blog/local-first data enrichment

local-first data enrichment

thought leadership Apr 8, 2026

When you upload a CSV to Clay, Apollo, or ZoomInfo, you're handing your prospect list to a third party. They store it on their servers. They process it through their infrastructure. Your list of target accounts — your competitive intelligence — sits in someone else's database.

Most people don't think about this. They should.

The Default SaaS Model

Here's how most enrichment tools work:

  1. You upload your contacts (CSV, CRM sync, or manual entry)
  2. The platform stores your data on their servers
  3. Enrichment happens in their cloud
  4. Your data — original and enriched — lives on their infrastructure

Your prospect list, your target accounts, your enriched profiles — all stored by a third party. Subject to their security practices, their data retention policies, their terms of service, and their jurisdiction's laws.

If the platform gets breached, your prospect data is exposed. If the platform changes their terms, your data is subject to new policies. If you cancel your subscription, what happens to your data?

The Local-First Alternative

A CLI tool flips this model:

$ enrich email ceo@stripe.com --json > profile.json

The enriched data lands on your machine. In your filesystem. Under your control.

  • Your data stays local. The enriched profile is a file on your disk, not a record in someone else's database.
  • You choose where it goes. Pipe it to your own database, your CRM, or a file. You decide the destination.
  • Nothing is uploaded. You send an email address to the API and get data back. You never upload your entire prospect list.

Why This Matters

GDPR and Data Protection

Under GDPR, when you upload personal data (names, emails, job titles) to a SaaS platform, you're creating a data processing relationship. That means:

  • Data Processing Agreement (DPA) — You need a DPA with every enrichment vendor that handles your prospect data.
  • Data minimization — You should only share the minimum data necessary. Uploading your entire CRM to an enrichment platform shares more than needed.
  • Right to erasure — If a prospect requests deletion, you need to ensure every platform that holds their data removes it. More platforms = more work.
  • Data transfer — If the enrichment vendor's servers are outside the EU, you need additional safeguards (SCCs, adequacy decisions).

A CLI tool simplifies this:

  • Minimal data sharing — You send one email address per request, not your entire list.
  • No persistent storage by the vendor — The enrichment provider processes the request and returns data. They don't store your prospect list.
  • Local storage = your responsibility — The enriched data lives on your machine. You control retention and deletion.

This doesn't eliminate GDPR obligations — you still need a legitimate interest basis for the enrichment itself. But it reduces the number of processors handling personal data and simplifies your compliance surface.

Data Ownership

When your enrichment data lives in Clay or Apollo, you're dependent on that platform for access. If you cancel, you need to export. If they change their API, your integrations break. If they get acquired (like Clearbit by HubSpot), your data is now in a different company's hands.

With local-first enrichment:

$ enrich email ceo@stripe.com --json >> enriched_leads.jsonl
$ enrich domain stripe.com --json >> enriched_companies.jsonl

These are plain JSON files. No proprietary format. No vendor lock-in. Read them with jq, import them into any database, or pipe them anywhere. They'll still be readable in 10 years regardless of what happens to any vendor.

Security Surface Area

Every SaaS platform you share data with is a potential breach vector. In 2024-2025 alone, multiple data enrichment and sales intelligence platforms experienced security incidents.

The risk equation is simple: more platforms with your data = more attack surface.

A CLI tool that sends one email at a time and returns enriched data to your local machine minimizes what's exposed. Even if the enrichment provider's API is compromised, the attacker doesn't get your entire prospect list — because you never uploaded it.

Competitive Intelligence

Your prospect list is competitive intelligence. It reveals:

  • What companies you're targeting
  • What personas you're selling to
  • What industries you're expanding into
  • How large your pipeline is

When you upload this to a SaaS platform, you're trusting that vendor not to use, analyze, or leak this information. Most vendors are trustworthy. But "most" isn't "all," and the information is valuable.

With local-first enrichment, your targeting strategy stays on your machine.

The Trade-Off

Local-first enrichment isn't free of trade-offs:

What You Lose

  • Managed storage — You're responsible for backing up and organizing your enriched data
  • Collaboration — SaaS platforms let teams share enriched lists. With a CLI tool, you share via files, git, or your own infrastructure
  • Automation — SaaS platforms have built-in triggers (enrich on CRM sync). With a CLI, you write your own automation (cron jobs, webhooks, scripts)

What You Gain

  • Privacy — Prospect data stays on your machine
  • Ownership — Plain files in your filesystem, no vendor lock-in
  • Compliance simplicity — Fewer processors, simpler GDPR story
  • Security — Smaller attack surface
  • Control — You decide what goes where and for how long

For developers and technical teams, the "what you gain" list outweighs the "what you lose" list. You're already comfortable with files, scripts, and automation. You don't need a SaaS dashboard to manage data you can manage yourself.

Practical Local-First Enrichment

Store Enriched Data in SQLite

$ enrich email ceo@stripe.com --json | \
    jq -r '[.person.name, .email, .person.title, .company.name] | @csv' | \
    sqlite3 leads.db ".import /dev/stdin contacts"

Now your enriched data lives in a local SQLite database. Query it, back it up, encrypt it, delete it — entirely under your control.

Git-Tracked Enrichment

For small datasets, you can even git-track your enriched data:

$ enrich email prospect@company.com --json >> data/enriched.jsonl
$ git add data/enriched.jsonl
$ git commit -m "Enrich new prospect"

Full audit trail. Version history. Diff-able. Recoverable. And never leaves your infrastructure.

Encrypted at Rest

Because the data lives on your machine, you can encrypt it:

$ enrich email ceo@stripe.com --json | gpg --encrypt -r you@company.com > profile.gpg

Try doing that with a SaaS dashboard.

Who Should Care

  • Companies in regulated industries (finance, healthcare, legal) where data handling is scrutinized
  • European companies where GDPR compliance is table stakes
  • Security-conscious teams that minimize their third-party data exposure
  • Anyone who's been burned by a SaaS vendor changing terms, getting acquired, or getting breached
  • Developers who prefer files and scripts to dashboards and integrations

Getting Started

$ brew install enrichcli/tap/enrichcli

$ enrich email ceo@stripe.com --json > profile.json

$ cat profile.json

50 free enrichments per day. Your prospect data stays on your machine.

start enriching data from the command line.

get started free

50 free enrichments per day. no credit card required.