Parinita  /  Products  /  Parinita Sovereign
Foundation Layer

Parinita Sovereign

Customer Data Never Leaves Jurisdiction. AI Comes to the Data.

Six classification zones. Four isolation layers. AI travels to your data — never the reverse.

Sovereign is the third pillar of the Parinita platform alongside AI Edge infrastructure and Nexus collaboration. One principle: customer data never leaves their jurisdiction. AI comes to the data, not the other way around. Six components enforce that at every layer.

101
Sites Worldwide
6
Classification Zones
4
Isolation Layers
101
Jurisdiction-Bound POPs
01 / The Problem

AI Services Require Your Data to Leave Jurisdiction

Every major AI service requires sending your data to a vendor's cloud infrastructure — creating compliance exposure the vendor cannot legally fix.

HIPAA, GDPR, ITAR, and sovereign AI regulations all restrict where regulated data can travel. No cloud AI provider can make your data sovereign by contract alone — the architecture has to enforce it.

  • Regulated Data Cannot Go to Cloud AI

    HIPAA PHI, ITAR-controlled data, and GDPR-regulated personal data cannot legally travel to most US cloud AI providers. The architecture has to enforce residency, not just the contract.

  • Consent Is a Checkbox, Not a System

    Most consent management is a UI workflow with no enforceable data lifecycle. Purpose limitation, expiration, and deletion proof are not technical guarantees — they are claims.

  • Multi-Jurisdiction AI Is Operationally Impossible Today

    Operating under GDPR, HIPAA, and ITAR simultaneously requires satisfying the intersection of all three — a constraint no cloud AI vendor can compute and enforce automatically.

Capability
Current / legacy
What's needed
Data residency
Contractual claim — vendor cloud infrastructure can route data across jurisdictions
Four-layer technical enforcement — legal, network, storage, and cryptographic layers simultaneously
Consent management
UI checkbox — no enforceable data lifecycle or deletion proof
First-class artifact with purpose limitation, expiration, and on-chain deletion proof
AI processing
Data travels to cloud AI — HIPAA, ITAR, and GDPR data cannot legally comply
AI travels to data — vLLM, Axolotl, and Milvus run at the jurisdiction POP
Multi-jurisdiction compliance
Manual constraint analysis — engineers maintain per-jurisdiction rules manually
Automatic intersection computation — most restrictive rule applies to each data element
Audit evidence
Log aggregation project — weeks of manual work, no tamper-proof chain
Chrysalis VRC query — every residency and consent event anchors on-chain, auditor-verifiable
Tenant separation
Logical separation in shared cloud — shared key management, shared infrastructure
Four independent layers — 101-LLC entity, NIC identity, Plane 5 partitions, HSM-backed keys
02 / Core Capabilities

Six components. One principle. Data stays. AI travels.

Sovereign's architecture enforces data residency at the legal, network, storage, and cryptographic layers simultaneously — not by policy, but by architecture.

The 101-LLC corporate structure encodes jurisdictional choice at the corporate level — a subpoena targets a specific LLC entity, not a multi-tenant vendor account.

  • Sovereign Data Vault

    Encrypted storage with six classification zones — PUBLIC, INTERNAL, RESTRICTED, PHI/HIPAA, PCI/PCI-DSS, ITAR — using MinIO, AES-256-GCM, and HashiCorp Vault with per-POP keys.

  • Consent and Governance Engine

    Granular consent, purpose limitation, and expiration backed by PostgreSQL and Casbin policy. Consent is a first-class artifact with an enforceable data lifecycle — not a checkbox.

  • Chrysalis Audit Trail

    Every consent grant, residency event, and deletion proof anchors on-chain via Chrysalis VRC smart contracts. Audits become queries, not projects.

  • Sovereign AI Processing

    Local inference, fine-tuning, and RAG via vLLM, Axolotl, and Milvus — the model travels to the data, never the reverse. AI comes to the data.

  • Insight Exchange

    NVIDIA FLARE federated learning and OpenDP differential privacy let customers trade insights across organizational boundaries with cryptographic privacy guarantees. Insights move; data does not.

  • Legal Isolation Layer

    Each tenant's data binds to a specific 101-LLC entity in the Parinita corporate structure. A subpoena targets that entity, not a multi-tenant vendor account.

  • Network Isolation Layer

    Workload identity attached to every packet at the ConnectX-7 NIC via Crucible eBPF/XDP — network-level residency enforcement below the OS.

  • Storage Isolation Layer

    Data partitioned per tenant on Plane 5, physically bound to the assigned jurisdiction POP. Data cannot be routed to a non-jurisdiction POP by architecture.

  • Cryptographic Isolation Layer

    Every meaningful action signed with HSM-backed validator keys. Per-POP key management ensures cryptographic isolation even within shared hardware.

03 / Architecture

The Plane Model

Orchestra introduces "planes" — logical groupings of hardware optimized for a specific workload class. Unlike Kubernetes node pools, planes represent fundamentally different hardware architectures with different drivers, network requirements, and scheduling semantics.

The plane model is what makes Orchestra different from every other orchestration tool. Kubernetes sees nodes. Orchestra sees purpose-built hardware tiers and routes workloads accordingly.

P1
Reasoning Cortex
AMD Instinct MI350P
Primary AI inference · LLM serving
1,450+ nodes · 288GB HBM3e · high-bandwidth accelerator
P2
Training & Generation
NVIDIA RTX PRO 6000 Blackwell
Training · TTS · creative compute
950+ nodes · 96GB GDDR7
P3
Chain & CPU Compute
AMD EPYC Turin 9005
Chrysalis validators · CPU inference
700+ nodes · Zen 5c
P4
Knowledge & Retrieval
Intel Sierra Forest
Almanac vector search · RAG anchor
1,250+ nodes · 144 E-cores
P5
Long-Term Memory
NVMe Storage
Enclave · Stratum immutable object
850+ nodes · ransomware-resistant
P6
Media & Acceleration
RTX 4500 BSE · Alveo MA35D
Four tiers · GPU + FPGA + CPU
2,150+ nodes · 4K/8K hardware acceleration
P7
Edge Reflex
Qualcomm Cloud AI 100 Ultra
Ultra-low-latency edge inference
2,000+ nodes · sub-10ms response
P8
Coordination Layer
AmpereOne A128
Orchestra · Chorus routing · agents
2,400+ nodes · 128 ARM cores
P9
Nervous System
Cisco 8000 · Palo Alto · Arista
Routing · firewall · dual fabric
3,500+ devices · ConnectX-7 NICs
04 / Residency Enforcement Model

Four independent layers. No single point of failure.

Data residency is enforced simultaneously at the legal layer (101-LLC entity binding), network layer (Crucible NIC identity), storage layer (Plane 5 jurisdiction-bound partitions), and cryptographic layer (HSM-backed signatures).

  1. 01
    Classification zone
    Six zones — PUBLIC, INTERNAL, RESTRICTED, PHI/HIPAA, PCI/PCI-DSS, ITAR — each with independent encryption keys and access policies.
  2. 02
    Jurisdiction binding
    Data binds to a specific 101-LLC entity and a specific POP jurisdiction. Routing to a non-jurisdiction POP is blocked at the NIC by Crucible.
  3. 03
    Consent lifecycle
    Purpose, scope, and expiration defined at consent grant. Deletion proofs anchor on Chrysalis — enforceable by architecture, not just policy.
  4. 04
    AI processing model
    vLLM, Axolotl, and Milvus run locally on Plane 5 at the jurisdiction POP. Models travel to data — data never travels to models.
  5. 05
    Federated learning
    NVIDIA FLARE enables cross-organizational model training with OpenDP differential privacy. Gradient updates move; underlying data does not.
  6. 06
    Multi-jurisdiction intersection
    Sovereign computes the intersection of all applicable compliance constraints automatically — the most restrictive rule governing each data element applies.
  7. 07
    Audit query model
    Every residency event and consent change anchors on Chrysalis via VRC smart contracts. Audits are Chrysalis queries — not log aggregation projects.
  8. 08
    Deletion proof
    Deletion events anchor on-chain with cryptographic proof of erasure — court-admissible evidence of GDPR Article 17 compliance.
python
import sovereign

client = sovereign.Client(seat_token='your_seat_token')

# List data classification zones for your tenant
for zone in client.vault.zones():
    print(f"Zone: {zone.name}, Jurisdiction: {zone.jurisdiction}, POP: {zone.pop_id}")

# Run local inference — model comes to data
result = client.ai.infer(
    model='parinita-gpt-7b',
    prompt='Summarize this PHI record',
    data_zone='PHI/HIPAA',
    jurisdiction='us-east'
)
print(f"Result: {result.text}, Residency proof: {result.chrysalis_tx}")
05 / Proof

Proven at scale. Not in a lab.

Parinita AI Edge is the production deployment of the Parinita platform and the largest heterogeneous AI infrastructure deployment in the United States.

Reference Deployment

Parinita AI Edge

The most complex heterogeneous AI infrastructure in the United States. 101 sites, 9 planes, 12,000+ nodes, 4 accelerator vendors, dual network fabrics, four-layer tenant isolation — all through a single sovereign control plane.

101
Points of Presence
4 tiers: T1 (32), T2 (29), T3 (19), T4 (21)
909+
K8s Clusters
101 sites x 9+ plane types
12K+
Compute Nodes
Supermicro, Dell, Ampere, Cachengo
4
Accelerator Vendors
Intel Habana, NVIDIA, AMD, Qualcomm

Network & Security Infrastructure

2,491+
Cisco Switches
+ 303 routers (EVPN-VXLAN)
1,734+
Arista Switches
Lossless GPU backend fabric
367+
Palo Alto Firewalls
PA-5580/PA-5560 series
152+
Petabytes Storage
NVMe over RDMA
  • Multi-vendor accelerators
    Four accelerator vendors — Intel Habana, NVIDIA, AMD, Qualcomm — orchestrated through one control plane with unified scheduling, monitoring, and lifecycle management.
  • Dual-fabric networking
    Cisco production fabric and Arista GPU backend fabric operating as a coordinated system, bridged by identity-aware routing.
  • Nationwide scale
    101 sites across 42 U.S. states, each operating autonomously with a local control agent and a sovereign cross-site routing plane.
  • Multi-tenant isolation
    Four-layer defense-in-depth: VXLAN VNIs, identity-routing, Palo Alto firewalls, and Cilium eBPF — validated across every plane and site.
  • Compliance readiness
    FIPS 140-2 at launch, with FedRAMP Moderate, CJIS, and IL4/IL5 certification paths active through Parinita compliance profiles.
  • Sub-millisecond routing
    Every request classified and dispatched in under 1ms, enabling real-time SLA enforcement without perceptible overhead.
06 / Use Cases

Built for regulated industries where data residency is a hard constraint.

Sovereign computes the intersection of multiple compliance constraints — GDPR, HIPAA, ITAR — and enforces the most restrictive data handling rule that satisfies all simultaneously.

Sovereign is the runtime layer that produces residency evidence. Choosing which controls apply is still a human judgment.

  • Healthcare and Life Sciences

    HIPAA PHI must stay in jurisdiction. Sovereign AI Processing brings models to PHI — no PHI leaves the POP. Guardian agent provides PHI-safe summarization.

  • Financial Services

    PCI-DSS and SEC 17a-4 data residency requirements met at the storage, network, and legal layers simultaneously. Ledger agent for KYC/AML with in-jurisdiction processing.

  • Defense and Government

    ITAR-controlled technical data and classified material stay within ITAR-compliant entity boundaries. Atlas agent for classified document handling within jurisdiction.

  • Multi-Jurisdiction Enterprises

    GDPR, HIPAA, and sovereign AI regulations simultaneously. Sovereign computes the intersection and enforces the most restrictive data handling rule for each data element.

  • Federated AI Research

    Organizations that need to collaborate on AI model training across institutional boundaries without sharing underlying regulated datasets. FLARE + OpenDP makes insights portable, data stays put.

07 / Getting Started

Deployment Models

Sovereign deploys as a platform service — data classification zones and consent policies configure at tenant onboarding. Chrysalis audit trail activates automatically.

Tenant Onboarding
Classification and Consent Setup

Data classification zones and consent policies configure at tenant onboarding. Chrysalis audit trail activates automatically on first data write.

Local AI Deployment
Models Come to Your Data

vLLM, Axolotl, and Milvus deploy at your jurisdiction POP. Inference, fine-tuning, and RAG all run locally — no data leaves.

Federated Insight Exchange
Cross-Org AI Without Data Sharing

NVIDIA FLARE federated learning with OpenDP differential privacy. Gradient updates cross boundaries; underlying data stays in jurisdiction.

08 / Get Started

Talk to Us

Our data sovereignty team can walk through how Sovereign maps to your specific compliance framework — GDPR, HIPAA, ITAR, or sovereign AI regulations.