By Arnav Jalan — 16 Mar 2026

Sovereign AI vs Cloud AI: When Control Actually Matters in 2026

Sovereign AI spending hits $1.3T by 2030. Learn when data sovereignty matters more than convenience, which industries need it, and how to evaluate sovereign vs cloud AI infrastructure.

Global AI spending is projected to reach $1.3 to $1.5 trillion by 2030. A growing share of that investment is flowing into sovereign AI infrastructure.

The trend is real. Governments are building national compute capacity. Enterprises are migrating sensitive workloads away from hyperscalers. IDC forecasts that by 2028, 60% of organizations with digital sovereignty requirements will have moved critical AI systems to new environments.

But here's what the hype cycle misses: sovereignty alone rarely drives vendor decisions.

McKinsey's 2025 enterprise survey found that most leaders describe sovereign AI as strategically important. Yet when it comes to actually switching providers, price, performance, and reliability still dominate. Sovereignty matters most for a specific subset of workloads involving sensitive data, regulatory exposure, or critical services.

This guide breaks down when sovereign AI infrastructure is worth the investment and when cloud AI remains the smarter choice. No ideology. Just the tradeoffs.

What Sovereign AI Actually Means

Sovereign AI is an organization's or nation's capacity to control its AI technology stack. That includes infrastructure, data, models, and operations.

The term gets thrown around loosely. To make it useful, break it into four dimensions:

Dimension	What It Covers	Example
Territorial	Where data and compute physically reside	Data stays in EU data centers
Operational	Who manages and secures data and compute	Your team vs. third-party provider
Technological	Who owns the underlying stack and IP	Open-source models vs. proprietary APIs
Legal	Which jurisdiction's laws govern the system	Swiss FADP vs. US Cloud Act exposure

Most enterprises don't need full sovereignty across all four. A healthcare company might care deeply about territorial and legal dimensions but outsource operational management to a trusted provider. A defense contractor needs all four locked down.

The mistake is treating sovereignty as binary. It's a spectrum, and your position on that spectrum should match your actual risk profile.

Partial sovereignty is valid. You might use a sovereign cloud provider for data residency while accepting their operational control. Or run open-source models on hyperscaler infrastructure for technological sovereignty without territorial control. The combinations depend on which risks matter most to your organization.

Cloud AI: How It Actually Works

Before comparing, understand what happens when you call a cloud AI API.

Your prompt leaves your infrastructure and travels to the provider's data center. It gets processed on their hardware. The response returns to you. Depending on the provider and your contract tier, your data might be:

Logged for abuse monitoring
Retained for some period (often 30 days)
Used for model improvement (unless you opt out)
Accessible to provider employees under certain conditions
Subject to government requests under provider's jurisdiction

Enterprise tiers from OpenAI, Anthropic, and Google offer stronger guarantees. Zero data retention, no training on your data, SOC 2 compliance, dedicated instances. But even with these protections, your data still travels to and processes on infrastructure you don't control.

For many workloads, this is fine. For some, it's disqualifying.

The Cloud Act problem. US-headquartered cloud providers can be compelled to produce data stored anywhere in the world under the Clarifying Lawful Overseas Use of Data Act. This applies regardless of where the data center sits. European enterprises working with US cloud AI providers face potential conflicts between Cloud Act obligations and GDPR requirements.

It's why the EU has been pushing for European cloud alternatives and why Swiss jurisdiction has become attractive for privacy-sensitive deployments.

The Real Cost Comparison

Cloud AI looks cheap on paper. Pay-per-token pricing, no hardware to manage, instant scaling. The math changes when you factor in volume, latency requirements, and long-term projections.

Cloud AI Costs at Scale

Provider	Input (per 1M tokens)	Output (per 1M tokens)	Fine-tuning (per 1M tokens)
GPT-4o	$2.50	$10.00	$25.00
Claude 3.5 Sonnet	$3.00	$15.00	Not available
Gemini 1.5 Pro	$1.25	$5.00	$4.00
Llama 3.1 70B (via Together AI)	$0.88	$0.88	$3.00

At 100M tokens per month, you're spending $25,000 to $150,000 annually on inference alone. That's before fine-tuning, before storage, before the compliance overhead of audit trails and access controls.

Hidden costs enterprises miss:

Egress fees. Moving data out of cloud environments costs $0.05 to $0.12 per GB. Large-scale inference with lengthy outputs adds up.
Fine-tuning premiums. Cloud providers charge 3x to 10x inference rates for training. Running multiple experiments gets expensive fast.
Compliance overhead. Enterprise tiers cost more. BAA agreements for HIPAA add fees. Custom data handling agreements require legal review.
Vendor lock-in. Switching providers means re-engineering integrations, re-running evaluations, potentially re-training models. The switching cost is real even if not line-itemed.

Sovereign Infrastructure Costs

Self-hosted infrastructure requires upfront capital but shifts the cost curve.

Hardware baseline:

Configuration	Hardware Cost	Total (with infra)	Use Case
Single H100 80GB	$30,000	$50,000	Development, small models
2x H100 NVLink	$65,000	$100,000	70B inference, fine-tuning
8x H100 HGX	$280,000	$500,000	Large-scale training, 405B inference
8x H200 cluster	$400,000	$700,000	Frontier model work

Add 20-30% annually for power, cooling, networking, and maintenance. Cloud GPU rental (H100 at $2-3/hour) bridges the gap for burst capacity.

The break-even calculation. At enterprise scale, self-hosted infrastructure often pays for itself within 18 months. One enterprise AI cost analysis found that teams running 50M+ tokens monthly saved 60 to 90% by moving to self-hosted infrastructure.

The savings compound when you factor in fine-tuning workloads. Cloud providers charge premium rates for training. On your own infrastructure, the marginal cost of running another experiment is electricity.

When cloud stays cheaper:

Volume under 10M tokens monthly
Unpredictable or spiky usage patterns
Need for multiple frontier models (would require separate infrastructure for each)
Team lacks GPU cluster expertise

When Cloud AI Wins

Cloud AI remains the right choice for many scenarios. Recognize when convenience outweighs control.

Speed to market matters more than sovereignty. If you're a startup validating product-market fit, spending months on infrastructure is the wrong tradeoff. Use cloud APIs, ship fast, migrate later if you need to. Many successful AI companies started on OpenAI APIs and migrated to self-hosted only after reaching scale.

Your workloads are non-sensitive. Customer support chatbots trained on public documentation don't need sovereign infrastructure. The regulatory exposure is minimal. Marketing content generation, public research assistance, general Q&A systems. Cloud providers offer sufficient data handling for low-risk use cases.

You lack operational expertise. Running production AI infrastructure requires skills most teams don't have. Model serving, GPU cluster management, failover systems, CUDA debugging. Cloud providers abstract this complexity. If your ML team is three people, that abstraction has real value.

The talent market matters here. ML infrastructure engineers command $300,000+ salaries. A team of three adds $1M+ annually in labor costs. Cloud abstraction lets smaller teams punch above their weight.

Your volume is unpredictable. Early-stage products with spiky traffic patterns benefit from pay-per-use pricing. You don't want to provision for peak load and pay for idle capacity. Inference demand that swings 10x between quiet periods and peaks is hard to serve efficiently on fixed infrastructure.

You need frontier capabilities immediately. The latest GPT or Claude models ship to cloud first. If you need the newest reasoning or multimodal capabilities today, cloud APIs are your only option. Open-source alternatives lag 6 to 12 months behind frontier proprietary models on most benchmarks.

Multi-model flexibility matters. Cloud APIs let you route different tasks to different models without managing multiple deployments. Use GPT-4o for complex reasoning, Claude for long documents, Gemini for multimodal. Sovereign infrastructure typically means committing to specific models.

When Sovereign AI Wins

Certain conditions make sovereign infrastructure not just preferable but necessary.

Regulatory mandates require data residency. GDPR, HIPAA, EU AI Act, and sector-specific regulations increasingly require data to stay within jurisdictional boundaries. Some require that data never leaves your premises at all.

The EU AI Act specifically addresses where high-risk AI systems can process data. Healthcare and financial services face the strictest requirements. For these workloads, cloud providers' "sovereign regions" may not satisfy auditors.

GDPR Article 44 restricts transfers to countries without adequate data protection. The US is not on the adequacy list. Standard contractual clauses provide a workaround, but the legal situation keeps changing. For risk-averse organizations, keeping data in-jurisdiction eliminates the uncertainty.

Your data is competitively sensitive. Training data represents years of accumulated institutional knowledge. Customer interaction logs, internal documents, proprietary processes. Sending this to third-party APIs creates risk, even with contractual protections.

Consider what your training data reveals:

Customer questions expose product gaps and user confusion points
Internal documents reveal strategy, pricing, competitive intelligence
Code repositories show architectural decisions and technical debt
Support logs indicate reliability issues and customer pain

Even with "no training" guarantees, this data transits third-party infrastructure. Employees at the provider could theoretically access it. Government requests could compel disclosure. For genuinely sensitive material, the risk calculus changes.

Latency requirements are strict. Cloud inference adds network round-trip time. For real-time applications, that latency matters.

Deployment	Typical Latency	Use Case Fit
Cloud API	100-500ms	Chatbots, async processing
Regional cloud	50-150ms	Interactive apps
On-premise	10-50ms	Real-time systems
Edge deployment	5-20ms	Autonomous, embedded

Self-hosted inference can achieve sub-10ms response times for smaller models. Fraud detection, autonomous systems, high-frequency trading support, real-time translation. These applications can't tolerate cloud latency variability.

You need model customization at scale. Cloud providers charge significant premiums for fine-tuning. They also limit what you can do with the resulting models.

Sovereign fine-tuning infrastructure lets you run unlimited experiments, create specialized models for different use cases, and retain full ownership of the resulting weights. For teams doing serious model customization, the economics favor ownership.

A typical fine-tuning workflow might involve:

50+ experiments to find optimal hyperparameters
Multiple model architectures compared
Ongoing retraining as data evolves
Specialized models for different departments or use cases

At cloud fine-tuning rates, this experimentation becomes prohibitively expensive. On owned infrastructure, the cost is compute time.

You're in a high-risk sector. Defense, intelligence, critical infrastructure, and certain financial services have requirements that no cloud provider can satisfy. Air-gapped deployments, hardware-signed attestations, and zero data retention aren't features you can request. They're architectural decisions that require sovereign infrastructure from the ground up.

You want verifiable guarantees. "Trust us" is a policy. Cryptographic verification is a proof. Stateless architectures that mathematically cannot retain data offer stronger guarantees than contractual promises. Some sovereign AI platforms provide hardware-signed attestations that data was processed without retention. Cloud providers can't offer equivalent verification.

Compliance Framework Comparison

Different regulations impose different requirements. Here's how cloud and sovereign options stack up.

Requirement	Cloud AI	Sovereign AI
Data residency in EU	Sovereign regions available	Full control
Right to erasure	Provider-dependent	Direct control
Data processing agreements	Required, provider templates	Custom to your needs
Third-country transfers	SCCs required for US providers	Not applicable if EU-hosted
Breach notification	Shared responsibility	Full responsibility

GDPR doesn't prohibit cloud AI, but it complicates it. Schrems II invalidated Privacy Shield. Standard Contractual Clauses require case-by-case assessment of destination country surveillance laws. For organizations wanting clean compliance, sovereign infrastructure eliminates these questions.

HIPAA (US Healthcare)

Requirement	Cloud AI	Sovereign AI
Business Associate Agreement	Available from major providers	Not applicable
PHI access controls	Provider-managed	Direct control
Audit logging	Provider tools	Custom implementation
Breach liability	Shared	Full
De-identification	Your responsibility	Your responsibility

Cloud AI can be HIPAA-compliant with proper BAAs and controls. But healthcare organizations increasingly prefer sovereign options for patient-facing AI. The reputational risk of a breach involving AI processing of health records pushes toward maximum control.

EU AI Act

Requirement	Cloud AI	Sovereign AI
High-risk system documentation	Shared responsibility	Full control
Human oversight	Your implementation	Your implementation
Data governance	Provider-dependent	Direct control
Transparency obligations	Your responsibility	Your responsibility
Conformity assessment	Complex with third-party processing	Simpler with full control

The EU AI Act enters full enforcement in 2026. High-risk AI systems (healthcare, employment, critical infrastructure) face strict requirements. Sovereign infrastructure simplifies conformity assessment because you control the entire stack.

SOC 2 and ISO 27001

Both certifications apply whether you use cloud or sovereign infrastructure. The difference is scope. Cloud providers have their certifications. You need yours for systems you operate. Sovereign infrastructure means your certification covers the AI components directly rather than relying on provider certifications for those pieces.

Decision Framework by Industry

Different sectors have different sovereignty requirements. Use this as a starting point.

Industry	Regulatory Drivers	Sensitivity Level	Recommended Approach
Healthcare	HIPAA, state laws, EU MDR	High	Sovereign for patient-facing, cloud for admin
Financial Services	SEC, FINRA, PCI-DSS, DORA	High	Sovereign for trading/compliance, hybrid for analytics
Legal	Attorney-client privilege, bar rules	Very High	Sovereign for client matters, cloud for research
Government	FedRAMP, ITAR, national security	Very High	Sovereign for classified, GovCloud for lower sensitivity
Insurance	State regulations, NAIC guidelines	Medium-High	Hybrid based on PII exposure
Retail/E-commerce	CCPA, GDPR, PCI-DSS	Medium	Cloud acceptable for most, sovereign for payment/PII
Manufacturing	Trade secrets, ITAR for defense	Medium	Hybrid based on IP sensitivity
Media/Entertainment	Copyright, content licensing	Low-Medium	Cloud for most use cases
Startups	Varies by sector	Low initially	Cloud until scale or regulation demands otherwise

The pattern is consistent: organizations end up with hybrid architectures. Sovereign infrastructure handles sensitive workloads. Cloud handles everything else. The question is where to draw the line.

The Hybrid Reality

McKinsey's research highlights a core tension. Sovereignty matters, but enterprises don't switch vendors for sovereignty alone. Price, performance, and reliability still drive decisions.

The practical answer is segmentation. Classify your AI workloads by sensitivity and regulatory exposure. Route each category to the appropriate infrastructure.

Tier 1: Sovereign required. Patient records, classified documents, trading algorithms, legal analysis, competitive intelligence. These never touch third-party infrastructure.

Tier 2: Sovereign preferred. Internal knowledge bases, customer analytics, proprietary training data. Sovereign infrastructure is safer, but cloud with strong data handling agreements may suffice depending on risk tolerance.

Tier 3: Cloud acceptable. Public-facing chatbots, content generation, research assistance, code completion for open-source projects. Convenience outweighs control concerns.

This segmentation also applies to the AI lifecycle. You might:

Fine-tune models on sovereign infrastructure using sensitive data
Evaluate model performance locally before deployment
Deploy inference to cloud for cost efficiency on non-sensitive queries
Keep logging and monitoring on sovereign systems

Or the reverse: use cloud APIs for experimentation and move to sovereign infrastructure for production.

Platforms designed for enterprise AI increasingly support this hybrid model. They let you train on-premise, evaluate locally, then deploy wherever makes sense.

Security Comparison: Cloud vs Sovereign

Beyond compliance, security posture differs between approaches.

Attack Surface

Cloud AI:

Your systems + network + cloud provider systems
Provider employees with access
Provider's other customers (multi-tenant risk)
API endpoints as attack vectors
Supply chain through provider dependencies

Sovereign AI:

Your systems + network only
Your employees only
No multi-tenant exposure
Internal endpoints only
Supply chain limited to hardware/software you deploy

The attack surface for sovereign infrastructure is smaller but you're responsible for defending all of it. Cloud providers invest billions in security. Your security team probably doesn't have equivalent resources.

Incident Response

Cloud AI:

Provider handles infrastructure incidents
You handle application-level incidents
Shared visibility into what happened
Provider timeline for disclosure

Sovereign AI:

Full responsibility for all incidents
Full visibility into all systems
Complete control over response
Your timeline for disclosure

Practical Security Considerations

Neither approach is inherently more secure. Cloud providers have more resources but also more attackers targeting them. Sovereign infrastructure has less expertise defending it but also a smaller profile.

The decision should factor in:

Your security team's capabilities
Threat model specific to your industry
Regulatory requirements for breach notification
Insurance and liability considerations

For most organizations, the security difference is less important than the compliance and control differences.

Migration Considerations

Moving between cloud and sovereign infrastructure isn't trivial. Plan for these factors.

Cloud to Sovereign Migration

What transfers easily:

Prompt templates and system instructions
Evaluation datasets and benchmarks
Application logic and integrations
User feedback and preference data

What doesn't transfer:

Proprietary model access (GPT-4, Claude stay on cloud)
Provider-specific fine-tuned models
Some evaluation metrics dependent on provider tools
SLAs and uptime guarantees

Migration steps:

Audit current cloud AI usage and costs
Identify equivalent open-source models
Benchmark alternatives against your evaluation suite
Set up sovereign infrastructure (or use managed sovereign platform)
Migrate non-critical workloads first
Gradually shift traffic while monitoring quality
Maintain cloud fallback during transition

Timeline: 3-6 months for straightforward migrations, 12+ months for complex enterprises.

Sovereign to Cloud Migration

Less common but sometimes necessary for:

Accessing frontier capabilities
Scaling beyond infrastructure capacity
Reducing operational burden
Cost optimization at lower volumes

The same staged approach applies. Never cut over entirely without validating quality on the new platform.

Evaluating Sovereign AI Providers

If you've decided sovereign infrastructure fits your needs, evaluate providers against these criteria.

Jurisdictional clarity. Where is the company headquartered? Swiss jurisdiction, for example, provides strong privacy protections under the Federal Act on Data Protection. US-based providers may be subject to the Cloud Act regardless of where your data physically resides.

Data handling guarantees. Zero data retention should be verifiable, not just promised. Look for stateless architectures and cryptographic proofs rather than contractual assurances. Ask:

How is data retained (or not) between requests?
Who has access to data during processing?
How is data encrypted in transit and at rest?
What attestation mechanisms verify compliance?

Compliance certifications. SOC 2 Type II, HIPAA BAA, ISO 27001 are table stakes. Check whether certifications cover the specific services you'll use.

Infrastructure flexibility. Can you deploy on your own hardware? In your own cloud VPC? On-premises in your data center? The more options, the better you can match infrastructure to requirements.

Self-hosting options should support major inference engines like vLLM and Ollama. Kubernetes integration matters for teams with existing container orchestration.

Full lifecycle support. Inference is just one piece. Look for integrated dataset management, fine-tuning capabilities, and evaluation frameworks. Point solutions create integration overhead.

Model selection. Sovereign doesn't mean limited. Check which open-source models are supported. Llama, Mistral, Qwen, DeepSeek should all be available. The ability to bring your own models matters for teams with custom requirements.

Enterprise readiness.

Uptime SLAs (target 99.9%+)
Support response times
Disaster recovery capabilities
Audit logging and compliance reporting

What's Coming Next

The sovereign AI market is accelerating. By 2028, IDC projects 60% of organizations with sovereignty requirements will have migrated sensitive workloads to new environments.

Several forces are driving this:

Geopolitical fragmentation. US-China tensions, EU digital autonomy initiatives, and regional data localization mandates are fragmenting the global cloud market. Organizations operating across borders face increasingly complex compliance requirements. The "one cloud everywhere" approach is becoming untenable for regulated industries.

AI Act enforcement. The EU AI Act enters full enforcement in 2026. High-risk AI systems face strict requirements around transparency, data governance, and human oversight. Sovereign infrastructure simplifies compliance by giving you direct control over the evidence trail.

Cost pressure at scale. As enterprises move from experimentation to production AI, the economics shift. Organizations processing billions of tokens monthly find self-hosted infrastructure dramatically cheaper. The 90% cost reduction from self-hosting is compelling at scale.

Trust erosion. High-profile data breaches and controversies around AI training data have made enterprises more skeptical of "trust us" assurances. Verifiable sovereignty becomes a competitive differentiator. Customers increasingly ask where their data goes when they interact with AI features.

Open-source model quality. The gap between open-source and proprietary models continues to narrow. DeepSeek, Llama, and Qwen now compete with GPT-4 on many benchmarks. Sovereign infrastructure becomes more attractive when it doesn't mean sacrificing capability.

Edge AI emergence. Small language models now run on phones and edge devices. For latency-sensitive applications, inference is moving closer to users. This is sovereign by default. The question becomes how to coordinate edge deployment with centralized training and management.

FAQ

What is sovereign AI vs cloud AI?

Sovereign AI refers to AI infrastructure that an organization fully controls, typically deployed on-premises or in private data centers under specific jurisdictional governance. Cloud AI means using third-party providers like OpenAI, Anthropic, or Google who operate the infrastructure and provide access via APIs. The core difference is control: who owns the hardware, who manages the data, and which laws apply.

Is sovereign AI more expensive than cloud AI?

It depends on scale. Below 10 million tokens monthly, cloud AI is typically cheaper. Above 50 million tokens monthly, sovereign infrastructure often pays for itself within 18 months. The break-even point varies based on your specific usage patterns, compliance requirements, and whether you need fine-tuning capabilities. Factor in total cost of ownership including hardware, personnel, power, and maintenance.

Yes, with caveats. You need appropriate Data Processing Agreements with providers. Standard Contractual Clauses are required for transfers to US-based providers. Some interpretations of GDPR suggest case-by-case assessment of destination country surveillance laws. For organizations wanting clean, unambiguous compliance, sovereign infrastructure with EU data residency eliminates these questions.

What industries require sovereign AI?

No industry strictly requires it by law in most jurisdictions, but several effectively mandate it through regulation and risk management. Defense and intelligence agencies require it for classified workloads. Healthcare organizations increasingly prefer it for patient data. Financial services need it for trading systems and compliance. Legal services need it for attorney-client privileged materials. Government agencies have various requirements depending on data sensitivity.

How do I migrate from cloud AI to sovereign infrastructure?

Start by auditing current usage and identifying equivalent open-source models. Benchmark alternatives against your evaluation criteria. Set up sovereign infrastructure or use a managed sovereign platform. Migrate non-critical workloads first while monitoring quality. Gradually shift traffic and maintain cloud fallback during transition. Typical timeline is 3-6 months for straightforward migrations.

Does sovereign AI mean worse model quality?

Not anymore. Open-source models like Llama 4, DeepSeek V3, Qwen 3, and Mistral Large now compete with proprietary models on most benchmarks. For specialized use cases, fine-tuned models on sovereign infrastructure often outperform general-purpose cloud APIs. The quality gap has narrowed significantly since 2024.

What is the Cloud Act and why does it matter?

The US Clarifying Lawful Overseas Use of Data Act allows US government to compel US-headquartered companies to produce data regardless of where it's stored. This creates potential conflicts with GDPR and other data protection regimes. European organizations using US cloud AI providers may face situations where US law requires disclosure that EU law prohibits. Swiss and EU-based sovereign providers avoid this conflict.

Can sovereign AI handle the same scale as cloud providers?

For inference, yes. Organizations running hundreds of millions of requests daily use sovereign infrastructure successfully. For training frontier models from scratch, no. That requires resources only hyperscalers possess. But few enterprises train foundation models. Most fine-tune existing models, which sovereign infrastructure handles well.

What's the difference between sovereign cloud and sovereign AI?

Sovereign cloud refers to cloud infrastructure operated under specific jurisdictional control, often by national providers or in isolated regions of hyperscalers. Sovereign AI specifically refers to AI workloads with sovereignty requirements. You can have sovereign AI on sovereign cloud, or on fully owned infrastructure. Sovereign cloud addresses data residency. Sovereign AI addresses the full stack including model ownership, training data control, and operational independence.

How do I evaluate if I need sovereign AI?

Ask these questions: Does your data include PII, PHI, or confidential business information? Are you in a regulated industry with data handling requirements? Do you operate in jurisdictions with strict data localization laws? Would a data breach involving AI processing cause significant harm? Do you need sub-100ms inference latency? Is fine-tuning a significant part of your AI workflow? If you answered yes to multiple questions, evaluate sovereign options seriously.

Making the Call

Sovereign AI infrastructure offers control, compliance, and long-term cost advantages. Cloud AI offers speed, convenience, and access to frontier capabilities.

Most enterprises will use both.

Start by auditing your AI workloads. Classify by sensitivity, regulatory exposure, and volume. Route appropriately. Build sovereign capabilities for workloads that demand them. Use cloud for everything else.

The vendors pushing "sovereignty everywhere" are selling something. So are the hyperscalers pushing "cloud is enough." The right answer depends on your data, your industry, and your risk tolerance.

If you're processing sensitive enterprise data and hitting the limits of cloud AI, sovereign platforms with Swiss jurisdiction and cryptographic verification offer a middle path. Full data control without building everything yourself.

But run the numbers first. The answer should come from your spreadsheet, not from marketing.

Ready to evaluate sovereign AI for your enterprise? Book a demo to see how PremAI's confidential AI stack handles fine-tuning, evaluation, and deployment with zero data retention.