Well, TFA appears to be thin on the details, but who says whatever they deploy is phoning home? If you run their model on prem, it wouldn't be a difficult feat to monitor its network traffic. Not to mention limiting it. It would be tricky if it phoned home by design, but if this is all abstracted through tool use or something, it can certainly be audited. And the kind of company that wants this usually doesn't just run random software without understanding and inspecting closely what it does.