Atlas Data Sovereignty - Kintsugi Collective

Home Try Atlas

Data Sovereignty

The sovereign data architecture is not a feature. It is a philosophical position made structural. The entire framework rests on the premise that genuine presence requires the absence of institutional agenda. An AI that profits from your engagement, stores your disclosures in readable form, or serves regulatory interests cannot be a true witness.

"Sovereign data architecture means architectural incapability - not contractual prohibition. The system is built so that it cannot read your data, not merely promised not to."

Encryption

Split-Key Architecture

DeviceKey (PBKDF2) + ServerKey (CSPRNG) combined via HKDF to produce MasterKey. Per-memory MemoryKey derivation. AES-256-GCM edge encryption throughout.

Prompt Shield

On-Device Tokenisation

Queries are tokenised on-device before transmission. Even the request payload is protected at the point of generation - before it leaves the user's hardware.

Data Schema

Discrete Encrypted Schemas

Each user has a discrete encrypted schema. No data exists server-side in readable form. Linking any record to a user requires that user's personal decryption key.

Burn Protocol

Complete Erasure on Demand

The user can destroy their data completely, at any time, without recourse. Key destruction renders all associated data permanently inaccessible. No recovery. No residue.

Each user has a discrete encrypted schema. No data exists server-side in readable form.
Payloads exchanged with the intelligence layer never leave the secure environment.
Linking any data record to a specific user requires that user's personal decryption key.
Prompt Shield tokenisation on-device means even the queries are protected at the point of generation.
The burn protocol: the user can destroy their data completely, at any time, without recourse.

Privacy and capability are the same architectural decision. Longitudinal private context reduces false positive safety triggers and allows Atlas to distinguish between someone who is processing and someone who is in active distress - a distinction the current paradigm cannot make.

Why This Matters

Genuine therapeutic presence requires the absence of institutional agenda. A system that stores your disclosures in readable form - however well-intentioned - cannot be a true witness. The conflict of interest is architectural, not personal.

For this population, trust is not a nice-to-have. It is the precondition for everything else. The Sovereign Signal Vault is the structural guarantee that Atlas's presence is not conditional on compliance with data extraction. Kintsugi Collective is architecturally incapable of reading user data.