Privacy Model¶
NVEIL is designed so that raw data never leaves your machine.
What is sent to the server¶
When you call generate_spec(), the SDK sends only metadata:
| Sent | Example |
|---|---|
| Column names | "revenue", "region", "date" |
| Column types | INTEGER, FLOAT, STRING, DATETIME |
| Aggregate statistics | min, max, distinct count, row count |
| Your prompt | "Show revenue by region" |
What stays local¶
| Stays local | Why |
|---|---|
| Raw data values | Never sent — the server only sees aggregate stats |
| DataFrames | Passed by reference to local pipeline and renderer |
| Rendered figures | Generated locally by the dive engine |
.nveil files |
Encrypted locally with AES-256-GCM |
The flow in detail¶
graph TD
A["Your DataFrame"] --> B["SDK: extract metadata"]
B --> C["Metadata + prompt"]
C -->|"sent to server"| D["NVEIL Server"]
D -->|"returns spec"| E["Visualization spec"]
E --> F["SDK: render locally"]
A -->|"stays local"| F
F --> G["Interactive figure"]
style A fill:#2d5,stroke:#fff,color:#fff
style F fill:#2d5,stroke:#fff,color:#fff
style G fill:#2d5,stroke:#fff,color:#fff
style D fill:#d52,stroke:#fff,color:#fffGreen = local. Red = server-side. The data path (green) never crosses to the server.
Encryption¶
.nveil files use proprietary encryption. Their contents are not readable or modifiable outside the SDK.
API communication is encrypted both at the transport layer (HTTPS) and at the application layer (encrypted request/response payloads).