Security & Confidentiality

How LEMIA protects your files, in concrete terms.

You do not need to be an IT specialist to understand what protects your files. This page explains the measures — the what and the why, in plain words. We describe what each protection does, without going into the detail of its inner workings. The purely legal overview lives on the page “What LEMIA protects”.


The principle, in one sentence

Your work stays under your control, end to end

LEMIA is software that runs on your own computer. The AI's work is entrusted, without exception, to an operator in Switzerland; the software publisher never sees your texts; and nothing is saved into your files or sent without you having said yes. Each measure below is simply a concrete way of keeping these three commitments.

The measures, in plain words

What each protection does

Each card describes a protection that LEMIA is designed to provide — a best-efforts obligation, not a promise of results. We tell you what it prevents, not the recipe that makes it hold.

Everything happens on your own computer

Your files do not go “into the cloud” of the publisher: it neither hosts them nor reads them. To make the software work, it sees only technical markers — the current step, a few counters — never your texts or your documents.

The agents stay inside the folder you open

The AI can only open the working folder you entrust to it, nothing beyond. And you can designate folders that are made completely unreadable to it: it can neither open them nor even know what they contain.

Everything goes through Switzerland, by design

AI processing is entrusted to a Swiss operator, not subject to US law — for text as well as for your images and scanned documents. And the tools through which the AI could go and query a service abroad are cut off.

A buffer zone before your real files

The documents produced by the AI are first prepared in a holding area, kept apart. Nothing enters your real files until you have approved; only the documents you keep are copied there.

Nothing is written or sent without your approval

No email, no external action is triggered on your behalf. Every send is presented to you with its content displayed before your eyes, for your approval. A send remains your decision, exactly as if you had written it yourself.

Your access keys in an encrypted vault

The keys that give access to the AI are kept in an encrypted vault on your machine. They are never exported, never displayed in plain text, never sent to the publisher.

Encrypted logs, kept to a minimum

LEMIA keeps a technical record of its actions so that you can check what happened. These logs are encrypted and deliberately sparse: no content and no file names appear in them.

Protection in several layers

Security does not rest on a single setting one might forget to switch on. If one protection were to weaken, another blocks in its place. And by default, when in doubt, the system refuses rather than opens.

In one diagram

Several layers between the world and your files

The measures above interlock: to reach your files, each of these layers would have to be crossed — and if one weakens, the next blocks.

Layered protection, around your files Four layers surround your files: your own computer, with encrypted keys and logs; a perimeter where only the entrusted folder is readable; a buffer zone where deliverables wait; and your approval before any write or send. Your computer — encrypted keys and logs Working perimeter — only the entrusted folder is readable Buffer zone — deliverables wait for your approval Your approval — before any write or send Your files

The buffer zone, step by step

Two possible outcomes — and only one writes to your files

Everything the agents produce waits in the buffer zone. Your decision is the only path to your files: a refusal writes nothing, anywhere.

The buffer zone cycle The agents produce the deliverables in a buffer zone, kept apart from your files. Your decision, with the content displayed, is the only branching point: approving copies the deliverable into your files; refusing leaves no write behind. approve refuse Agents produce the deliverables Buffer zone kept apart from your files, nothing enters it on its own Your decision content displayed Your files copied after your yes Never written a refusal writes nothing

Legal grounding

Measures that follow Swiss law

Each protection answers an obligation of the Swiss data protection act (LPD): data security (Art. 8 LPD) and the preservation of human approval, rather than an “exclusively automated” decision (Art. 21 LPD). The full legal overview — professional secrecy by profession and the Swiss Federal Act on Data Protection (nFADP) — lives on the page “What LEMIA protects”.

Verifiable guarantees

Every promise has its clause, and its proof

We do not ask you to take our word for it: every commitment below is written into our Terms of Use — and therefore enforceable — and corresponds to a mechanism of the product that you can see for yourself by having it demonstrated.

Content never read by the publisher

Committed: Terms of Use Art. 4.2 and 11.2 — the publisher receives neither your documents nor the content produced. Verifiable: the software runs on your own computer; only technical markers (steps, counters) exist on the publisher's side, never a text.

Swiss operator, by architecture

Committed: Terms of Use Art. 4.3 — the elements needed for processing are transmitted only to the Swiss AI provider. Verifiable: no setting, no menu allows your data to be sent to an AI outside Switzerland — the restriction is in the structure of the software, not in an option. The only other possibility is a model run locally on your own computer, offline, with no network egress whatsoever.

Mandatory human approval

Committed: Terms of Use Art. 4.4 — no write and no send without your explicit approval. Verifiable: deliverables wait in a transit area, and every send is presented to you with the content displayed — try it, nothing goes out on its own.

Forbidden folders, genuinely unreadable

Committed: a documented product feature (the Compliance space). Verifiable: place a folder on the red list, then ask the AI to read it — it can neither open it nor list its contents.

Register and compliance file

Committed: processing logs (Art. 4 OPDo, the Swiss data protection ordinance) kept for at least one year. Verifiable: the Compliance space exports, in one click, a dated file ready to be presented to the FDPIC (the Swiss data protection authority) or to your counsel.

Transparency about AI

Committed: Terms of Use Art. 8 — content is generated by AI systems, may contain errors and does not constitute professional advice. Verifiable: the information appears in the interface itself, not only in the contract.

What we do not claim

Trust is also earned by stating the limits

Our measures are best-efforts obligations, not a guarantee of invulnerability: no system is “100% tamper-proof”. Legal compliance also depends on the data processing agreement and on your own situation: you remain responsible for your data, and your external sends remain your decision. We do not claim to be “compliant by construction”.

A question about these measures?

We are glad to answer, in detail, anything that touches on the protection of your files.