Privacy-Preserving AI
Bringing AI into encrypted conversations without breaking user trust.
Senior Design Director
·
·
2024–2026
Launched the first privacy-preserving AI features on WhatsApp (message summaries, writing help, and Incognito Chat), built on Private Processing, with the architecture published publicly.
Problem
WhatsApp’s promise is encryption: people trust it because messages stay private. As Meta AI expanded, the central question became how to bring AI features that process message content into an encrypted app. AI needs data access; WhatsApp guarantees that no one, including Meta, can read messages. The two seemed mutually exclusive. Trusted Execution Environments offered a partial technical path, but there was also real brand risk: people saw ‘AI’ and ‘privacy’ as contradictory, so the tension had to be resolved through the experience, not just the architecture.
Approach
The key framing decision was to position AI as tools that work for the user’s messages, not features that access them. I sequenced launches to build trust incrementally, and treated published transparency as a trust mechanism.
Process
Strategy definition
Defined which AI experiences could work within TEE constraints, what capabilities needed building, and how to sequence launches. Presented the strategy in CEO review, securing support to build the Private Processing prototype on the strength of the product vision.
First launches (2025)
Shipped unread-message summaries and writing help, both process data in a TEE, return a result, and retain nothing. The engineering architecture was published publicly, making transparency part of the product.
System building
Created the visual design language for Private Processing, led naming and positioning, and defined the design criteria for what qualifies as ‘private’: no data retention, TEE processing, user-initiated, transparent disclosure. Aligned the roadmap toward the 2026 launch.
Incognito Chat (2026)
Incognito Chat: a fully private way to chat with AI on TEE infrastructure. Messages are processed but not stored, no training on conversation content, with audit mechanisms for verification.
Outcome
Users found the privacy framing reassuring rather than alarming. The launch was covered by 200+ global press outlets, and the work helped establish WhatsApp’s approach to privacy-preserving AI.
Lessons
How a capability is presented matters as much as the capability. Processing message content reads as invasive or helpful depending on framing, so positioning and transparency were as important as the product work.