Security & Confidentiality
How LEMIA protects your files, in concrete terms.
You do not need to be an IT specialist to understand what protects your files. This page explains the measures — the what and the why, in plain words. We describe what each protection does, without going into the detail of its inner workings. The purely legal overview lives on the page “What LEMIA protects”.
The principle, in one sentence
Your work stays under your control, end to end
LEMIA is software that runs on your own computer. The AI's work is entrusted, without exception, to an operator in Switzerland; the software publisher never sees your texts; and nothing is saved into your files or sent without you having said yes. Each measure below is simply a concrete way of keeping these three commitments.
The measures, in plain words
What each protection does
Each card describes a protection that LEMIA is designed to provide — a best-efforts obligation, not a promise of results. We tell you what it prevents, not the recipe that makes it hold.
Everything happens on your own computer
Your files do not go “into the cloud” of the publisher: it neither hosts them nor reads them. To make the software work, it sees only technical markers — the current step, a few counters — never your texts or your documents.
The agents stay inside the folder you open
The AI can only open the working folder you entrust to it, nothing beyond. And you can designate folders that are made completely unreadable to it: it can neither open them nor even know what they contain.
Everything goes through Switzerland, by design
AI processing is entrusted to a Swiss operator, not subject to US law — for text as well as for your images and scanned documents. And the tools through which the AI could go and query a service abroad are cut off.
A buffer zone before your real files
The documents produced by the AI are first prepared in a holding area, kept apart. Nothing enters your real files until you have approved; only the documents you keep are copied there.
Nothing is written or sent without your approval
No email, no external action is triggered on your behalf. Every send is presented to you with its content displayed before your eyes, for your approval. A send remains your decision, exactly as if you had written it yourself.
Your access keys in an encrypted vault
The keys that give access to the AI are kept in an encrypted vault on your machine. They are never exported, never displayed in plain text, never sent to the publisher.
Encrypted logs, kept to a minimum
LEMIA keeps a technical record of its actions so that you can check what happened. These logs are encrypted and deliberately sparse: no content and no file names appear in them.
Protection in several layers
Security does not rest on a single setting one might forget to switch on. If one protection were to weaken, another blocks in its place. And by default, when in doubt, the system refuses rather than opens.
In one diagram
Several layers between the world and your files
The measures above interlock: to reach your files, each of these layers would have to be crossed — and if one weakens, the next blocks.
The buffer zone, step by step
Two possible outcomes — and only one writes to your files
Everything the agents produce waits in the buffer zone. Your decision is the only path to your files: a refusal writes nothing, anywhere.
Legal grounding
Measures that follow Swiss law
Each protection answers an obligation of the Swiss data protection act (LPD): data security (Art. 8 LPD) and the preservation of human approval, rather than an “exclusively automated” decision (Art. 21 LPD). The full legal overview — professional secrecy by profession and the Swiss Federal Act on Data Protection (nFADP) — lives on the page “What LEMIA protects”.
Verifiable guarantees
Every promise has its clause, and its proof
We do not ask you to take our word for it: every commitment below is written into our Terms of Use — and therefore enforceable — and corresponds to a mechanism of the product that you can see for yourself by having it demonstrated.
Content never read by the publisher
Committed: Terms of Use Art. 4.2 and 11.2 — the publisher receives neither your documents nor the content produced. Verifiable: the software runs on your own computer; only technical markers (steps, counters) exist on the publisher's side, never a text.
Swiss operator, by architecture
Committed: Terms of Use Art. 4.3 — the elements needed for processing are transmitted only to the Swiss AI provider. Verifiable: no setting, no menu allows your data to be sent to an AI outside Switzerland — the restriction is in the structure of the software, not in an option. The only other possibility is a model run locally on your own computer, offline, with no network egress whatsoever.
Mandatory human approval
Committed: Terms of Use Art. 4.4 — no write and no send without your explicit approval. Verifiable: deliverables wait in a transit area, and every send is presented to you with the content displayed — try it, nothing goes out on its own.
Forbidden folders, genuinely unreadable
Committed: a documented product feature (the Compliance space). Verifiable: place a folder on the red list, then ask the AI to read it — it can neither open it nor list its contents.
Register and compliance file
Committed: processing logs (Art. 4 OPDo, the Swiss data protection ordinance) kept for at least one year. Verifiable: the Compliance space exports, in one click, a dated file ready to be presented to the FDPIC (the Swiss data protection authority) or to your counsel.
Transparency about AI
Committed: Terms of Use Art. 8 — content is generated by AI systems, may contain errors and does not constitute professional advice. Verifiable: the information appears in the interface itself, not only in the contract.
What we do not claim
Trust is also earned by stating the limits
Our measures are best-efforts obligations, not a guarantee of invulnerability: no system is “100% tamper-proof”. Legal compliance also depends on the data processing agreement and on your own situation: you remain responsible for your data, and your external sends remain your decision. We do not claim to be “compliant by construction”.
A question about these measures?
We are glad to answer, in detail, anything that touches on the protection of your files.