The word “sovereignty” has been borrowed by every AI marketing team on the planet. It sounds authoritative and protective. It means almost nothing unless you can point at four concrete guarantees: encryption keys you hold, data you can export as structured JSON, a verified right to delete everything, and a contractual prohibition on training models with your conversations.
What does digital sovereignty actually mean for AI users?
Digital sovereignty means you hold the encryption keys to your data, you can export a complete copy at any time, you can delete everything permanently, and the platform cannot use your conversations to train its models. It is a technical guarantee, not a marketing claim.
Sovereignty over your AI data requires exactly four technical properties to be present simultaneously. If any one is absent, the platform is offering privacy theatre. Audit them one by one when evaluating where you place your most personal conversations:
Encryption keys you hold
Your data is encrypted with a key derived from your credentials. The server stores ciphertext. Even if the platform is breached or served a court order, your conversations remain unreadable without your key.
Data you can export as JSON
You can request a complete, machine-readable archive of every memory, preference, and conversation record — not a PDF summary, but raw JSON you own and can import anywhere.
The right to delete everything
A single verified request causes every record to be permanently removed from all storage layers, including backups within a defined retention window.
No training on your conversations
Your inputs are never routed into a model fine-tuning pipeline. This must be a technical constraint enforced by architecture, not a policy promise that can be silently changed.
Why can’t most AI companies give you true data sovereignty?
Most AI platforms run centralised inference and training pipelines where user conversations flow into shared infrastructure. The architecture was never designed for user-held keys — retrofitting sovereignty would break their model-improvement loops and is commercially disincentivised.
This is not a policy failure. It is an architecture failure. The companies that built today’s large language model products designed their infrastructure around a core assumption: that conversations are training signal. Every message you send improves the model. That loop is the commercial engine — and it is fundamentally incompatible with user-held encryption keys.
The data path of a typical centralised AI service: your message hits a shared inference endpoint, is logged to a database with platform-managed keys, a background pipeline exports sampled conversations to a training data lake, and fine-tuning ingests that lake — your words baked into billions of floating-point weights. At step two, sovereignty is already gone. At step four, erasure becomes technically meaningless.
Rebuilding this to support user-held keys requires fully isolated encryption contexts per user at the inference layer — dramatic cost increases and the loss of the training signal that funds the entire operation. This is why platform sovereignty commitments are almost always policy documents rather than technical guarantees.
What UK GDPR rights do you have over your AI conversation data?
UK GDPR gives you Article 15 (access), Article 16 (rectification), Article 17 (erasure — the right to be forgotten), and Article 20 (portability — receive your data in machine-readable JSON). These rights apply to every AI service processing data about UK residents, wherever the company is incorporated.
| Article | Right | What it covers | MEOK implementation |
|---|---|---|---|
| Art. 15 | Right of Access | Obtain a full copy of all personal data held about you, including the categories processed and their purpose. | Instant JSON export via /api/user/data |
| Art. 16 | Rectification | Correct inaccurate personal data without undue delay. AI memory entries can contain wrong facts about you. | Edit or delete individual memory nodes |
| Art. 17 | Right to Erasure | Have all personal data permanently deleted. Must be honoured within one calendar month of the request. | Delete-everything endpoint, verified & irreversible |
| Art. 20 | Portability | Receive data in a structured, machine-readable format and transmit it to another controller of your choosing. | Open JSON schema, no proprietary lock-in |
To exercise these rights, submit a Subject Access Request (SAR) to the data controller. They have one month to respond. Failure can be escalated to the Information Commissioner’s Office (ICO), which can impose fines up to £17.5 million or 4% of global annual turnover.
What does it mean to hold your own encryption keys?
When you hold the encryption keys, the platform cannot read your data even if compelled by a court order or breached by an attacker. AES-256 with user-scoped keys means each user’s data is encrypted with a key derived from their own credentials — the server stores ciphertext only.
Most AI services use platform-managed keys. Their encryption protects against physical storage theft, but offers no protection against the company itself, its employees, its government, or a court order. The meaningful question is not whether AES-256 is used — it is who holds the key.
In a properly implemented user-scoped key architecture, a unique encryption key is derived from your credentials using a key derivation function such as Argon2. Your conversations are encrypted with that key before they touch storage. The server stores only ciphertext. When you delete your account, destroying the key is equivalent to destroying the data — permanently and irreversibly.
How does MEOK implement data sovereignty technically?
MEOK encrypts all conversation memory with AES-256 at rest using user-scoped keys. Your data is logically isolated and never enters a shared training pipeline. You can export a complete JSON archive via /api/user/data at any time, and a single verified request permanently erases every record.
AES-256 at rest, user-scoped keys
Every memory node, conversation record, and preference is encrypted with AES-256. Keys are derived from user credentials at the storage layer. The database stores ciphertext — MEOK infrastructure operators cannot read your conversations.
Logically isolated data stores
Your data lives in a user-scoped partition — never commingled with other users in a shared flat table that a training pipeline can sample. Isolation is enforced at the query layer, not just by convention.
No training pipeline routing
MEOK does not operate a model fine-tuning pipeline fed by user conversations. The models used for inference are separately trained foundation models. Your conversations are input to inference only — never output to a training data lake.
Full JSON export via /api/user/data
Authenticated GET requests return a complete JSON archive: every memory, preference, and metadata record. The schema is documented and open. No lock-in mechanism exists.
Verified delete-everything endpoint
A single authenticated DELETE request cascades deletion across all storage layers, including the backup retention window. The operation is logged, confirmed by email, and irreversible by design.
Can you export your AI conversation data as JSON from MEOK?
Yes. MEOK’s /api/user/data endpoint returns a complete, machine-readable JSON export of every memory, preference, and conversation record associated with your account. The format is open and documented so you can import it into any other system or archive it locally.
Article 20 UK GDPR guarantees data portability, but quality varies wildly. A vague HTML page or PDF summary is technically compliant but practically useless. Real portability means: a complete structured JSON file with a documented schema, all data not a curated subset, available on demand rather than subject to a 30-day processing window, and no proprietary encoding that requires the originating platform to decode.
MEOK’s export meets all four criteria and is available immediately via an authenticated API call — no support request, no waiting. If you delete your account after exporting, your local JSON file is the only copy that remains. MEOK cannot reconstruct your data from its own systems after a verified deletion. That is the point.
YOUR DATA. YOUR KEYS. YOUR AI.
Experience sovereign AI for yourself
MEOK gives you an AI companion that remembers you, adapts to you, and belongs entirely to you — with the encryption, portability, and deletion rights that sovereignty actually requires.
Why MEOK was built on sovereign architecture from day one
Founder Nicholas Templeman built MEOK after observing a consistent pattern: the most personal AI conversations — about health, grief, relationships, and identity — were happening on platforms whose commercial model depended on retaining and monetising that data. The intimacy of the use case and the exploitability of the architecture were running in direct opposition.
The alternative was not to build a better privacy policy. It was to build different infrastructure — one where sovereignty is enforced by cryptography, not promised by contract. AES-256 at rest with user-scoped keys. Logically isolated data stores. No training pipeline routing. Full JSON export always available. A verified delete-everything endpoint with no exceptions.
These are not features that were retrofitted later. They are the architecture. You cannot bolt sovereignty onto a system designed around data collection any more than you can retrofit privacy onto a surveillance network. The decisions have to be made first, at the foundation, when the cost is highest and the commercial temptation to defer is greatest.