AI & Privacy¶
Telbox is end-to-end encrypted and AI-native. Those two facts are reconciled by a simple, explicit model: transport is always encrypted; AI is opt-in and decrypts server-side in an isolated worker; no tier trains on your data.
The three modes¶
| Mode | Transport | AI processing |
|---|---|---|
| AI off | E2E encrypted | None — pure E2E, server sees ciphertext only. |
| AI on (any tier) | E2E encrypted | Worker decrypts in-process, calls a no-train model endpoint, re-seals. |
There is no "trainable" mode. Every tier — free and paid — routes through the same no-train endpoint. The tier gates cost (see quotas), not privacy.
Consent¶
AI processing requires explicit consent. Until the user accepts it, AI calls return:
Record consent via POST /v1/me/consent. After that, AI endpoints work subject
to quota. See Errors.
What the AI endpoints do¶
| Endpoint | What it does |
|---|---|
POST /v1/messages/{id}/insights |
Run the extract / summarize / suggested-replies stages for a message. |
POST /v1/messages/{id}/translate-stream |
Stream a translation of a transcript (SSE). |
POST /v1/ask, /v1/ask/stream |
Ask-anything over your own history (RAG). |
POST /v1/ai/ask-by-voice |
Ask, but with a voice-note question. |
POST /v1/ai/thread-assistant |
In-thread private helper, scoped to the active thread. |
POST /v1/threads/{id}/assistant-invocations |
Delegated personal assistant acting as you. |
Ask (RAG)¶
POST /v1/ask answers natural-language questions grounded in the caller's own
messages, calls, people, and memory. /v1/ask/stream streams the answer
token-by-token and may surface a confirm card for any write action the
agent proposes — redeem it at POST /v1/agent/confirm-action (or decline with
/v1/agent/deny-action). This human-in-the-loop step means the agent never
performs a write without explicit confirmation.
The privacy gates (server-side)¶
Every AI call passes through the same gates, in order, before any model is invoked:
flowchart LR
A[AI call] --> B{Consent given?}
B -- no --> E1[403 ai_processing_consent_required]
B -- yes --> C{Free-tier feature<br/>quota left?}
C -- no --> E2[429 ai_quota_exceeded_*]
C -- yes --> D{Under dollar<br/>backstop?}
D -- no --> E3[402 ai_budget_exceeded]
D -- yes --> M[Invoke no-train model]Internal/employee accounts bypass the gates; paid tiers skip the quota and dollar gates. A robust client handles all three terminal states — see Errors.
Data handling summary¶
- Storage: the server persists ciphertext only for messages and call media.
- Processing: when AI is enabled, the worker decrypts inside the process, calls the model, and discards plaintext after producing the (re-encrypted) result.
- Training: the model endpoint is contractually no-train across all tiers.
- Provenance: AI-generated artifacts can be signed (Ed25519) so a recipient can verify they came from Telbox's pipeline.