Nowhere. It stays on your server.
When you type a prompt, upload a document, or ask the AI a question, that data is processed entirely by the AI model running on your own server โ the same server sitting in your data centre or server room. It does not travel to OpenAI, Anthropic, Google, or any other company. It does not touch the internet. The AI model itself is stored locally and runs locally.
This is fundamentally different from consumer AI tools like ChatGPT or Gemini, where every message you send is transmitted to and processed by a third-party cloud. With Nexus One AI, the only network involved is your internal network.
Fully self-contained system
Every component โ the AI model, the chat interface, the document database, the API โ is installed on your server before deployment. Nothing is fetched from the internet at runtime. The system can operate in a facility with no external network connection whatsoever.
Models run on your GPU
The AI inference (the process of generating a response) happens on the NVIDIA GPU installed in your server. The model weights โ the "brain" of the AI โ never leave your hardware. You own the compute, you own the process.
Documents stored in your database
When you upload documents for AI analysis, they are stored in ChromaDB running on your server. Document contents, embeddings, and query results all remain within your infrastructure. Uploading a tender document to the AI is no different from saving it to a local file server โ it doesn't go anywhere external.
No telemetry or usage reporting
Nexus One AI does not collect usage statistics, prompt logs, or analytics and send them anywhere. There is no "phone home" behaviour. Cezen does not have visibility into what prompts you run, what documents you upload, or what responses the AI gives your staff.
Open-source models with known weights
The AI models used (Llama 3.1, Mistral, Gemma, and others) are open-source models with publicly auditable weights. There are no hidden backdoors or proprietary model components โ the model files are inspectable by your security team.
Network access is internal-only
The system is configured to be accessible only within your organisation's internal network (LAN). Access from outside your network requires your own VPN or jump server โ Nexus One AI does not expose any service to the public internet by default.
Classified and restricted documents
You can use the AI to analyse documents at your organisation's classification level, as long as the server itself is appropriately secured and network-isolated for that classification. The AI processing does not introduce any new data pathway that wasn't already present on your network.
Personally identifiable information (PII)
Employee records, citizen data, and other PII can be processed without the risk of inadvertent disclosure to a third-party AI provider. Data handling obligations under your jurisdiction's privacy legislation remain manageable because all processing is internal.
Procurement and tender information
Commercially sensitive tender documents, vendor proposals, and contract terms can be analysed by the AI without any risk of exposure to competitors or external parties โ a critical requirement when dealing with active procurement processes.
Legal and compliance documents
Legal advice, audit findings, compliance assessments, and investigation records can be processed safely. Attorney-client privilege and regulatory confidentiality requirements are not compromised by AI usage because there is no third-party involved in the processing.
Individual user accounts
Each staff member accesses Open WebUI with their own username and password. Accounts are created and managed by your system administrator. There is no shared login โ every session is tied to a specific user.
Conversation isolation
Each user's conversation history is private to their account by default. Staff cannot see each other's chats or the documents others have uploaded. Administrators can configure shared spaces where needed.
Administrator control
Your designated system administrator has full control over user accounts โ they can create, disable, or delete accounts at any time. When a staff member leaves, their account and conversation history can be removed immediately.
Network-level restriction
The system is accessible only from devices on your internal network. Staff cannot access the AI system from personal devices on home internet unless your IT team explicitly enables this through your own VPN infrastructure.
| Question | โ Nexus One AI (On-Premises) | โ ๏ธ Cloud AI (ChatGPT, Gemini, etc.) |
|---|---|---|
| Where is my data processed? | On your own server, on your premises | On third-party cloud servers overseas |
| Does the AI provider see my prompts? | No โ Cezen has no access to your usage | Yes โ provider receives and logs all input |
| Can I use it without internet? | Yes โ fully air-gapped capable | No โ requires internet connection |
| Is my data used to train future models? | No โ data never leaves your network | Depends on provider terms; often yes by default |
| Who controls user access? | Your organisation's IT administrator | Each user manages their own account |
| Where are documents stored after upload? | In your local ChromaDB database | On provider's cloud storage |
| Suitable for restricted/classified work? | Yes, subject to your network classification | No โ data leaves your security perimeter |
| Compliant with data residency requirements? | Yes โ data never crosses borders | Varies โ data may be stored internationally |
Use your own account
Never share your Open WebUI login with colleagues. Each person should have their own account. This ensures conversation history is private and access can be individually revoked when needed.
Lock your screen
The AI chat interface runs in a browser. Lock your computer when stepping away to prevent others from reading your conversation history or uploading documents under your account.
Log out when done (shared workstations)
On shared workstations, always log out of Open WebUI when you are done. Your conversation history, including any documents you have discussed, remains visible until you log out.
Report unusual behaviour
If the AI behaves unexpectedly, produces outputs that seem wrong, or if you notice anything unusual about the system, report it to your administrator. Don't share the output externally until the issue is understood.
Security questions or concerns?
If your organisation's security team needs technical documentation, architecture diagrams, or a briefing on the system's security posture, contact Cezen support.
Contact Cezen Support