Panda run DeepSeek R1 0528 & Llama 4 scout. Both are full & quantized models.
It’s located in Norway.
Panda runs every conversation inside an Intel TDX & NVIDIA Confidential Computing enclave, keeps the TLS key inside that enclave, and never stores your prompts. So nobody—not even Panda admins—can read your data before, during, or after inference.
A fresh TLS key is born inside the enclave, baked into an Intel-signed attestation, and proven to your client on every response—so encryption really runs from your browser straight to the model process and nowhere else.
Your Panda client automatically does this for you, but you can also do this manually. Grab the two Panda-* headers from any reply, fetch the matching attestation token, and verify three signatures—Intel’s JWT, the quote’s pub-key binding, and the response signature.
TDX keeps every CPU byte inside an encrypted Confidential VM, NVIDIA’s Hopper/Blackwell GPUs keep every GPU byte inside an encrypted Compute-Protected Region (CPR), and Panda binds the two attestation proofs together so the client can verify cryptographically that both were enabled for every single reply.