You watched the WWDC keynote, heard "the new Siri runs on Google's Gemini," and pictured your texts flying off to Google. That is not what happens. Apple's rebuilt assistant, branded Siri AI, runs a custom Gemini model through Private Cloud Compute, and Apple states that your personal data is not stored nor made readable to Apple, Google, or anyone else during processing. The brand of the model is the part that scared everyone. It is also the part that matters least.
Most coverage stopped at the headline number: Apple reportedly pays Google around $1 billion a year. As of June 2026, the real privacy question is quieter. It is not whether Google can read your data. It is how much personal context one tap now lets Siri pull, where that processing physically happens, and what you can switch off before the beta lands on your phone.
What Apple actually announced at WWDC 2026
On June 8, 2026, Apple unveiled Siri AI: a conversational, multi-turn assistant that pulls context across your apps, reads on-screen content, and chains multi-step tasks across iPhone, iPad, Mac, and Watch. The heavy reasoning runs on a custom-built Google Gemini model with roughly 1.2 trillion parameters, tuned by Apple rather than the off-the-shelf Gemini you get in the Google app. A developer beta opened the day of the keynote. A public beta follows in July, and Siri AI ships in beta with iOS 27, iPadOS 27, and macOS 27 when those releases go public, expected September 2026.
The thing being replaced matters here. Old Siri set timers and fumbled follow-ups. Siri AI is built to answer "text my sister the address from that email and add it to my calendar" in one go. To do that, it needs reach into your mail, messages, calendar, and whatever sits on the screen. That reach is the privacy story, not the badge on the model underneath.
Where your data actually goes
Your request travels in tiers. Simple things stay on the device and never leave it. When a query needs frontier-level reasoning, Siri AI sends it out to Private Cloud Compute, Apple's hardened server fleet. Apple says the Gemini model weights run inside that Apple-controlled infrastructure, and that data sent there gets processed without being stored and without being readable to Apple. On Apple's fiscal Q1 2026 earnings call, Tim Cook said the personalized Siri runs "on-device or through Apple's Private Cloud Compute" while preserving Apple's privacy standard.
Private Cloud Compute is not marketing fluff. It runs on Apple silicon servers, never writes user data to persistent storage, and its software images get published for outside security researchers to inspect. The design goal is that even Apple's own engineers cannot reach into a live request. Independent reporting describes queries being tokenized so neither Apple staff nor Google can tie a given request back to an individual user. On its own terms, this is one of the stronger consumer privacy architectures shipping in 2026.
The detail that makes this credible is verifiability. Plenty of companies promise they will not look at your data. Apple goes further: researchers can download the exact server builds and confirm the promise is enforced in code, not in a press release. A request enters, gets answered, and the machine forgets it. There is no quiet logging tier where someone could later go fishing. That bar sits higher than a typical cloud assistant, where your prompts can sit in a retention window and feed training unless you dig through settings to opt out.
Google did not buy a window into your iPhone. It rented out a model. The data that worries you stays inside Apple's walls, not Google's.
So why does "Gemini" still raise a flag?
Two reasons, and neither is "Google reads your texts." First, there is a reporting gap, and it is sharper than most write-ups admit. Apple's own framing puts the Gemini weights inside Private Cloud Compute. Yet in the weeks before WWDC, several outlets reported that the flagship cloud model, internally called AFM Cloud Pro, would actually run on Nvidia Blackwell B200 GPUs inside Google Cloud, wrapped in Apple's Private Cloud Compute layer with Nvidia's confidential-compute encryption. One report even said Apple tried running a Gemini model on its own Private Cloud Compute hardware first and found it too slow. Apple has not published the full architecture diagram, so the exact split between Apple-operated and Google-operated hardware stays unsettled in public. When a vendor will not show the wiring, you trust the security model, not the marketing.
Here is what most reviews will not tell you: whether the GPUs sit in an Apple rack or a Google rack changes almost nothing about your day-to-day privacy, because the confidential-compute encryption and the no-retention promise ride with the request either way. The harder problem is the second one, and it has nothing to do with hardware.
Second, and bigger: context surface. The privacy of any single request is strong. The aggregate is the concern. Siri AI is designed to know your inbox, your calendar, your locations, and your on-screen content well enough to act without you spelling things out. That standing index of your life lives inside Apple's ecosystem, under Apple's rules, on a model Apple licenses but does not own. Strong cryptography on a request does not change who controls the memory of you that makes the request useful in the first place.
Think about what "one tap" really means. The whole pitch of Siri AI is that you stop typing out details, because the assistant already has them. That convenience runs on Siri reaching across your apps the moment you invoke it. Encryption protects the request in flight. It says nothing about the size of the profile that makes the request smart, or about who decides what that profile keeps and what it forgets.
It is not coming everywhere, and that tells you something
Siri AI will not launch on iOS or iPadOS in the European Union at release. Apple cited the Digital Markets Act: EU regulators would not accept Apple's proposed ways of shipping the feature while also letting third-party assistants interoperate. Apple even floated a "Trusted System Agent" intermediary and an 18-month rollout, and the European Commission rejected it. Apple now says there is no timeline for EU availability. China sits out at launch too, for a separate reason. Google services are blocked there, so a Gemini-powered Siri cannot run, and Apple is reportedly building a China-specific version on its own models.
The lesson for a privacy-minded user is structural. A feature that bends to one regulator and breaks entirely in one country is a feature welded to a specific vendor stack. Your assistant's intelligence, and the personal context behind it, travels only as far as Apple's deals and one government's rules allow.
What "personal context" actually indexes
Apple has been specific about the reach. Siri AI's personal-context engine can locate information across Calendar, Files, Mail, Messages, Notes, and Photos, whether or not you remember which app it came from. Onscreen awareness adds a live read of whatever is in front of you: share an address by text, say "add this to their contact card," and Siri pulls the detail straight off the screen. That is the magic, and that is the surface area. The assistant is useful precisely because it has already mapped where your life is stored.
Worth keeping in perspective: as of June 2026, all of this is still beta. The developer build went out June 8, the public beta lands in July, and the consumer release is expected in September with iOS 27. Security researchers have not yet had a full season to probe the production Siri AI architecture, and the Apple-versus-Google hardware question is still being argued in the press. None of that means the privacy claims are false. It means the smart move is to wait for the scrutiny to catch up before you hand a brand-new assistant a standing map of your inbox, your calendar, and your camera roll.
What to turn off if you want less exposure
You do not have to take all of Siri AI to take some of it. The personal-context features are the ones that read across your apps, so those are the dials worth checking before the beta settles onto your phone.
- Onscreen awareness: limit which apps Siri can see when you ask about "this" on the screen, so a banking or health app is not readable by default.
- App access per service: Apple Intelligence exposes per-app toggles for Mail, Messages, Calendar, and Photos. Grant only the apps where chained actions actually help you.
- Learning from your data: turn off personalization and on-device learning if you would rather Siri not build a standing profile from your usage.
- Beta participation: Siri AI ships as opt-in beta with iOS 27. You can stay on stable iOS 27 and skip the assistant until the architecture has had outside scrutiny.
- ChatGPT or third-party extensions: if Apple offers world-knowledge fallbacks to outside models, review that handoff separately. That is a different data path from Private Cloud Compute.
Decide app-by-app, not all-or-nothing. The convenience of cross-app actions and the size of your exposed context are the same setting. Granting Calendar plus Maps is low risk. Granting a password manager or a health app is the part to think twice about.
The privacy comparison most reviews skipped
Here is the honest side-by-side. Per-request privacy is genuinely strong on Apple's side. The open questions are about control and lock-in, not about whether Google is snooping.
| Dimension | Siri AI on Private Cloud Compute | A vendor-neutral memory layer like MemX |
|---|---|---|
| Where heavy reasoning runs | Apple-operated Private Cloud Compute; some reports cite Nvidia GPUs in Google Cloud, split not fully public | Your memory is a separate store; you choose which assistant reads it |
| Can the model vendor read requests | Apple says no; data not stored or made readable to Apple or Google | Per-user isolation and encryption at rest; not used for training |
| Who controls the standing context | Apple's ecosystem, on a licensed Gemini model | You own the memory layer, independent of any one model |
| Works across assistants | Tied to Siri and the Apple OS | Usable across ChatGPT, Claude, and Gemini |
| Availability | Not in EU iOS or China at launch; opt-in beta elsewhere | Not bound to one OS vendor's regional deals |
Where a vendor-neutral memory layer fits
Apple's architecture handles one thing well: keeping a single request private. It does not solve the other thing, which is that the memory making your assistant useful now belongs to Apple's stack and a model you do not control. Switch ecosystems, get blocked by a regulator, or want the same context inside Claude or a chatbot, and you start over. The intelligence is rented. The lock-in is yours.
MemX is built for that gap. It is an external memory layer you own, private by architecture: per-user isolation, encryption at rest, and your data is not used for training. Instead of binding your personal context to one OS and one licensed model, MemX lets the same memory travel across ChatGPT, Claude, and Gemini, so the part that knows you stays portable even when the assistant underneath changes. Apple's Private Cloud Compute is genuinely strong engineering. It just answers a narrower question than "who owns the memory of me."
The practical difference shows up the day your stack changes. Move from iPhone to a work setup built on Claude, or watch a regulator block your assistant the way the EU blocked Siri AI, and Apple's context does not come with you. A memory layer you control is not tied to one vendor's deal or one country's rules. The assistant becomes a swappable front end. The memory, the part that took months to build up, stays yours.
Frequently asked questions
01Does Apple send my data to Google with the new Siri?
Apple says no. The custom Gemini model runs through Apple's Private Cloud Compute, and Apple states user data is not stored or made readable to Apple or Google during processing. Google licenses the model; it does not get a window into your requests.
02Is the new Siri AI private?
Per request, yes. On-device processing handles simple tasks, and Private Cloud Compute runs on Apple silicon that does not store requests and is open to outside security review. The looser concern is how much personal context Siri can pull across your apps.
03How much did Apple pay Google for Gemini?
Apple reportedly pays Google around $1 billion a year in a multi-year deal for a custom Gemini model of roughly 1.2 trillion parameters, tuned for Siri AI. Apple has not confirmed the exact terms publicly, per CNBC and TechCrunch reporting.
04Why is Siri AI not available in the EU or China?
In the EU, Apple held it back on iOS and iPadOS over Digital Markets Act interoperability rules, with no timeline given. In China, Google services are blocked, so the Gemini-powered version cannot run, and Apple is building a separate China model.
05Can I turn off the new Siri features?
Yes. Siri AI ships as an opt-in beta with iOS 27, so you can stay on stable iOS 27. You can also limit onscreen awareness, restrict per-app access for Mail, Messages, and Photos, and disable learning from your data.
The takeaway
The $1 billion headline buries the real answer. Siri AI keeps individual requests private through Private Cloud Compute, and the fear that Google reads your texts does not hold up. What the new Siri does change is how much of your personal context one tap pulls in, and how tightly that context is welded to Apple's ecosystem and a model Apple rents. Trust the per-request privacy. Check the app-access toggles before the beta lands. And if you want the memory of you to outlive any single assistant, keep it somewhere you own.
