Mission, stewardship, and the ethics of a compliant network.
The master document of Citrate Network. Everything else forks from this. We are stewards of software. We are not owners of your data.
Why this document exists.
A company tells you what it does. A constitution tells you what it will not do, even when doing it would pay. This is the second kind of document.
Citrate was built to be a safe place to learn, procure, and produce artificial intelligence. It was never meant to be an intelligence itself. It is a substrate. It is the ground other people build on. That distinction is the whole point of the company, and most of what follows is an attempt to take it seriously.
We work in two fields that have earned their bad reputations. Crypto has spent a decade promising to bank the unbanked and mostly minting tokens that go to zero. AI has spent three years promising to free human attention and mostly harvesting it. A reasonable person walks into either room with a hand on their wallet. We do not resent that reflex. We share it. This document is written for the person who has that reflex, because earning their trust is the only durable business we know how to build.
So we will say the uncomfortable things first. We are not a token. We are not a get-rich scheme. We are not going to sell you a dream and deliver a Discord. We are a software company that happens to use a distributed network the way a bank happens to use a vault. The vault matters. It is not the business.
We are stewards of software. We are not owners of your data.
That single sentence is the spine of this company. Read on and you will find it again in the economics, in the architecture, in the way we treat schools, in the way we treat a defense prime, and in the things we have decided we will never build. If anything in our conduct ever contradicts that sentence, the sentence wins, and the conduct is the error.
The Mission.
Our mission is to be the most compliant network for private and public use, and to make that compliance a foundation other people can build their own trust on top of.
Compliant is a quiet word and we mean a loud thing by it. We mean that in every industry we enter, on every decision that touches security, safety, and auditability, we go further than the regulation asks. Not because a regulator is watching. Because the customer should never have to wonder. A school should not have to read a privacy policy to know its students are safe. A defense prime should not have to take our word that the ledger is honest. The architecture should make the answer obvious.
We aim to give data ownership back. Back to the people who generate it, back to the corporations that hold it, back to the institutions that depend on it. The industry default is the opposite. The industry default is that you bring your data to someone else's cloud, and quietly, line by line in a contract you did not read, it stops being yours. We are building the other thing. Wherever it can be done, we will design for on-premise operation, for local ownership, for the customer keeping the keys.
What we are building toward
A distributed network that lets an organization run intelligence on its own machines, train models on its own data without surrendering the data, and earn from compute that would otherwise sit idle. The same network, offered to public schools at no cost, so that the infrastructure enriching the enterprise also funds the classroom. And underneath all of it, a public ledger honest enough that a regulator, an auditor, or a parent could check it and find nothing hidden.
What we are not
We are not an AI company in the sense people mean it. We do not want your data to train our model. We do not have a model that we need your data for. We sell the ground, not the crop.
We are not a crypto project. There is a token. It meters compute and settles payments, the way a clearinghouse settles trades. It is plumbing. We will never market it as an investment, and we structure the company so that our revenue does not depend on its price.
We are not a hosting company. We do not want to hold your workloads on our servers. The whole design points the other way: your machines, your keys, your premises, your data.
The Steward Thesis.
The clearest way to understand the company is to draw the line we will not cross, and then notice that everything profitable for us lives on our side of it.
There are two ways to make money in software that touches data. You can own the software and let the customer own the data. Or you can give the software away and quietly take the data. The second model built most of the consumer internet. We are betting the first model builds the next decade of regulated, institutional, sovereign software, because the institutions that matter most have finally noticed the price of the second.
The line, drawn plainly
This is not a slogan we apply after the fact. It is a constraint we design under. When an engineer on this team has to choose between an architecture that would let us see customer activity and one that would not, the one that keeps us blind wins, even when the blind one is harder to build. Especially then.
Why the steward wins
Because the customers we want cannot use the other model. A hospital cannot put patient data in a cloud that trains on it. A school cannot, by law, hand student records to a vendor that monetizes them. A defense prime cannot run classified workloads on infrastructure it does not control. An accounting firm cannot let its working papers train someone else's product. The institutions with the most to protect are exactly the ones the data-harvesting model cannot serve. They are underserved on purpose, because serving them honestly is harder. We intend to serve them honestly. That is the business.
We don't sell speculation. We sell sovereignty.
The Economics, Honestly.
A constitution that would not survive contact with the P&L is decoration. So here is how the company actually makes money, stated plainly enough that you could check it.
The business is software and the marketplace. Not the token.
Revenue comes from three places. Licenses for the software, paid by the organizations that run it. A small fee on real compute changing hands in the marketplace, taken when buyers and sellers actually transact. And services: implementation, support, and the work of making sovereign infrastructure run inside a real institution. Every one of these earns money whether the token rises, falls, or sits flat. That is the test of whether something is plumbing or a product, and the token passes it as plumbing.
What a participant actually earns
We will state earnings as outcomes, never as raw rates. The honest, conservative figure is that an idle device earns single-digit to low double-digit dollars per month, depending on the hardware and how much real demand the network is carrying. A district with a fleet of devices left plugged in overnight earns a sum that is meaningful against a maintenance budget and modest against a deficit. We will not promise more than the market clears, because the projects that promised more than the market cleared are the reason the room is suspicious when we walk in.
Two figures we have retired from external use, on purpose: the raw hourly compute rate, because it forces the reader to do arithmetic to learn what they get; and any device earnings figure stated as a best case, because best cases are how the snake-oil pitch works. The unit economics live in an appendix for the people who need to verify them. The reader gets the outcome.
The cross-subsidy is a commitment, not a discount
Enterprises and institutions pay. Public schools do not. The same infrastructure serves both, and the paying side underwrites the free side by design. This is not charity we can withdraw when a quarter looks tight. It is written into what the company is for. An enterprise customer should understand, when they sign, that a fraction of what they are buying is a classroom they will never see. We think that is a reason to buy from us, not a cost of it.
The Ethics, as Commitments.
Posture is a feeling about yourself. A commitment is a thing someone else can hold you to. What follows are commitments. Each one is something a customer, a regulator, or a critic could check, and each one costs us something, which is how you know we mean it.
Data sovereignty is a right, not a feature.
WE COMMIT
To designing every product so the customer can run it on their own premises, hold their own keys, and own their own data and models outright. Where on-premise is genuinely impossible, we will say so plainly and explain exactly what leaves the building and why.
The cost to us: on-premise software is harder to sell, harder to support, and harder to upsell than a hosted service that quietly accumulates lock-in. We are choosing the harder business because it is the honest one.
Verified identity, unsurveilled behavior.
WE COMMIT
To knowing that an operator is a real, accountable person, and to never seeing, retaining, or monetizing the content of what they run. Identity is checked at the door. Behavior is never on the menu.
Every node operator is identity-verified through CLEAR. There are no anonymous operators on our network and there will be none. This is how we stop the oldest fraud in the space: the fake operator selling compute that does not exist, the Sybil swarm gaming rewards, the inference that was never actually run. A network you would trust with a hospital's workload cannot be a network of strangers.
And here is the line that makes that defensible rather than dystopian. We verify who you are so the ledger can be trusted. We are built so we cannot see what you compute. Those are different things, and the architecture keeps them different on purpose.
Children are protected by design, not by promise.
WE COMMIT
To FERPA, COPPA, CIPA, and PPRA alignment as a floor and not a ceiling. A student's models and the adapters they train travel with the student, in private custody that the student and their institution control. No student data trains anything of ours. No student data is sold, shared, or surveilled. Ever, and by anyone, including us.
Public schools join at no cost, and student data is the most sensitive data we will ever touch. So it gets the strongest commitment in this document.
A child using our network should have a set of models that are genuinely theirs, that learn from them without reporting on them, and that they carry forward year to year. The cloud does not get the child. That is the entire promise of the education program, and it is non-negotiable.
Above and beyond on security, in every sector we enter.
WE COMMIT
To external security audit before mainnet and on a standing basis after, to publishing that we have been audited and that findings are closed, and to delaying any launch that still carries an open serious or critical finding. A deadline never beats a security finding. The finding wins.
Each industry has its own regime: defense has CMMC and ITAR, healthcare has HIPAA, finance has its own auditors, and a public ledger invites a level of scrutiny most software never sees. We treat the strictest applicable standard as the baseline, not the goal.
Intellectual honesty as the house style.
WE COMMIT
To claims grounded in verifiable data, to plain language over jargon when speaking to people who did not ask for jargon, and to never letting a marketing sentence outrun an engineering fact. The reputation we want cannot be bought. It can only be accumulated, slowly, by being right and being honest in a room full of people who are neither.
We work in a space defined by overstatement. The differentiator is almost embarrassingly simple: we will not overstate. We will publish the research. We will cite the source. We will state the conservative number. When something is unproven, we will call it unproven. When we are wrong, we will say so and fix it, in public if it was public.
The Promise, to Each Side.
The commitments above are universal. But each kind of person who touches the network is owed a specific version of the same promise, in language that meets them where they stand. This is the bridge into the go-to-market document, which carries it the rest of the way.
To institutions and enterprises
You keep your data, your models, and your keys. You run on your own premises. You turn idle compute into a line of revenue instead of a line of cost. And you do it on infrastructure built to satisfy your auditors, not to dodge them.
To schools, districts, and the people who run them
You get the same network the enterprises pay for, at no cost, with the strongest child-safety commitments we know how to write. Your students get models that are genuinely theirs. Your district gets revenue from devices that used to sit dark all night. No new hardware, no new taxes, no curriculum mandate.
To developers and node operators
You get a substrate that is honest, formally specified, and built memory-safe from the ground up. You get verified peers, so the network you are building on is not a swarm of ghosts. You get to earn from real demand rather than token emissions. And you get documentation that respects you enough to tell you the truth, including where the hard edges are.
To the people who simply use it
You get to earn from the device you already own, in plain dollars, without learning a new religion. You will never be asked to understand a blockchain to benefit from one. The technology is our problem. The benefit is yours.
To regulators, auditors, and the public
You get a ledger built to be checked, a company that publishes its audits, and an organization that treats your scrutiny as the product working rather than the enemy at the gate. We would rather you find nothing because there is nothing to find.
The Standing of This Document.
This constitution sits above the marketing, above the roadmap, above the quarterly pressure to do the easy thing. The go-to-market segmentation forks from Article V. The sequencing plan answers to Article III and Article IV: nothing ships that violates a commitment, and the order of work bends to the ethics, not the other way around.
When a future decision conflicts with a sentence written here, one of two things is true. Either the decision is wrong, or the sentence needs to change in the open, with a reason, recorded. What we will not do is let the contradiction stand silently. A constitution that is quietly ignored is worse than none, because it teaches the team that the words do not mean anything. These words mean something.
We are stewards of software. We are not owners of your data. Everything else is detail.