Trust-first design • Clear boundaries • Local by default

Trust & Safety

Mira is built to be calm, private, and predictable. That means clear boundaries: what Mira does, what she doesn’t do, and what you control.

Default

Runs locally (offline-first)

Memory

Ask-first saving only

Network

Localhost-only by default

At a glance

🔒

Private by default

No cloud required to use Mira.

🧠

Ask-first memory

Nothing is saved silently.

🧾

Signed packs

Manifest + hash verification.

🛟

Safe Mode

Recovery UX on crash loops.

Mira’s design goal: a tool you can trust for years, not a service that pushes you around.

Core principles

These principles guide how Mira is built and how she behaves.

🌙

Offline-first, local by default

Mira runs on your machine. You should be able to use Mira without a cloud account.

🧠

Ask-first memory

Mira only stores information when you explicitly tell her to. You stay in control.

🧱

Small, auditable runtime

Minimal surface area. Stability and trust outweigh feature count.

🧾

Signed knowledge packs

Packs use manifest + hash verification so tampering is detected and rejected.

🛟

Safe Mode & recovery

If something goes wrong, Mira can enter recovery mode to protect stability.

🧭

Clear boundaries

Day-1 scope is intentionally limited. Mira should be predictable and honest.

What Mira does

Capabilities included in Day-1 scope.

✓ Runs locally (offline-first by default)
✓ Uses a local model runtime (Ollama)
✓ Portrait-based companion UI
✓ Ask-first memory with user control
✓ Local encryption for sensitive state
✓ Signed data packs (manifest + hash)
✓ Safe Mode + recovery UX

What Mira doesn’t do (Day-1)

These are intentionally excluded at launch.

— No cloud memory or sync
— No mobile apps
— No arbitrary file ingestion
— No LAN exposure by default
— No background automation or system control
— No third-party or user-submitted packs
— No image generation at launch

Memory & privacy

Memory is selective, explicit, and user-controlled.

Ask-first saving

Mira does not silently store details about you. If something should be remembered, Mira asks — or you explicitly instruct her to save it.

Three tiers (simple)

Profile (stable preferences), Working (short-term), and Project notebooks (durable). You control what gets stored and where.

Encrypted local storage

Sensitive state is encrypted locally (OS-native encryption). You can view, delete, export, or wipe memory.

🧊

No passwords in memory

Mira should never store passwords, private keys, or highly sensitive secrets. If you ask, Mira will encourage a password manager instead.

Security baseline

Day-1 defaults are designed to be safe and easy to reason about.

127

Localhost-only

Mira binds to 127.0.0.1 by default. LAN access is off by default.

🔑

API key support

Local API calls can be protected with a key (especially for Companion ↔ Server).

🧾

Packs are verified

Signed packs use manifest + hash verification. Tampering is rejected.

🛟

Safe Mode

If repeated boots fail, Mira enters recovery mode so you can safely diagnose.

FAQ

Common questions about trust and safety.

Does Mira require an internet connection?

No. Mira is offline-first and runs locally. Optional online features (if added later) will be clearly labeled and off by default.

Is Mira the AI model?

Mira is the companion interface and system. Responses are generated using a local model runtime (Ollama). We keep this transparent.

Can Mira access my files?

Not on Day-1. Arbitrary file ingestion and file access are intentionally excluded at launch for safety and trust.

Want more detail?

If you have questions about privacy or security, reach out — we’ll be direct.

Contact Download