Is Apple Intelligence Private? What Leaves Your Device
Mostly yes: Apple Intelligence runs on-device or via Private Cloud Compute, which keeps no data. But the opt-in ChatGPT integration sends data to OpenAI.
Mostly yes, but with limits worth understanding. Apple Intelligence is built for privacy: many tasks are handled directly on your iPhone, iPad or Mac, with data never leaving the device. For heavier requests, Apple uses Private Cloud Compute (PCC), Apple Silicon servers that don't retain your data and whose code researchers can verify. The key nuance: the ChatGPT integration is a separate, opt-in option — once enabled and invoked, your request leaves the Apple ecosystem and goes to OpenAI. So “private” applies to the core of Apple Intelligence, not automatically to everything that passes through a third-party service.
On-device first: the heart of the promise
The base principle of Apple Intelligence is on-device processing: when the needed model fits on the device, the task runs locally and the data goes nowhere. Apple cites examples like summarizing emails, messages and notifications. That's the bulk of the answer to “is Apple Intelligence private?”: by design, a large share of processing never leaves the iPhone, iPad or Mac. The less data moves, the less it's exposed — exactly the right instinct.
When a request exceeds what the device can handle alone, Apple Intelligence falls back to Private Cloud Compute rather than an opaque cloud. Apple sends PCC only the data relevant to the request, and states that this data is neither retained nor accessible to Apple — including its own staff with administrative access. Processing is “stateless”: once the request is handled, the user data is deleted.
Private Cloud Compute: why it's verifiable
PCC runs on Apple Silicon servers with a hardened OS derived from iOS/macOS, relying on the Secure Enclave and Secure Boot. Encryption keys are regenerated at every restart and not persisted: a simple reboot cryptographically erases the data. The system is also designed to contain no privileged interfaces — no remote shell, no interactive debugging tools — that would let anyone bypass these guarantees.
What sets PCC apart is its verifiability, and that's what distinguishes it from a marketing pledge. Apple publishes the software images of every production build for inspection, keeps an append-only transparency log of code measurements, open-sources key security components, and provides a Virtual Research Environment that lets researchers run a PCC node in a virtual machine to examine it. Through cryptographic attestation, you can verify that the production system genuinely matches the published software.
The ChatGPT integration: where data leaves
The ChatGPT (OpenAI) integration in iOS, iPadOS and macOS is distinct from Apple Intelligence and is not on by default. It's an opt-in extension you have to enable, and the user is prompted — a confirmation request — before any information (a question, a document or a photo) is sent to ChatGPT. That's the decisive nuance: for whatever passes through ChatGPT, the data leaves the Apple ecosystem and its on-device/PCC guarantees.
From there, it all depends on how you use the extension. Used without being signed in to an OpenAI account, Apple states that your IP address is obscured from ChatGPT, and that OpenAI must process the request only to answer it, without retaining the request or responses (unless legally required) and without using them to train its models. This safeguard applies only to that anonymous use via the Apple integration.
As soon as you sign in with a ChatGPT account, Apple notes that your ChatGPT account settings and OpenAI's privacy policy apply: OpenAI may then log the request, attachments and session history, and use that data to train or improve its models. The enhanced protections fall away. For the detail of OpenAI's rules in this context, see “OpenAI Help Center — How your data is handled when you use ChatGPT through Apple's integrations,” Apple's “Apple Intelligence & Privacy” page, and “Apple Support — Use ChatGPT with Apple Intelligence on iPhone.”
| Data path | Where it goes | What it implies |
|---|---|---|
| On-device task | Stays on the device | Never leaves the iPhone/iPad/Mac |
| Heavy request via PCC | Apple Silicon servers | Not retained, not accessible to Apple, code verifiable |
| ChatGPT without OpenAI account | OpenAI (IP obscured) | Not retained, no training — per Apple |
| ChatGPT with account signed in | OpenAI (OpenAI policy) | May be logged and used for training |
“Private” has limits: the right instinct
Let's be honest: Apple is ahead on consumer AI privacy, with local processing, a verifiable PCC and an opt-in, transparent third-party integration. That's still no reason to entrust it with any secret without thought. “Private” has precise limits, which surface mostly the moment you switch to signed-in ChatGPT or third-party apps: there, the guarantee no longer depends on Apple, but on what the third party does.
- On-device and PCC: data stays protected by design, with no action on your part.
- Opt-in ChatGPT without an OpenAI account: enhanced protections, but the data still leaves Apple.
- Signed-in ChatGPT or third-party apps: the third party's policy applies — that's where to be careful.
The guiding principle to remember is simple, and perfectly aligned with an anonymization layer: the less data leaves the device, the better. Apple's on-device-then-PCC approach embodies this philosophy. But the moment data goes out to a third-party service, anonymizing the content upstream remains the safest way to avoid pouring secrets into it.
- 1Favor on-device and PCC features for sensitive tasks: the data stays protected by default.
- 2If you enable ChatGPT, stay signed out of an OpenAI account to benefit from the obscured IP and no retention.
- 3For anything that goes out to ChatGPT or third-party apps, remove identities, identifiers and secrets before sending.
That's exactly what ONYRI Sanitize is for. The engine replaces sensitive data with reversible tokens before sending; detection and the token↔value mapping stay in your browser, and only anonymized text reaches the model. Whether the request stays on the device, passes through Private Cloud Compute or switches to ChatGPT, the third party only finds tokens — not your real information.
Frequently asked questions
- Is Apple Intelligence private?
- Largely, yes: many tasks are processed on the device and never leave it, and heavier requests go through Private Cloud Compute, which doesn't retain data, isn't accessible to Apple and whose code researchers can verify. The limit comes from the ChatGPT integration, which is opt-in: once enabled and invoked, the data leaves the Apple ecosystem.
- Does Apple's ChatGPT integration send my data to OpenAI?
- Yes, but only if you enable it (it's opt-in) and after a confirmation. Without a signed-in OpenAI account, Apple says your IP is obscured and OpenAI does not retain requests or use them for training. Signed in to a ChatGPT account, OpenAI's settings apply instead: the request can be logged and used for training.
- What is Private Cloud Compute and why treat it as private?
- Private Cloud Compute (PCC) is the Apple Silicon infrastructure used when a request exceeds the device. Apple sends it only the relevant data, doesn't retain it (stateless processing) and can't access it. Its distinctive feature is verifiability: published build code, a transparency log and a research environment let researchers check these claims.
Sources & references
- Apple Security Research: Private Cloud Compute architecture and verifiability (stateless processing, hardware guarantees, research environment to verify the claims) — Apple Security Research
- Apple legal page: ChatGPT extension privacy (opt-in, IP obscured, OpenAI doesn't retain requests off-account, switch if signed in to a ChatGPT account) — Apple
- Apple opens Private Cloud Compute source code to researchers and publishes a virtual research environment to audit the AI cloud's security — The Hacker News
Keep your sensitive data in your browser
ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.
Anonymize my prompt