Sovereign Mark
Sovereign

Privacy Policy.

Last Updated: February 26, 2026

Sovereign Engineering ("we", "us", or "our") provides telemetry and observability infrastructure. This privacy policy describes how we collect, process, and protect data when you use our platform.

1. Data We Collect

A. Account Information

When you register for a Sovereign account, we collect your email address, billing information (processed securely via Stripe), and authentication credentials. We do not sell this information.

B. Telemetry & Probe Data

When Sovereign Watchtower probes execute against your infrastructure, we retain HTTP headers, DOM snapshots, network waterfall logs (HAR files), and performance timing metrics. It is your responsibility to ensure that the pages Sovereign monitors do not expose Protected Health Information (PHI) or unauthorized Personally Identifiable Information (PII) to our headless browsers.

C. Real User Monitoring (RUM)

If you embed our RUM snippet on your website, we collect anonymous performance metrics (LCP, INP, CLS) from your end-users. We do not track cross-site behavior, and we aggregate IP addresses solely for geographic performance chunking before discarding them. We do not use cookies for RUM tracking.

2. Data Retention

Data retention is strictly governed by your active pricing tier:

  • Scout Tier: 7 days rolling retention.
  • Sentinel Tier: 90 days rolling retention.
  • Sovereign Tier: 365 days immutable cold storage.

Upon account deletion, all active and archived telemetry data is destroyed within 72 hours via cryptographic shredding.

3. Third-Party Subprocessors

We engage the following best-in-class subprocessors to operate the platform:

  • Supabase: Identity management (Auth) and primary relational database infrastructure (PostgreSQL).
  • Google Cloud Platform (GCP): Edge compute and visual artifact storage.
  • Google Vertex AI: LLM incident analysis (zero-retention enterprise agreement).
  • Fly.io: Global edge routing and probe execution.
  • Stripe: Payment processing.
  • Resend: Transactional email delivery.

4. User Rights (GDPR / CCPA)

You retain the right to access, rectify, or erase your personal data. To trigger a formal Subject Access Request (SAR) or initiate account deletion, contact our Data Protection Officer at privacy@sovereignrevguard.com. We will comply within 30 days.

5. Policy Modifications

We may update this policy dynamically as our architecture scales. Material changes to subprocessor usage or data retention will be broadcast via email to all active workspace owners 30 days prior to implementation.