Parinita Presence
The Sovereign User Surface. iOS. Android. Web. Desktop.
Three trust tiers. Operation-determined escalation. Every meaningful action Chrysalis-receipted.
Presence is the multi-platform app through which users access their personal AI twin, organizational context, inference capacity, and data. Every meaningful action carries a Chrysalis receipt. A seat without Presence is an inference allocation; a seat with Presence is a sovereign product the user holds in their hand.
User-Facing AI Apps Have No Cryptographic Binding Between Credential, Action, and Evidence
When a user signs a document, releases a record, or executes a transaction through an AI app, there is typically no cryptographic binding between the credential used and the action taken.
A username and password, or even a WebAuthn passkey, establishes identity at login — but does not cryptographically bind that identity to the specific action, the specific context, and the specific time. Presence does.
-
Login Credentials Don't Bind to Actions
A password or passkey establishes identity at login but does not cryptographically bind that identity to a specific action taken later in the session.
-
High-Trust Operations Have No Hardware Root
Signing legal documents, releasing PHI, and executing financial transactions require a hardware-rooted credential — software-only signing keys can be copied and abused.
-
Context Switching Breaks Security Models
Users who move between low-trust and high-trust contexts cannot manage separate apps or security profiles. Trust must escalate automatically based on the operation requested.
Three trust tiers. The operation decides — not the user.
Trust tier escalates automatically based on what's being requested — the user doesn't pick a 'high security mode.' Sensitive operations demand a higher-tier credential or get refused.
Every meaningful action stamps with seat identity, edge anchor identity (when present), active jurisdiction, POP, and operation hash — immutable even after revocation.
-
Open Trust Tier
Seat passkey and OIDC authentication. For general chat, low-sensitivity context retrieval, and public-knowledge queries. The baseline tier for all Presence users.
-
Bound Trust Tier
Seat plus proximity to a registered Micro/Tiffin or Micro Lite/P15 over BLE or NFC with current attestation. For organizational context, regulated workflows, and document handling.
-
Sealed Trust Tier
Hardware-bound cryptographic signature from the secure element of the paired anchor device. Signing key never leaves the anchor. For legal docs, financial transactions, PHI release, and classified material.
-
Operation-Determined Escalation
Trust tier escalates automatically based on what is being requested — not user-selectable. Sensitive operations demand a higher-tier credential or get refused.
-
Chrysalis Receipt per Action
Every meaningful action stamps with seat identity, edge anchor identity (when present), active jurisdiction, POP, and operation hash. Receipt history is immutable even after revocation.
-
Tiffin Edge Anchor
Micro (Tiffin) — $10/device/month, max 5 per seat, Qualcomm IQ-9075M enterprise NPU. Enables Bound and Sealed trust tiers via BLE/NFC proximity.
-
P15 Edge Anchor
Micro Lite (P15) — $5/device/month, max 10 per seat, Pi 5 + Hailo-8L 13 TOPS residential. Enables Bound and Sealed tiers for home-office and distributed teams.
-
Multi-Platform Native
React Native and React Native Web shared codebase across iOS, Android, and desktop (Windows, macOS, Linux) with native Swift and Kotlin modules for secure-enclave access and biometric auth.
-
Maximum Seat Economics
5 Tiffin anchors ($50/mo) + 10 P15 anchors ($50/mo) + 50 app installs ($17/mo) + $175 seat = ~$292/month maximum per-seat economic ceiling.
The Plane Model
Orchestra introduces "planes" — logical groupings of hardware optimized for a specific workload class. Unlike Kubernetes node pools, planes represent fundamentally different hardware architectures with different drivers, network requirements, and scheduling semantics.
The plane model is what makes Orchestra different from every other orchestration tool. Kubernetes sees nodes. Orchestra sees purpose-built hardware tiers and routes workloads accordingly.
Three tiers. Operation-determined escalation.
Open (seat passkey + OIDC), Bound (seat + proximity to Tiffin or P15 over BLE/NFC), Sealed (hardware secure-element signing — signing key never leaves the anchor device).
- 01Open tier requirementSeat passkey (WebAuthn) + OIDC. Sufficient for general chat, low-sensitivity context retrieval, and public-knowledge queries.
- 02Bound tier requirementSeat passkey plus active BLE or NFC proximity to a registered, attested Tiffin or P15 anchor device.
- 03Sealed tier requirementHardware secure-element signing from the paired anchor device. Signing key never leaves the anchor. Required for legal docs, PHI release, financial transactions, and classified material.
- 04Operation classificationThe operation requested determines the minimum trust tier required. The user cannot override — insufficient credentials result in refusal, not downgrade.
- 05Chrysalis receiptEvery meaningful action: seat identity, edge anchor identity, active jurisdiction, POP, and operation hash. Immutable even after revocation or session end.
- 06Anchor bindingAnchors are seat-bindable and delegatable across organizational scopes — clinical rooms, courtrooms, trading floors, lab benches — without separate hardware SKUs.
- 07App install pricingPresence App installs price at $1 per 3 installs per month, maximum 50 per seat. Supports personal and shared-device deployments.
- 08Platform distributionApple App Store, Google Play, enterprise MDM (iOS and Android), and standard desktop software deployment for Windows, macOS, and Linux.
import presence
client = presence.Client(seat_token='your_seat_token')
# Check active trust tier for current session
session = client.session.current()
print(f"Trust tier: {session.trust_tier}, Anchor: {session.anchor_id}, POP: {session.pop_id}")
# Request an operation (system determines required trust tier)
result = client.operations.execute(
operation='sign_legal_document',
document_id='contract_2026',
required_tier='sealed'
)
print(f"Chrysalis receipt: {result.chrysalis_tx}") Proven at scale. Not in a lab.
Parinita AI Edge is the production deployment of the Parinita platform and the largest heterogeneous AI infrastructure deployment in the United States.
Parinita AI Edge
The most complex heterogeneous AI infrastructure in the United States. 101 sites, 9 planes, 12,000+ nodes, 4 accelerator vendors, dual network fabrics, four-layer tenant isolation — all through a single sovereign control plane.
Network & Security Infrastructure
- Multi-vendor acceleratorsFour accelerator vendors — Intel Habana, NVIDIA, AMD, Qualcomm — orchestrated through one control plane with unified scheduling, monitoring, and lifecycle management.
- Dual-fabric networkingCisco production fabric and Arista GPU backend fabric operating as a coordinated system, bridged by identity-aware routing.
- Nationwide scale101 sites across 42 U.S. states, each operating autonomously with a local control agent and a sovereign cross-site routing plane.
- Multi-tenant isolationFour-layer defense-in-depth: VXLAN VNIs, identity-routing, Palo Alto firewalls, and Cilium eBPF — validated across every plane and site.
- Compliance readinessFIPS 140-2 at launch, with FedRAMP Moderate, CJIS, and IL4/IL5 certification paths active through Parinita compliance profiles.
- Sub-millisecond routingEvery request classified and dispatched in under 1ms, enabling real-time SLA enforcement without perceptible overhead.
Built for users who move between contexts with different trust requirements.
Presence is the surface through which the sovereign stack reaches users — its value is in the cryptographic binding underneath, not in a feature checklist.
Organizations whose users operate in clinical exam rooms, courtrooms, trading floors, and lab benches — different trust requirements, one coherent surface.
-
Regulated Professional Workflows
Attorneys signing documents, physicians releasing PHI, traders executing transactions — each operation demands a Sealed credential with a Chrysalis receipt.
-
Distributed Workforces
P15 anchors at $5/device/month support home-office Bound and Sealed workflows without enterprise-grade hardware. Max 10 anchors per seat.
-
Shared-Device Environments
Clinical exam rooms, courtrooms, and lab benches — up to 50 Presence App installs per seat support shared-device deployment across an organizational scope.
-
High-Trust AI Operations
Atma twin actions that require a Sealed credential — legal document signing, financial transaction authorization, PHI record release — all carry a Chrysalis receipt.
-
Zero-Trust Access Replacement
Presence replaces VPN and zero-trust access tools for high-sensitivity operations with hardware-rooted trust tiers and a tamper-proof action receipt per operation.
Deployment Models
Presence distributes through Apple App Store, Google Play, and enterprise MDM channels. Desktop via standard enterprise software deployment.
Distributes through Apple App Store, Google Play, and enterprise MDM. Desktop via standard software deployment on Windows, macOS, and Linux.
Tiffin (max 5/seat) and P15 (max 10/seat) bind to seats at provisioning. BLE/NFC pairing enables Bound and Sealed trust tiers from that moment on.
The platform determines the minimum trust tier per operation automatically. No user configuration required — the operation classification is baked into the app logic.
Talk to Us
Our team can walk through the trust tier model and edge anchor deployment for your specific workflow and compliance requirements.