Security & Privacy
Your Data Never Leaves
Your Building.
Primary is built on a simple principle: your data is yours. Not ours. Not anyone else's. The architecture makes this a physical guarantee, not just a policy.
Security Architecture
Local-First Architecture
Primary runs entirely on Apple hardware in your office. AI processing, data storage, and all operations happen locally. No cloud dependency for core functionality.
Network Isolation
Every Primary system includes a Ubiquiti Cloud Gateway Firewall. The system is network-isolated and does not initiate outbound connections by default.
Physical Data Sovereignty
Your data physically cannot leave your premises. This is not a software restriction — it is an architectural guarantee. We cannot access your data even if we wanted to.
Encrypted at Rest
All data stored on the Primary system is encrypted using Apple's built-in FileVault full-disk encryption with hardware-accelerated AES.
Automatic Updates
Security patches and software updates are deployed automatically through the service plan. Your system stays current without manual intervention.
Remote Monitoring
System health monitoring (uptime, hardware status, update status) is performed remotely as part of the service plan. This monitoring does not access your data or conversations.
Data Flow
You send a message
Via iMessage, WhatsApp, Signal, Telegram, Discord, Slack, or web portal
Primary processes locally
AI processing happens on the Apple hardware in your office. Nothing leaves your network.
Primary takes action
Emails, scheduling, research, documents — all processed and stored locally.
You get the results
Responses sent back through your chosen channel. Full activity timeline available in your portal.
Note on channel encryption: Only the web portal at app.primary.net provides end-to-end encryption fully controlled by Primary. When communicating via iMessage, WhatsApp, Signal, Telegram, Discord, or Slack, message encryption is governed by each platform's own protocols and policies, which Primary does not control. For the highest level of communication security, we recommend using the web portal.
Compliance
HIPAA
Local processing and data storage means PHI never leaves your facility. No BAA needed with Primary because your data never touches our systems.
SOC 2
The local-first architecture simplifies SOC 2 compliance. Your data stays within your existing security perimeter.
GDPR
Data residency is guaranteed because your data physically resides on hardware you control. No cross-border data transfer concerns.
Attorney-Client Privilege
Legal communications processed by Primary never leave your premises. No third-party access, no cloud storage, no privilege risks.