Thanks for reaching out, and great question! You’re 100% right that when using the auspice.us page to view a JSON, the data is totally private and doesn’t leave your computer.
If looking at a community build, the community build itself (as viewed when you load the page) is not private - any data that can be seen from the initial load is public, as is required so that we can access it and display it via the community section of the website from GitHub.
However, if you then want to ‘add’ more data to the build by dragging on metadata this is also 100% private - it also does not leave your computer. So this is a fantastic way to ‘augment’ community builds with data that can’t be made public - it can be generated (or sent) securely through your own channels/computers and then just dragged into a public build. It’s all processed in the browser, so is completely private.
I hope that answers your question but let us know if we can help any other way!