Sovereign AI Infrastructure
for Regulated Industries

Pendra Cloud provides managed inference APIs for open-source large language models (LLMs) to organisations that handle sensitive, regulated, or classified data. The infrastructure exists specifically to eliminate the legal and technical risks of routing data through foreign-owned cloud platforms.

Every component of the Pendra stack (compute, networking, storage, and operations) resides within the United Kingdom, is owned by a Welsh-incorporated entity, and is operated exclusively by vetted UK personnel. Your data is subject only to UK law, with no exposure to foreign intelligence legislation such as the US CLOUD Act, FISA Section 702, or equivalent frameworks.

Pendra is built for NHS trusts processing patient records, legal firms handling privileged briefs, public sector bodies managing citizen data, and any organisation where "probably compliant" is not an acceptable posture.

Data sovereignty is the founding principle of Pendra. All customer data, including prompts, completions, and metadata, is processed and transmitted exclusively within the United Kingdom.

This structure ensures that the US CLOUD Act, FISA Section 702, Executive Order 12333, and equivalent foreign intelligence frameworks have no legal mechanism to compel access to data processed by Pendra.

Pendra operates dedicated GPU clusters within Tier 3+ UK data centres. Our infrastructure is not multi-tenant at the hardware level. Customer workloads are isolated through dedicated compute allocation and secure enclave technology.

Physical Security

• 24/7 on-site security with biometric access controls
• CCTV monitoring with 90-day retention
• Mantrap entry systems with dual-authentication
• Environmental controls: redundant power (N+1), fire suppression, flood detection

Network Security

• All API traffic encrypted with TLS 1.3 (minimum)
• Network segmentation between inference clusters, management plane, and public endpoints
• DDoS mitigation at the network edge
• No inbound SSH. Management access via hardened bastion with MFA and audit logging

Compute Isolation

• Inference workloads execute within isolated secure enclaves
• GPU memory is zeroed between requests
• No shared state between customer inference sessions

Pendra operates a strict zero-retention policy for inference data. We do not store, log, cache, or inspect the content of your prompts or model completions.

We log only operational metadata: timestamp, model ID, token counts, latency, and HTTP status code. This metadata contains no prompt or completion content and is used solely for usage billing and system health monitoring.

We never use customer data for model training, fine-tuning, evaluation, or any purpose beyond fulfilling the immediate inference request.

All API access is authenticated using API keys with the prefix pdr_sk_. Keys are hashed with SHA-256 before storage. Pendra never stores plaintext API keys.

Key Management

• API keys are generated with cryptographically secure random bytes
• Keys can be scoped with optional expiration dates
• Key usage is tracked (last used timestamp, request counts)
• Keys can be revoked instantly via the dashboard
• The full key is shown only once at creation time

Dashboard Authentication

• Dashboard access requires email-based authentication with JWT tokens
• Session tokens are short-lived and non-persistent

Rate Limiting

Per-key rate limiting prevents abuse and ensures fair resource allocation across customers. Rate limit responses use standard HTTP 429 status codes with Retry-After headers.

In Transit

• TLS 1.3 enforced on all API endpoints. TLS 1.2 and below are rejected
• HSTS headers with long max-age to prevent protocol downgrade attacks
• Certificate transparency logging enabled

At Rest

• Inference data is not stored at rest (zero-retention policy)
• Operational metadata and account data encrypted with AES-256
• API key hashes stored using SHA-256 one-way hashing
• Database backups encrypted and stored within UK jurisdiction

We provide Data Processing Agreements (DPAs) and Data Protection Impact Assessment (DPIA) support as standard for all enterprise customers.

Pendra maintains a documented Incident Response Plan (IRP) with defined severity levels, escalation paths, and communication procedures.

• Detection: Automated monitoring and alerting across all infrastructure components
• Classification: Incidents triaged by severity (P1–P4) within 15 minutes of detection
• Notification: Affected customers notified within 24 hours for any data-related incident, in compliance with UK GDPR Article 33 equivalents
• Remediation: Root cause analysis and remediation documented for every incident
• Review: Post-incident reviews conducted within 5 business days with published findings

All Pendra engineers with access to production infrastructure are:

• UK nationals or residents with right to work in the United Kingdom
• Background-checked through BS 7858 screening or equivalent
• Bound by confidentiality agreements and acceptable use policies
• Required to use hardware security keys for all production access
• Subject to quarterly access reviews and principle-of-least-privilege enforcement

No contractor, partner, or third party has access to production systems or customer data.

For security inquiries, vulnerability reports, or to request a copy of our Data Processing Agreement, please contact:

We acknowledge all security reports within 24 hours and aim to provide an initial assessment within 72 hours.