Four Billion People. Zero Sovereign AI Infrastructure.
The AI industry is built on a single, unstated assumption: that data can move. That a query made in a rural clinic, a tribal village, a government office, or a child's classroom can travel — to a data center in another country, processed by a model owned by another corporation, returned with an answer.
This assumption is convenient for the companies building AI. It is catastrophic for everyone else.
When data must move, three things follow: Connectivity becomes a prerequisite. Sovereignty becomes negotiable. And privacy becomes a function of trust in institutions you cannot audit.
For four billion people in the Global South — and for any government, hospital, or institution that takes data residency seriously — none of those three conditions are acceptable.
2.7 billion
People with no reliable internet access
140+
Jurisdictions with active data residency laws
0
Cloud AI vendors guaranteeing data never leaves the device
Most 'AI for the Global South' is a Cloud Wrapper.
A cloud wrapper is what happens when a company takes a model running on someone else's servers in another country, builds a thin interface around it, and calls it a sovereign AI product.
The interface is local. The intelligence is not.
Every cloud wrapper carries the same structural failures:
- It requires connectivity the deployment environment may not have
- It exfiltrates data to a jurisdiction the deployer cannot control
- It costs per query in a market that cannot sustain per-query economics
- It breaks the moment the connection breaks
- It transfers liability for data handling to a vendor outside the regulator's reach
Cloud wrappers can be useful in the right context. They are not infrastructure. They are not sovereign. And they are not what we build.
Privacy by Physics, Defined.
Privacy by Physics is a design principle that states: personal data should not require trust to remain private. It should require physics.
If data has not been transmitted, it cannot be intercepted. If a system has no network interface, it cannot be remotely breached. If a model runs on the device that generated the input, no external party — including us — can read the input.
The protection is not in the policy. The protection is in the architecture.
When a government asks us how we comply with data residency, our answer is not a legal opinion. It is a network diagram with no outbound arrow. When a regulator asks where the patient's data goes, our answer is: it didn't go anywhere. It is still on the device where it originated.
This is what privacy looks like when it is engineered instead of promised.
“The strongest privacy guarantee is the data you never collected.”
Four Principles That Hold Our Architecture Together.
On-Device Computation
All inference, all reasoning, all generation happens on the hardware in front of the user. Our models are quantized and optimized to run on edge silicon — not because cloud is unavailable, but because cloud is unnecessary.
Zero Outbound Telemetry by Default
Our deployments do not phone home. There is no usage analytics being shipped back to KSAI servers, no model performance data being silently uploaded. Where telemetry is needed, it is opt-in, explicit, and contractually scoped.
Sovereign Update Channels
When a deployed system needs an update, the update is delivered through a channel the deployer controls — typically an air-gapped technician sync, a sovereign distribution server, or a contracted update window.
Auditable by Default
Every KSAI deployment can be network-audited. Plug a packet sniffer into the network the device is on. You should see nothing leaving. If you see anything leaving, that is a bug — and we want to know about it.
How Privacy by Physics Maps to Global Data Protection Law.
Digital Personal Data Protection Act, 2023 (India)
The DPDP Act regulates the processing of digital personal data. Privacy by Physics changes the question. Where data is not collected, transmitted, or stored by KSAI, the Act's processing obligations do not attach to us as a Data Fiduciary.
General Data Protection Regulation (EU)
The GDPR's strictest provisions — cross-border transfer restrictions, data subject access rights, the right to erasure — are easier to satisfy when data has never left the data subject's own device.
Sectoral and Sovereign Requirements
Healthcare, defence, education, and financial services in most jurisdictions carry sectoral data residency requirements. Privacy by Physics is designed to make these requirements satisfiable by architecture rather than by contract.
Regulatory analysis is jurisdiction-specific and engagement-specific. We do not provide legal advice. We provide an architecture that makes the legal review shorter.
Technical and Policy Whitepapers.
The Privacy by Physics Manifesto
Our foundational positioning paper. Everything else flows from this.
Sovereign AI and the Cloud Wrapper Problem
Technical and economic critique of cloud-wrapper architectures.
Edge Inference Economics: The 18-Month Flip
When edge deployments become cheaper than cloud, with worked examples.
Privacy by Physics and the DPDP Act, 2023
Regulatory alignment brief for Indian counterparts.
Privacy by Physics and the EU AI Act
Regulatory alignment brief for EU counterparts.
What People Ask Us.
What We Believe.
“We believe that the next decade of AI infrastructure will be defined by a question the industry has tried to avoid: whose data, whose jurisdiction, whose terms?”
“We believe that the populations the cloud was never built for are not a market segment to be reached eventually. They are the test of whether the AI industry is serious about what it claims to be building.”
“We believe that privacy that depends on trust is privacy that has already been compromised.”
“We believe that the strongest privacy guarantee is the data you never collected. And the strongest sovereignty guarantee is the data that never left.”
This is what we build. This is what we mean when we say Privacy by Physics.