How AI is wired up

  • Bring your own key. Conversations go directly from your browser to your chosen provider (Anthropic, OpenAI, Google, Fireworks). Recense never sees them. Keys are stored locally and never transmitted.
  • Built-in agent. Conversation messages are proxied to the selected provider. Recense stores no conversation text on its own servers — only per-request metadata (user, model, token counts) for billing and abuse detection. Once the provider has the messages, their retention terms apply: with OpenAI the request is retained on OpenAI's side for abuse monitoring (their standard API window, currently up to about 30 days) and prompt-cache content for up to 24 hours; Anthropic and Google process each turn statelessly with no server-side conversation storage; Fireworks is zero-retention by default.
  • No model training on your data. None of the providers we route to (Anthropic, OpenAI, Google, Fireworks) train on API data by default, and we don't direct them to. We don't use your data or conversations to train models either.
The provider key configuration screen for Anthropic, OpenAI, Google, and Fireworks.
Bring your own key, or use the managed agent. Recense stores no conversation text — provider-side retention varies.

What we don't do

  • No third-party analytics or tracking pixels on the product.
  • No selling, renting, or sharing of customer data.
  • No remote raw-data access path in the hosted product.
  • No AI conversation text stored on Recense servers. Provider-side retention varies — see above.
A concise list of practices Recense doesn't engage in: tracking, data sales, server-side storage of AI conversation text.
Things absent from the product, by design.

For procurement and InfoSec

The detailed security page covers encryption layers, sub-processors and their compliance posture, account data handling, error tracking, GDPR posture, and responsible disclosure.

Read the full security page →

Try Recense without uploading anything

The free tier works on local files. No upload, no card, no sales call.