Your business runs on this. We treat it that way.
How we protect your data and your customers’ data — described plainly, and honest about what we do and don’t yet claim.
Encryption everywhere
All data is encrypted in transit with TLS 1.2+ and encrypted at rest with AES-256 by our cloud providers. Your customer conversations, records, and files are never stored or transmitted in the clear.
Tenant isolation
Every contractor’s workspace is logically isolated. Your data is scoped to your account and never commingled with or exposed to another business on the platform.
Payments — we never touch cards
All billing runs through Stripe, a PCI-DSS Level 1 provider. Card numbers go straight to Stripe and are never stored on Sovereign’s servers. We hold a token, never the card.
Access controls
Access to production data is limited to the people who need it, protected by strong authentication and least-privilege permissions. We use passwordless magic-link login, so there are no reusable passwords to steal.
AI data handling
We do not train any AI model on your customers’ data. Otto uses your data only to run your business inside Sovereign. See our AI Transparency page for the full promise.
Reliability & backups
We run on major cloud infrastructure with automated backups and monitoring. Live operational status is published on our public status page.
What we claim — and what we don’t (yet)
We’re a pre-revenue company building in public. We won’t borrow credibility we haven’t earned.
Subprocessors and data-handling detail live in the Trust Center. This page is a plain-language summary, not a contract.