Verifying Tholos AI is truly offline (for IT & compliance)
This article is for the people who have to sign off on new software — IT, security, compliance, and procurement. Tholos AI’s privacy claim is that confidential content never leaves the device. You don’t have to take that on faith; below is exactly what network activity to expect and how to verify it yourself before approving it.
What network activity actually exists
Tholos AI has no general-purpose network stack. It reaches the network in only three situations — all optional or one-time, and none of them contain your documents, prompts, or outputs:
| When | What’s sent | Avoidable? |
|---|---|---|
| Model download (you initiate) | A request to a public model source; the file is verified against a SHA-256 hash before loading | Yes — install models manually for an air-gapped setup |
| Model-catalog check (optional) | “What models are available?” — no user data, no document content, no cookies, no hardware fingerprint | Yes — disable it in Settings |
| License activation (one-time) | The license key and a device-fingerprint hash — never documents, prompts, or outputs | Required once; no periodic phone-home afterward |
During actual work — chat, Q&A, summarization, redaction, translation, transcription, OCR — there is zero outbound traffic. The embedded UI layer is configured to block all external requests, so the interface physically cannot phone home, and there is no analytics, crash reporting, or usage tracking of any kind.
How to verify it yourself
- Cut the network. Download your models, then disconnect (or block the app at the firewall) and run every workflow end to end. Everything keeps working.
- Watch the traffic. While processing a document, observe the app in a network monitor — Resource Monitor / Activity Monitor, or a packet/egress tool like Wireshark, Little Snitch, or your endpoint firewall. You should see no outbound connections from the application.
- Silence the optional call. Disable the model-catalog check in Settings for a fully quiet install, and confirm with the monitor that nothing reaches out.
- Watch the badge. The “Fully Offline” indicator stays visible throughout processing.
Where data lives
- Standard, inspectable folders. Sessions, indexes, settings, and models live in normal user-accessible directories you can audit, back up, or delete — no hidden or obfuscated paths.
- No proprietary lock-in encryption. Your files aren’t wrapped in app-level encryption you can’t escape; use your organization’s disk encryption, which protects everything uniformly.
- Open-weight, verified models. Models are published open-source models under their real names, each checked against its SHA-256 hash before loading.
Deploying in a controlled environment
- Air-gapped install. Copy the installer and model files onto the machine by USB or network share — no internet is ever required to install or run. See Bring your own GGUF model.
- Central seat management (Business). Volume keys let IT assign and reassign seats centrally instead of per-machine self-service.
- Local API stays local. If you enable the local API, it serves on localhost with no outbound path.
- Licensing. Activation is one-time; verification is local thereafter, with a 24-hour grace window so a network hiccup never locks a user out mid-work. See Activating, transferring, and managing your license.
Compliance posture
Because content never leaves the device, Tholos AI keeps regulated and privileged material — data under GDPR, HIPAA, attorney-client privilege, or financial-confidentiality obligations — inside your existing controlled environment. There is no new external sub-processor to assess and no data-processing agreement to negotiate for the AI processing itself; the data stays subject to the same controls (disk encryption, access policy, retention) as the rest of your endpoints.