What This Policy Covers
This Privacy Policy describes how Sovereign Life Hub ("Sovereign," "we," "us," or "our") collects, uses, stores, and protects your personal information when you use our web application at sovereignhub.app (the "Service").
Our Core Principle
Sovereign was built on the belief that your data belongs to you. We collect only what's necessary to provide the Service, we never sell your data, and we give you full control over exporting or deleting everything we store about you.
What Data We Collect
Data You Provide Directly
When you use Sovereign, you may enter personal information including:
- Account information: Username and password (password is hashed, never stored in plaintext)
- Financial data: Account balances, expenses, budgets, debt information, spending categories
- Tasks and todos: Task descriptions, priorities, due dates, completion status
- Calendar events: Event titles, dates, times, locations, notes
- Study and learning data: Study sessions, subjects, journal entries, skill ratings
- Thoughts and notes: Freeform text captures, ideas, and personal reflections
- Macro economic signals: Market observations, sentiment, categories (if you use this feature)
Data We Collect Automatically
- Session data: Login timestamps, session duration, last activity time (used for security timeout enforcement)
- Governance events: Internal system logs of application actions (used for audit trails and system health monitoring)
Data We Do NOT Collect
- We do not use cookies for tracking or advertising
- We do not collect browsing history outside the application
- We do not collect device fingerprints
- We do not use third-party analytics services
- We do not track your location (any location data in calendar events is entered by you)
How We Use Your Data
Your data is used exclusively to provide and improve the Service:
- Providing the Service: Displaying your financial information, tasks, calendar, study progress, and other features you use
- AI-powered features: Processing your data through AI agents to generate briefings, suggestions, and organizational insights. AI processing occurs on our servers using the Anthropic API — your data is sent to Anthropic for processing under their data usage policies (see "Third-Party Services" below)
- Security: Enforcing session timeouts, detecting unauthorized access attempts, maintaining audit logs
- Billing: Processing payments through Stripe (see "Third-Party Services" below)
We do NOT use your data for:
- Advertising or marketing to third parties
- Training AI models
- Selling to data brokers
- Behavioral profiling for purposes outside the Service
How We Store and Protect Your Data
- Database: Your data is stored in a SQLite database on a dedicated server hosted by Hetzner Online GmbH in Hillsboro, Oregon, United States
- Encryption: All connections to the Service use TLS/HTTPS encryption. The server is protected by Cloudflare's Web Application Firewall
- Access control: Server access is restricted to SSH key authentication. No password-based server login is permitted
- Backups: Database is continuously replicated using Litestream with encrypted backups stored on Backblaze B2
- Passwords: User passwords are hashed using industry-standard algorithms and are never stored in plaintext
- Session security: Sessions automatically expire after 60 minutes of inactivity
Third-Party Services
We use the following third-party services to operate Sovereign:
| Service | Purpose | What They Receive | Their Privacy Policy |
|---|---|---|---|
| Stripe | Payment processing | Name, email, payment card details (we never see or store your full card number) | stripe.com/privacy |
| Anthropic | AI processing (Claude API) | Content you create in Sovereign may be sent to Anthropic's API for AI-powered features | anthropic.com/privacy |
| Hetzner | Server hosting | All data (stored on their infrastructure) | hetzner.com/legal/privacy-policy |
| Cloudflare | CDN, DNS, and security | Network traffic metadata | cloudflare.com/privacypolicy |
| Backblaze | Encrypted database backups | Encrypted backup data | backblaze.com/company/privacy |
We do not share your data with any other third parties.
Your Rights and Controls
Data Export
You can export all of your data at any time through your account settings. The export includes all personal data we store about you in a machine-readable JSON format. This is your data — you can take it with you.
Data Deletion
You can permanently delete your account and all associated data through your account settings. Deletion requires password confirmation. Once confirmed, all of your data is permanently removed from our active database. Encrypted backups containing your data may persist for a limited period before being overwritten.
Access and Correction
You can view and modify all of your data directly within the Service at any time.
Data Retention
- Active accounts: Your data is retained for as long as your account is active
- Deleted accounts: All data is permanently removed upon account deletion. Encrypted backups may contain residual data for a limited period
- Billing records: Payment transaction records may be retained by Stripe according to their data retention policies and applicable tax/legal requirements
- Governance logs: System audit logs are retained for the lifetime of your account for security and debugging purposes, and are deleted when your account is deleted
Children's Privacy
Sovereign is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will delete that information promptly.
Washington State Residents
As a Washington state-based service, we comply with applicable Washington state privacy laws. You have the right to:
- Know what personal data we collect about you
- Access your personal data
- Delete your personal data
- Obtain a copy of your personal data in a portable format
To exercise any of these rights, use the export and deletion features in your account settings, or contact us at the address below.
Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service before the changes take effect. The "Last Updated" date at the top of this policy indicates when it was last revised.
Contact
If you have questions about this Privacy Policy or our data practices:
Email: [email protected]
Sovereign Life Hub
King County, Washington, United States