Privacy Policy

When you use Sovereign AI, we collect information you provide directly:

• Account Information: Name, email address, phone number, business name, and address provided during onboarding.
• Business Data: Industry vertical, service area, marketing budget, competitors, and other business details shared during setup.
• Payment Information: Processed securely by Stripe. We do not store credit card numbers.
• Service Data: Content generated by our AI services, chatbot conversations, review campaign data, email campaigns, and booking information.
• Usage Data: Pages visited, features used, and interactions with our dashboard.

• Provide, maintain, and improve our AI marketing services
• Generate AI-powered content, chatbot responses, and marketing materials for your business
• Process payments and manage your subscription
• Send transactional emails (magic links, service notifications, billing alerts)
• Analyze service performance and generate your dashboard metrics
• Provide customer support

We use the following third-party services to deliver our platform:

• Stripe: Payment processing. Stripe's privacy policy applies to payment data.
• Anthropic (Claude AI): Powers our AI chatbot and content generation services. Business context is sent to generate responses. We do not use your customer data to train or improve AI models. Your data is processed only to provide the services you requested.
• SendGrid: Email delivery for magic links, notifications, and email marketing campaigns.
• Vercel: Application hosting and infrastructure.

We retain your data for as long as your account is active. Upon cancellation, we retain data for 90 days to allow for reactivation, after which it is permanently deleted. You may request immediate deletion at any time by contacting us.

As a SaaS platform, we process data about your customers (“End-User Data”) on your behalf, including lead names, email addresses, phone numbers, and booking information. We act as a data processor for this information. You remain the data controller and are responsible for obtaining appropriate consent from your customers. We process End-User Data solely to provide the services you have requested and do not sell, share, or use it for our own marketing purposes.

We implement industry-standard security measures including encrypted data transmission (TLS), AES-256-GCM encryption at rest for high-sensitivity PII fields (phone numbers, email addresses, and physical addresses), secure session management, and role-based access controls. Payment information is handled exclusively by Stripe's PCI-compliant infrastructure.

If you are in the European Economic Area, United Kingdom, or a jurisdiction with similar data protection laws, you have the right to:

• Access: Request a copy of the personal data we hold about you via Dashboard > Settings > Export Data, or by contacting us.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your data via Dashboard > Settings > Delete Account, or by contacting us.
• Data Portability: Export your data in a machine-readable JSON format.
• Restriction: Request that we restrict processing of your data.
• Objection: Object to processing based on legitimate interests.
• Withdraw Consent: Withdraw consent at any time where processing is based on consent (e.g., analytics cookies).

You can export all your personal data from your account settings at any time by navigating to Dashboard > Settings > Privacy & Data and clicking “Download My Data.” Your data will be provided in a portable, machine-readable JSON format.

We will respond to all data subject requests within 30 days.

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Opt Out of Sale: We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at privacy@trysovereignai.com or use the data deletion feature in your dashboard.

We use the following categories of cookies:

• Essential Cookies: Required for authentication and session management. These cannot be disabled.
• Analytics Cookies (optional): Google Analytics (GA4) to understand site usage and improve our services. Only loaded after you consent via our cookie banner.
• Advertising Cookies (optional): Facebook Pixel to measure advertising effectiveness. Only loaded after you consent via our cookie banner.

You can withdraw cookie consent at any time by clearing your browser's local storage for our domain. Analytics and advertising scripts are not loaded until you explicitly accept cookies. For more details, see our Cookie Policy.

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected personal data from a child, we will delete it promptly.

Your data may be processed in the United States by our hosting provider (Vercel) and sub-processors. By using our services, you consent to this transfer. We ensure appropriate safeguards are in place for any international data transfers.

We may update this privacy policy from time to time. We will notify you of material changes via email. The “Last updated” date at the top of this page indicates the most recent revision.

For privacy-related inquiries, data subject requests, or complaints, contact us at privacy@trysovereignai.com.