Privacy Policy
How we collect, use, and protect your information.
Last updated: March 1, 2026
1. Information we collect
We collect information you provide (such as name, email, and account details) and information generated through use of the Service (such as operational records, security and audit logs, and technical data needed to run and protect the platform). We do not use third-party advertising pixels on core product surfaces. The extent of optional analytics or detailed diagnostics depends on your deployment and settings.
2. How we use information
We use personal data to provide and improve the Service, authenticate users, communicate about your account, ensure security and integrity, comply with law, and pursue legitimate interests such as fraud prevention and product development, where applicable law allows. Where GDPR or similar law applies, we rely on contract, legitimate interests, consent (where required), and legal obligation as appropriate to the processing.
3. Storage, regions, and platform processing
If you use Sovern-operated hosting, organization data is stored and processed on infrastructure we operate for that offering, generally in the region associated with your environment. If you self-host, storage and processing occur on systems you control. Certain platform capabilities (such as routing sign-in across environments or a central product catalog where enabled) may involve limited processing of account-related or technical data across separately operated parts of the platform solely to deliver those features, not for advertising resale. The data controller, processors, and any data processing agreement for your deployment are set out in your onboarding or order documentation where provided.
4. Processors, AI providers, and disclosure
We do not sell personal information or share it for third-party advertising. We use subprocessors (such as hosting and email delivery) under appropriate agreements. If your organization enables AI features that call external model providers, inputs you send to those features may be processed by those providers under their terms and your configuration, choose settings that match your policies. We may disclose information when required by law or to protect rights, safety, and security.
5. Security
We implement technical and organizational measures appropriate to the risk, including encryption in transit, access controls, and monitoring. Encryption at rest and specific controls vary by deployment. No method of transmission or storage is completely secure.
6. Your rights
You may access, correct, or delete personal information where the product provides controls, and request export or account deletion where available. Depending on your location, you may have additional rights (for example under GDPR: objection, restriction, portability, and complaint to a supervisory authority). We aim to respond within 30 days.
7. Cookies and similar technologies
We use cookies and similar technologies required for authentication, security, and session operation. Optional analytics, if any, depend on your deployment and configuration; the default Sovern-operated experience described here is not built around ad profiling cookies.
8. Children's privacy
The Service is intended for organizations and adults. It is not directed at children under 16. We do not knowingly collect personal information from children. If we learn we have collected such information, we will take steps to delete it.
9. Changes to this policy
We may update this Privacy Policy. We will post the revised policy on this page and update the "Last updated" date. For material changes we will provide additional notice where appropriate. Continued use after the effective date may constitute acceptance.
10. Contact
For questions about this Privacy Policy or our data practices, use the contact information published on sovern.cloud. If you have a Sovern account, you may also use support or administrative contact options in the product.