Feature
Privacy and architecture
Recense is local-first by design. Tabulation runs in your browser. Cloud features are an opt-in, encrypted on your machine before they leave it. The architecture is the privacy story — not a policy page on top of a default-cloud product.
Where computation runs
The Recense engine is compiled from Rust to WebAssembly and runs in your browser. When you open a local SPSS file, the bytes are read by your browser, parsed in WASM, and held in your browser's memory and IndexedDB. Tabulation, derived variables, weighting, and significance testing all happen on your machine. No data is sent to a Recense server for any of this.
The engine is closed-source today, but the entire compute path is
client-side: the WASM that runs in your browser is the
implementation, and tabs like /verify let you confirm
no analysis data leaves the device. Open-sourcing the engine is on
the post-launch roadmap.
What touches the network, and when
- Local files. Nothing leaves your browser. The whole tabulation surface works offline once Recense is loaded.
- Cloud projects. If you choose to save a project to the cloud, the bytes are encrypted on your machine with AES-256-GCM before upload. By default (convenience mode) Recense can technically decrypt them to run cloud features; switch on zero-knowledge mode in settings and the keys are wrapped under a passphrase only you hold, after which Recense cannot.
- Cloud datasets. Same model — client-side encryption before upload, plus the minimum catalogue metadata needed to organise the library. The convenience-vs-zero-knowledge choice applies here too.
- Hosted compute (enterprise). A separate mode for datasets your organisation explicitly publishes. Not the default, and not on by accident.
How AI is wired up
- Bring your own key. Conversations go directly from your browser to your chosen provider (Anthropic, OpenAI, Google, Fireworks). Recense never sees them. Keys are stored locally and never transmitted.
- Built-in agent. Conversation messages are proxied to the selected provider. Recense stores no conversation text on its own servers — only per-request metadata (user, model, token counts) for billing and abuse detection. Once the provider has the messages, their retention terms apply: with OpenAI the request is retained on OpenAI's side for abuse monitoring (their standard API window, currently up to about 30 days) and prompt-cache content for up to 24 hours; Anthropic and Google process each turn statelessly with no server-side conversation storage; Fireworks is zero-retention by default.
- No model training on your data. None of the providers we route to (Anthropic, OpenAI, Google, Fireworks) train on API data by default, and we don't direct them to. We don't use your data or conversations to train models either.
What we don't do
- No third-party analytics or tracking pixels on the product.
- No selling, renting, or sharing of customer data.
- No remote raw-data access path in the hosted product.
- No AI conversation text stored on Recense servers. Provider-side retention varies — see above.
For procurement and InfoSec
The detailed security page covers encryption layers, sub-processors and their compliance posture, account data handling, error tracking, GDPR posture, and responsible disclosure.
Try Recense without uploading anything
The free tier works on local files. No upload, no card, no sales call.