Pocket Portfolio: A Proof-of-Concept for UK Sovereign AI Infrastructure
Demonstrating how the UK can build secure, user-owned financial data systems that deliver frontier AI capabilities without depending on foreign hyperscalers for data retention.
Raw portfolio data stored on our servers
User-owned data residency and control
Sanitized context string sent for stateless inference
The Paradigm Shift
The Old Way (Foreign Dependency)
Legacy platforms siphon your entire financial ledger to centralized, foreign cloud servers for processing, stripping you of data sovereignty and creating massive security honeypots.
Three Pillars of Sovereignty
Pocket Portfolio's proof-of-concept is structured around three pillars, each with defined technical and governance foundations that align with the Sovereign AI Proof-of-Concept Grant criteria.
Pillar 1: Local-First Data Sovereignty
Data stays on device and in user-chosen storage; we never hold or process raw financial ledgers.
Data boundary at the edge
Portfolio data lives in the user's browser (IndexedDB) and optional Google Drive. We do not operate a database of user financial data.
User-owned storage & open formats
Sync uses a single user-owned file. Schema is open (JSON/CSV); users can export, move, or audit their data with no vendor lock-in.
Minimal, auditable data egress
Only a sanitized context string (totals, top-N holdings) leaves the device for AI inference. No PII or row-level history.
Compliance-friendly residency
UK users' data remains under their control. We do not ship raw ledgers to foreign jurisdictions for processing.
Pillar 2: Edge-Compute AI
Context is built on-device; the cloud only sees a minimal, non-retained snapshot—demonstrating frontier AI without moving data.
Client-side context engine
The full portfolio is reduced to a token-bounded summary in the browser. Raw data never leaves the device.
Stateless inference API
Our endpoints are pure functions. No server-side storage of portfolio or chat history. The data boundary is preserved at scale.
Hybrid RAG with sovereign control
The model reasons over the user's local summary plus public market data. Sensitive data is never used to build a remote RAG index.
Scale-to-cloud with clear boundaries
Only minimal context is in flight. Future deployments can use sovereign or on-prem LLMs without changing the client-side boundary.
Pillar 3: Open-Ecosystem Business Model
Open core, auditable boundary, revenue from membership and services—not from data harvesting or vendor lock-in.
Open-source, auditable core
Reviewers and institutions can audit how data is reduced, what is sent to APIs, and how the boundary is strictly enforced.
Revenue aligned with sovereignty
Revenue comes from membership and sponsors, proving that sovereign, local-first infrastructure can be financially self-sustaining.
Community governance
Roadmap priorities are influenced by the community, showing a path to scalable adoption without central control of user data.
Reducing reliance on foreign tech
By keeping context construction on the client, core value does not depend on foreign hyperscalers. LLMs can be swapped dynamically.
The Sovereign Architecture Blueprint
Grant Alignment
Proof of concept for architecture
Working local-first stack: IndexedDB, client-side context engine, and stateless APIs with zero server portfolio DB.
Technical validation of capabilities
Fully auditable codebase demonstrating exactly what sanitized strings cross the boundary.
Demonstrate frontier AI performance
Hybrid RAG over sanitized context only, proving useful AI is possible without centralizing user data.
Show ability to scale business model
Subscription (Founders Club) and enterprise tiers—revenue is entirely decoupled from data exploitation.
Clear path to data & compute access
Data is 100% user-owned. Compute is stateless and can be routed to UK sovereign endpoints.