Notes

Bring your own AI: your CRM runs no model

Historis runs no model server-side. You connect your own AI over MCP, even a self-hosted open-source model, so client data never reaches a third-party AI.

Most products that "do AI" are the AI. Whatever you type flows to their model, and you trust their policy about what happens next. Historis takes the opposite stance. It runs no model at all. You bring your own AI over MCP, and the server stays a deterministic data-and-permissions layer. Taken to its limit, your AI can be a fully self-hosted open-source model, and then no client data is sent to anyone else for a model to reason over.

Historis is a client-tracking CRM for retail stores, built around an event timeline, and it exposes that record to your own AI over MCP. This isn't a slogan; it's the architecture. Here is what "bring your own AI" actually means. The honest boundary of the claim matters just as much.

The server runs no model, on purpose

There is no inference on the hot path. Search is plain Postgres full-text. Rules are markdown you author; the server stores and matches them deterministically and hands the text to your assistant to interpret. It never executes or "understands" them server-side. And if semantic search is ever added, its embeddings would come from your side too. Nothing your clients confide ever reaches a model we operate, for the simple reason that we operate none. Answers come from recorded facts.

Which AI can you connect?

Historis speaks an open protocol, the Model Context Protocol, and works as an MCP server behind OAuth 2.1. The assistant on the other end is your choice:

Connection typeWhere the reasoning runsWhat leaves your infrastructure
Hosted assistant (Claude, ChatGPT, Cursor)The vendor's cloudThe context the assistant reads over MCP
Programmatic agent (an SDK, a script, an automation)Wherever you deploy your codeWhatever that code sends to the model it calls
Self-hosted open-source model (Llama, Mistral, Qwen via Ollama or vLLM), driven through an open-source MCP host (LibreChat, Open WebUI, Cline)Your own machineNothing to any AI vendor

In every case the model is yours and Historis is the data the model works over. We are the substrate, not the brain.

Does anything leave for the model with sovereign inference?

This is the part the large AI products structurally cannot offer: they are the model, so your data has to reach them. With a self-hosted open-source model pointed at Historis, the reasoning happens on infrastructure you run. Your client notes are never sent to a third-party AI provider for inference; the intelligence can be entirely yours, and entirely local.

Concretely, a store owner asks a local Llama, driven through LibreChat, what Mrs. Durand bought on her last visit and which follow-up is due. The model reads the timeline from Historis over MCP and reasons on the shop's own machine. No third-party AI ever sees the question, or the record behind it.

The honest boundary

We would rather state the limit plainly than let "sovereign" do more work than it should. Two different things:

  • Inference can be 100% yours: with a self-hosted model, nothing is sent to anyone else to be reasoned over.
  • Storage is still Historis: your data lives in our EU, single-region cloud, covered by a data-processing agreement and never used for training, but not on your own servers. There is no on-premise Historis today. (How that data is isolated and protected is covered in security.)

So the accurate claim is sovereign inference + EU residency, no training, not "100% on your servers." When a product tells you the difference up front, you can trust the part it does promise.

How do you stay in control of what the agent does?

Bringing your own AI would mean little if you couldn't bound it. You set what each connected client may do per organization and per client: read events, read people, write. That choice is made at the consent screen, and the default is read-only. And every write an assistant makes is marked with a , attributed, and logged, so you can always tell its work from yours and roll back an edit it got wrong (a delete, of course, is destructive). A concrete workflow is keeping follow-ups on track with your own agent. (More in why letting an AI write to your CRM is safe and how a multi-tenant agent surface stays leak-proof.)

Why is this rare?

The mainstream way to get AI is to use a product that is an AI company: you cannot point your own model at it, and the promise that your data won't train their model often lives behind commercial tiers or seat minimums a solo operator can't meet. Even open-source CRMs that let you self-host the app rarely make the AI a first-class, bring-your-own choice (see Historis vs Twenty). Here the default flips. Both the model and the keys stay yours; the server holds no model and does no training, and every piece of that is checkable.

Why we built it this way

This is the whole point of "you and your AI". The system keeps your record correct, scoped, and traceable, and the intelligence is yours to choose and, if you want, to host yourself. Historis is the deterministic substrate your assistant works over, and it is designed so that bringing the most private model you can run is not a workaround but the intended path.

Related: determinism: rules with no server-side AI.

Frequently asked questions

Can I connect a self-hosted AI model to a CRM over MCP?
Yes. Historis exposes an MCP server behind OAuth 2.1, and the assistant on the other end is your choice, including a self-hosted open-source model like Llama, Mistral or Qwen driven through an open-source MCP host. The reasoning then happens on infrastructure you run, so your client notes are never sent to a third-party AI for inference.
Does Historis run its own AI on my client data?
No. Historis runs no model at all. Search is Postgres full-text, not a model, and rules are markdown you author that the server matches deterministically and hands to your assistant to interpret. Nothing your clients tell you is sent to a model that Historis operates, because Historis operates none.
Is my data used to train an AI model?
No. Your data is never used for training. It lives in a managed EU single-region cloud under a data-processing agreement, and the only AI that reasons over it is the one you connect. Historis holds no model and trains on nothing.
Can I run Historis fully on-premise, 100% on my own servers?
No. Inference can be entirely yours with a self-hosted model, but storage stays in Historis's EU single-region managed cloud. There is no on-premise Historis. The accurate claim is sovereign inference plus EU residency with no training, not 100% on your servers.
Can I control what a connected AI is allowed to do?
Yes. You set permissions per organization and per connected client at the consent screen: read events, read people, write. The default is read-only. Every write an assistant makes is marked with a diamond glyph, attributed and logged, and an edit it got wrong can be rolled back.

Related posts