On-device processing
On-device processing (also called edge or client-side processing) performs analysis on the user's own device rather than sending raw data to a server. For analytics it means deriving a metric, bucket, or summary locally and transmitting only that — or nothing — instead of streaming raw events. It is a data-minimisation pattern, not a legal regime, and underlies techniques like federated analytics. This page is educational.
How it works
Instead of streaming raw clicks, views, or sensor data to a backend, on-device processing runs the logic where the data originates — in the browser, mobile app, or a device's secure enclave. The device computes what is actually needed (a count, a flag, an embedding, a model inference) and either keeps it local or sends only that derived value. Apple's on-device intelligence and many privacy-focused features lean on this so raw signals never leave the device.
Strengths and limits
The benefit is structural: a server that never receives raw data cannot leak, subpoena, or repurpose it. It pairs naturally with federated analytics and differential privacy for population statistics. But on-device processing is not a privacy guarantee on its own — whatever does leave the device may still be personal data, and a derived value can be re-identifying if it is granular. It also depends on capable client hardware and complicates debugging compared with server-side logs.
Use it to shrink the server-side footprint, then minimise what still leaves.
- Computation runs locally; raw data need not leave
- Pairs with federated analytics and DP for aggregates
- Derived values that leave can still be personal data
How it appears in analytics and logs
If analytics derives results in the browser or app and sends only aggregates, on-device processing is in use; check what, if anything, still leaves the device.
Diagnostic use case
Understand a pattern where raw data is processed on the device and only summaries leave, reducing how much personal data a server ever receives.
What WebmasterID can help detect
WebmasterID minimises what is collected at ingest; on-device processing illustrates the same goal of sending summaries rather than raw per-user events.
Common mistakes
- Assuming nothing personal leaves just because processing is local.
- Sending granular derived values that re-identify users.
- Treating on-device processing as a complete compliance answer.
Privacy and accuracy notes
This page is educational, not legal advice. Keeping processing local reduces server-side data but the result that leaves the device can still be personal data.
Related pages
- Federated analytics
Federated analytics is a measurement pattern derived from federated learning: instead of sending raw events to a server, computation runs locally on each device, and only aggregated or noised results leave the device. The server combines those partial results to estimate population-level statistics without ever holding per-user raw data. It is a data-minimisation technique, not a legal regime. This page is educational; whether any deployment meets a given law depends on its specifics.
- Differential privacy
Differential privacy is a mathematical framework that bounds how much any single person's data can affect a published result, by injecting carefully calibrated random noise. It lets you release useful aggregate statistics while provably limiting what can be learned about any individual. This page explains the core idea and where it appears in analytics.
- Data minimisation in analytics
Data minimisation is the principle that personal data should be adequate, relevant, and limited to what is necessary for the purpose. In analytics it translates to: do not collect identifiers you will not use, prefer aggregates over per-person rows, and avoid storing precise values like full IPs. Minimising at collection beats trying to protect data you never needed. This is educational, not legal advice.
- Privacy-first analytics
Sending summaries instead of raw events shrinks the data footprint.
Sources and verification notes
- Apple — Privacy approach (on-device processing)Primary description of on-device processing for privacy features.
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.