AI Text Expanders & Privacy: Why Local AI Matters
Published March 30, 2026
Your text expander sees everything you type. If it uses cloud AI, so does someone else’s server.
Text expanders occupy a unique position in your software stack: they sit between your keyboard and every text field you use. Email drafts, Slack messages, medical notes, legal filings, customer data - your text expander sees all of it. When that tool adds AI-powered rewriting or suggestions, the privacy stakes multiply.
Most AI text expanders route your content through cloud APIs - OpenAI, Google, or proprietary servers. That means your keystrokes leave your device, travel across the internet, and land on infrastructure you don’t control. For individuals, that’s uncomfortable. For regulated industries, it can be illegal.
Real-World AI Privacy Incidents
Samsung - Trade Secrets Leaked via ChatGPT (2023)
Samsung engineers pasted proprietary source code and internal meeting notes into ChatGPT. The data entered OpenAI’s training pipeline. Samsung responded by restricting generative AI use, initially limiting prompt uploads and later building its own internal AI tools with guardrails. The incident demonstrated that even sophisticated technical users underestimate where cloud AI data ends up.
Italy - ChatGPT Banned, €15M Fine Issued (2023–2024)
Italy’s data protection authority (Garante) temporarily banned ChatGPT over GDPR violations in 2023, citing unlawful collection of personal data used for model training. OpenAI was required to implement age verification and provide opt-out mechanisms before service resumed. In December 2024, the Garante formally imposed a €15 million fine. The case demonstrated that regulators treat cloud AI data handling as a serious compliance risk with real financial consequences.
Attorney-Client Privilege - US v. Heppner (2026)
A federal court ruled that documents prepared using a cloud AI tool were never protected by attorney-client privilege. The defendant used an AI chatbot to draft materials before sending them to his lawyer, but the court found that sharing content with a third-party AI platform - whose privacy policy permitted data collection - destroyed any reasonable expectation of confidentiality. For anyone using AI text expanders that route through cloud APIs, the implication is clear: data shared with cloud AI may not be treated as confidential by courts.
Who Should Care Most
Any professional handling sensitive text has elevated risk, but three groups face explicit regulatory exposure:
- Healthcare (HIPAA): The HIPAA Security Rule requires covered entities to ensure that electronic protected health information (ePHI) is not transmitted to unauthorized parties. A cloud AI text expander processing patient names, diagnoses, or treatment notes sends ePHI to a third-party processor - requiring a Business Associate Agreement at minimum, and raising questions about whether the data use qualifies as treatment, payment, or operations.
- Legal (privilege & ethics rules): ABA Model Rule 1.6 requires lawyers to make “reasonable efforts” to prevent unauthorized disclosure of client information. After US v. Heppner, routing client data through cloud AI is increasingly viewed as unreasonable.
- Finance (SOX, PCI-DSS, internal policy): Financial institutions routinely prohibit sending customer data to external services. A text expander with cloud AI that processes account numbers, transaction details, or internal communications violates most infosec policies.
The Solution: Local AI Models
Local AI eliminates the problem at the architecture level. Instead of sending text to a remote server, a local model runs on your own hardware. Your data never leaves your device.
How Local AI Works
Ollama and LM Studio are tools that run large language models locally on your Mac, Windows, or Linux machine. They support hundreds of open models including Llama 3, Mistral, Gemma, and Phi. Once installed, they run entirely offline - no internet connection required, no API keys, no accounts, no telemetry.
- Hardware: A 7B-parameter model (sufficient for rewriting and summarization) runs on 8 GB of RAM. A 13B model needs ~16 GB. Most modern laptops qualify.
- Speed: On Apple Silicon, expect 20–40 tokens/second for 7B models - fast enough for real-time text rewriting.
- Privacy: Zero network calls. Your text stays in local memory and is discarded after inference.
How Makro Implements Private AI
Makro is a text expander for Chrome and Firefox that offers two AI options:
- Ollama or LM Studio (local, free): Connect Makro to your local Ollama or LM Studio instance. Text is sent to
localhostfor rewriting - it never reaches the internet. No API key required. Works offline. - Makro Smart Rewrite: Your text is processed by AI running directly on Makro’s own servers - it is never sent to Google, OpenAI, or any third-party AI provider. We use open-weight models (Llama) via Cloudflare Workers AI. No external company ever sees your text, and it is not logged or used for model training.
Critically, Makro includes Sensitive Data Mode - a toggle in settings that blocks all cloud AI requests at the extension level. When enabled, only local AI options (Ollama or LM Studio) are available. There is no way to accidentally send text to a remote server. (Note: Sensitive Data Mode is a privacy convenience feature, not a compliance certification. Consult your compliance officer for regulatory requirements.)
Cloud vs. Local AI: Privacy Comparison
| Factor | Cloud AI | Local AI (Ollama / LM Studio) |
|---|---|---|
| Data leaves device | ✗ Yes (to Makro’s servers only) | ✓ No |
| Third-party logging | ✓ None - AI runs on our own infrastructure | ✓ None |
| Works offline | ✗ No | ✓ Yes |
| Requires API key | ✗ Yes | ✓ No |
| HIPAA-compatible | Requires BAA | Reduces PHI disclosure risk |
| Attorney-client safe | Risky after Heppner | ✓ No disclosure |
| Cost | $5–$20+/mo | Free |
| Model choice | Provider’s models | Hundreds of open models |
How Other Text Expanders Handle AI
Most AI-equipped text expanders use cloud-only architectures:
- TextExpander: Cloud AI features (snippet suggestions, AI-drafted content). All processing is server-side.
- Text Blaze: No AI rewriting or generation features.
- Magical: AI writing is cloud-only, available on paid plans. No local option. No documented encryption of AI prompts.
- Espanso: No AI features built in. Open-source, runs locally, but shell command integrations could theoretically pipe to cloud APIs - user responsibility.
- Makro: Local AI (Ollama / LM Studio) + optional cloud proxy. Sensitive Data Mode blocks cloud AI entirely.
Setting Up Local AI in Makro
- Install Ollama: Download from ollama.com. One-click installer for Mac, Windows, and Linux.
- Pull a model: Run
ollama pull llama3.2in your terminal. The 3B model is ~2 GB and works on most hardware. - Alternatively, use LM Studio: Download LM Studio from lmstudio.ai and install a model from the built-in catalog - no terminal required.
- Configure Makro: Open Makro settings → AI Provider → select Ollama or LM Studio, then choose your model from the dropdown.
- Enable Sensitive Data Mode (optional): Toggle it on to hard-block any cloud AI requests. Only local AI (Ollama or LM Studio) will be available.
- Use it: Select text in any input field, right-click → “Rewrite with AI”, or use the keyboard shortcut. The rewrite happens locally in seconds.
The Bottom Line
AI text expansion is genuinely useful - rewriting, tone adjustment, translation, and summarization save real time. But the implementation matters. Cloud AI is a liability for anyone handling sensitive text. Local AI delivers the same capability with zero data exposure.
If you work in healthcare, law, finance, or any field where confidentiality matters, choose tools that keep your data on your device. Your text expander shouldn’t be the weakest link in your privacy chain.
Related
Try private AI text expansion
Free forever. Local AI via Ollama or LM Studio. AES-256-GCM encryption on every macro.