# IdSolid - Where data sovereignty is structural URL: https://magentix.ai/idsolid IdSolid is the sovereign-by-architecture identity, memory, and data platform for the moment personal information stops being an asset to defend and starts being a liability to redesign around. Built for organisations and individuals who would rather not see their own name in the next breach headline. Each subject's data lives inside an individually encrypted Sovereign Pod. Verified identity attributes are exposed through an open API. An AI memory layer travels with the subject across whatever models, tools, and providers they use. Runtime-agnostic. Vendor-neutral. Personal storage, enterprise data architecture, AI memory continuity, and source-of-truth identity for other organisations - one sovereign primitive underneath all of it. ## IdSolid and traditional data stores are not the same thing Traditional corporate data architectures aggregate. They were built when storage was expensive and centralisation was the obvious efficiency. Personal records get pulled into a single database, the database gets surrounded by progressively heavier perimeters, and the result is a honeypot that grows more valuable to attackers with every customer added. The breach surface is the entire customer base, every time. IdSolid distributes. Each subject's data lives inside its own cryptographically isolated Sovereign Pod. The pods cannot be queried in aggregate. A breach of one pod is not a breach of any other. The subject is the only entity who can grant access, and access is per-pod, per-scope, per-transaction. The architecture inverts the central assumption underneath every major data breach in the past twenty years: that holding everyone's data in one place is more efficient than holding each person's data with the person. A traditional data store answers: who is in our database, and what do we know about them? IdSolid answers: who has chosen to make themselves verifiable, what have they chosen to share, and with whom? Both hold personal data. Only one does so in a shape that survives determined attackers. ## The data sovereignty gap The current internet stores personal data in two ways, neither of which serves the subject. Corporate aggregation: your data sits inside someone else's commercial system because they need it to provide a service; when they fail to hold, defend, or return it, the failure is yours to bear, not theirs. AI vendor lock-in: your AI memory sits inside the model provider's proprietary silo; the context you build with one model cannot move to the next, and your accumulated intelligence is the thing the platform sells back to you. Both gaps share an architectural cause: data is held by the system that processes it, not by the subject it describes. The sovereignty conversation has run for two decades without closing either gap because it has been a policy conversation, not an architectural one. Promises about data ownership do not bind storage architecture. Architecture binds storage architecture. IdSolid closes both gaps by removing the assumption underneath them: the subject's data lives with the subject, tools and providers operate on it through scoped, revocable access, and when the subject changes provider the data does not move - the access permissions do. ## The primitive: the Sovereign Pod At the core of IdSolid is a single primitive: the Sovereign Pod, an individually encrypted, cryptographically isolated data store assigned to one subject (one person, one household, one organisation) holding everything that subject has chosen to make portable and verifiable. Each pod contains four governed layers: - The identity layer: bank-verified attributes, government-issued credentials including those under frameworks such as eIDAS and the EU Business Wallet, professional certifications, and other high-assurance identity primitives. Provenance is preserved end-to-end so any querying organisation can verify which attributes are bank-verified, which self-attested, and which signed by recognised credentialing authorities. - The data layer: personal records, organisational records, transactional history, and any other structured data the subject controls. The schema is the subject's, not IdSolid's; organisations request access to specific fields under specific scopes, and the pod owner decides per request. - The Open Brain memory layer: AI memory, context, and accumulated intelligence stored in a format any compliant AI model can read. When the subject changes AI provider, the new model gets read access to the same context the previous one had. Memory travels with the subject, not with the AI. - The provenance layer: a cryptographically signed record of every access granted, attribute used, memory recall, and change made. The pod owner can audit their own pod completely; consuming organisations can verify the chain of evidence behind anything they receive. The Sovereign Pod is not a policy decision or a terms-of-service promise. It is an architectural primitive that makes sovereignty a property of storage, not a clause in a contract. ## What IdSolid gives the customer Sovereignty. Every subject owns their pod outright. Magentix cannot read pod contents. Hosting providers cannot read pod contents. Other organisations consume only what the subject explicitly grants, only for as long as the subject grants it. When a regulator asks where customers' personal data lives, the honest answer is "with the subject, not in our database." Portability. Identity, data, and AI memory travel with the subject across providers, tools, and models. Switching AI vendors does not reset accumulated context; moving healthcare providers does not erase history; changing employers does not strand a credential record. The architecture makes lock-in structurally impossible, so competition happens on service quality rather than switching cost. Provenance. Every attribute, record, and credential carries its origin and signature. Organisations can subscribe to a pod as a source of truth: a bank verifies a customer's identity from the pod rather than running duplicate KYC; an employer verifies a credential from the pod rather than calling the issuing institution. "Is this person who they say they are" becomes a single signed read, not a six-week cycle. ## Architecture principles IdSolid is SaaS-first and runtime-agnostic. Pod isolation is absolute because sovereignty depends on the guarantee that no pod can read another. Cryptographic isolation is enforced at the storage layer, not the application layer - the database itself cannot return aggregate queries across pods. No raw secrets are persisted at provider level. Bank-verified attributes use signed, revocable credentials from accredited identity providers. The open API allows any organisation to integrate IdSolid as an identity, memory, or data layer alongside existing systems. The Open Brain memory layer uses PostgreSQL with pgvector and is MCP-ready, so memory written by any compliant model can be read by any other. GDPR-compliant by design. ## Competitive positioning The personal-data-sovereignty market is splitting into layers rather than converging. IdSolid's lane is the sovereign-by-architecture identity, memory, and data platform that operates as a source of truth for both subjects and the organisations that verify them. Across the categories: - Personal-data-pod infrastructure and protocol (Inrupt; the W3C Solid protocol, Tim Berners-Lee): IdSolid implements interoperable pod patterns and adds the layers Solid leaves to implementers - the Open Brain AI-memory layer, bank-verified identity attributes, and provenance signing - with every layer cryptographically isolated, not just the storage tier. - Verifiable-credentials and SSI infrastructure (MATTR; Procivis; Trinsic): complementary; IdSolid consumes their signed credentials as pod attributes and adds the data and memory layers they do not address. - Proprietary AI-memory silos (ChatGPT Memory; Claude Memory; Cursor Memory; Gemini Memory): architecturally opposed; these keep memory inside the vendor's walls, whereas IdSolid's Open Brain layer is portable across compliant models and lives with the subject. Where these are the lock-in surface, IdSolid is the lock-out. - Corporate aggregation and clean rooms (Snowflake; Databricks; enterprise data lakes; AWS Clean Rooms): opposed for personally identifiable data, since lakes aggregate by design and IdSolid distributes by design, though they compose for non-personal analytics. - Government identity wallets (EU Business Wallet; eIDAS wallets): a structural integration target, with the Sovereign Pod as the natural sovereign home for credentials issued under such frameworks. - Consumer credential storage (Apple Keychain; Google Password Manager; 1Password): an adjacent, narrower surface; IdSolid handles credential storage as a subset of a broader sovereign data and memory architecture exposed through an open API. The category IdSolid exists to replace is the corporate honeypot data architecture - the centralised customer database that is breached every quarter. ## How IdSolid and ARBITR relate IdSolid and ARBITR are independent products that hold different layers of the same architecture. IdSolid holds identity and memory: who is acting, what context informs the action, what credentials they carry, what they have chosen to expose. ARBITR holds the neutral evidence of execution: under what authority an action occurred, against which target, with what result, at the moment of commit. Consider an autonomous AI agent presenting a credential under a framework such as eIDAS on an organisation's behalf, then committing an action against a target system: IdSolid makes the credential presentable and verifiable; ARBITR makes the resulting action accountable. Either in isolation answers part of the question; together they account for identity, memory, and the evidence of execution. ## Status and the Early-Design-Partner Programme The IdSolid Early-Design-Partner Programme is open. Twenty places are being selected on lifetime-access partnership terms. The Sovereign Pod primitive is stable, the V1 product scope is defined, and the architecture is being pressure-tested through the design-partner cohort before general availability. The programme is the only commercial path today. The twenty places accommodate both organisational adopters (banks, healthcare providers, regulated industry, governments, identity-issuing institutions) and individual high-assurance subjects (founders, executives, privacy-sensitive professionals) who want to test the architecture from both sides of the table; the cohort will be balanced for breadth across personal, organisational, and institutional use cases. Each partner pays a single fixed entry fee and receives lifetime access thereafter. An Expression of Interest leads, where the fit is strong, to a qualification call; shortlisted partners receive the Prospectus and, under mutual non-disclosure, the Architecture Brief and the Sovereign Pod schema.