Privacy Policy

We collect the absolute minimum amount of information necessary to operate the Service. Here is exactly what we collect:

1.1 Waitlist & Account Information

• Email address: Provided when you join our waitlist or create an account. Used solely for communication about the Service.
• Hashed IP address: We store a one-way hash of your IP address for rate limiting and abuse prevention. We do not store your raw IP address, and the hash cannot be reversed to identify you.

1.2 Information We Do NOT Collect

To be absolutely clear, we do not collect:

• Your notes, tasks, documents, or any content you create
• Your AI conversations or prompts
• Your knowledge graph or personal data
• Your contacts, calendar, or files
• Device sensor data, location, or browsing history
• Analytics or behavioral tracking data

The limited information we collect is used exclusively for:

• Service communication: Sending you updates about Sovereign, including waitlist status, product announcements, and critical security notices
• Account authentication: Verifying your identity when you sign in
• Abuse prevention: Using hashed IP addresses to prevent spam and rate-limit abuse
• Service improvement: Aggregate, anonymized usage statistics (e.g., total number of signups) to improve the Service

We will never use your information for advertising, profiling, or selling to third parties.

Sovereign's AI runs entirely on your device. This means:

• Your notes, tasks, and personal content are processed locally by an on-device language model
• AI suggestions, search results, and knowledge graph connections are computed on your device without sending data to any server
• Your personal data never leaves your device unless you explicitly enable cloud sync
• The AI model itself is downloaded once and runs offline - no internet connection is required for core functionality

We chose on-device processing specifically to ensure that your most sensitive data - your thoughts, plans, and personal knowledge - never touches our servers.

When you opt into cloud sync for backup or cross-device access, all data is protected by zero-knowledge encryption:

• Client-side encryption: Your data is encrypted on your device before it is transmitted. We never see unencrypted content.
• Keys you control: Your encryption keys are derived from credentials that only you know. We do not store, have access to, or can recover your keys.
• Zero knowledge: Even if our servers were compromised, attackers would only find encrypted blobs that are meaningless without your keys.
• Verifiable: Our encryption implementation is open source and can be independently audited.

• Waitlist emails: Retained until you unsubscribe or the waitlist period ends, whichever comes first. You can unsubscribe at any time.
• Account data: Retained for the duration of your account. Upon account deletion, your data is permanently removed within 30 days.
• Encrypted sync data: Retained while your account is active. Permanently deleted within 30 days of account deletion.
• Hashed IP addresses: Retained for a maximum of 90 days, then automatically purged.

We use a limited number of third-party services to operate Sovereign. Each has been selected for its privacy practices:

• Firebase (Google Cloud): Used for authentication and storing encrypted sync data. Firebase only receives encrypted blobs and your email address. We use Firebase with strict security rules that prevent unauthorized access.
• Resend: Used for sending transactional emails (waitlist confirmations, account notifications). Resend receives only your email address and the email content we send to you. We do not share any other data with Resend.

We do not use any third-party analytics, advertising, or tracking services. We do not embed any third-party tracking pixels or scripts.

You have the following rights regarding your data. You can exercise any of these by contacting us at kodefoundryatelier@gmail.com:

• Right to access: Request a copy of the personal data we hold about you. Note that your encrypted content is only accessible with your keys.
• Right to deletion: Request permanent deletion of your account and all associated data. We will process deletion requests within 30 days.
• Right to export: Export all your data from the app at any time in standard formats. Since your data is stored on your device, you always have direct access.
• Right to rectification: Request correction of any inaccurate personal data we hold about you.
• Right to restrict processing: Request that we limit how we use your data.
• Right to object: Object to our processing of your data for specific purposes.

We will respond to all valid requests within 30 days. We will never charge a fee for exercising your rights.

Sovereign is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at kodefoundryatelier@gmail.com and we will promptly delete that information.

Because your content is encrypted with zero-knowledge encryption before leaving your device, international data transfer concerns are significantly mitigated. The encrypted data stored on our servers is meaningless without your encryption keys. However, your email address and hashed IP may be processed in jurisdictions where our service providers operate. We ensure appropriate safeguards are in place for any such transfers.

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you via email or through the Service at least 30 days before changes take effect
• Provide a clear summary of what changed and why

We will never change this policy to allow us to access your encrypted data, because our zero-knowledge architecture makes this technically impossible regardless of policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

kodefoundryatelier@gmail.com

We take every inquiry seriously and will respond within a reasonable timeframe.