Cleo Family AI
Back to home

Technology

On-device first.
Verifiable always.

Security invariants: Zero-Simulation, ephemeral credentials, callId binding, and function-output integrity.

Architecture

Built for sovereignty.

Personal Cleo 1:1

RACI matrix + JSONB config per family member. Governance is a first-class product, not bolted on.

Deterministic Event Ledger

Every interaction logged with payload hashing. Deterministic event IDs + telemetry binding every provider call to a session ledger.

Direct WebRTC Voice

Realtime voice via direct OpenAI Realtime \u2014 no proxy. Preserves feature parity, latency, and callId telemetry for auditing.

Security invariants

Four commitments that define the product.

Zero-Simulation

UI renders only server-authored events. No optimistic or fake states. If it's on screen, it happened.

Ephemeral Credentials

Client keys minted server-side with \u226460s TTL. callId-bound events, deterministically ledgered.

Tool Integrity

Function outputs must match invocation IDs before next model responses. Every tool call is verified.

callId Binding

Strict enforcement across every cloud burst. No anonymous operations. Every action is attributable and auditable.

Trust layer

Trusted Family Mesh.

Verification Rituals

  • Passkey and voiceprint rituals for identity verification
  • Pickup and emergency flows with practiced protocols
  • VC-backed attestations for skills and roles
  • Offline emergency drills — works without internet

Audit & Custody

  • Deterministic hashing and event lineage
  • Exportable verifiable credentials (PDL-02)
  • Clear exit modes with full data portability
  • Lock-in is a policy choice, not a technical limitation

Families can export their ledger and verifiable credentials at any time. The system is designed for sovereignty first.

Model strategy

How Cleo thinks.

Convergent Tutor Swarm

Specialist models coordinating for consistent instruction. Not one model doing everything \u2014 a governed ensemble that converges on the right approach.

Governed Tool Use

Function output attestation ensures every tool call is verified before the model proceeds. No unchecked autonomy.

Measurable Telemetry

Every model interaction produces telemetry that maps to measurable outcomes and safety metrics. Not just logging \u2014 proof.

Architecture choices are driven by the security invariants — Zero-Simulation UX, deterministic event IDs, and telemetry binding every provider call to a session ledger.

On-device-first doesn’t mean isolation. We verify every cloud burst and expose Proofs of Understanding (PoU) so a hostile reviewer can reconstruct the logic path, not just read a slide.

Read the adjacent-domain researchSee the investor thesis + market sizing

Founding cohort

Join the founding cohort.

5–10 families form the first measurable pilots. Weekly instrumentation, white-glove install, and access to the research team.

We review every submission personally and reply within a few working days.

Your information is used only to evaluate fit. We don’t sell or share it.