Legal

Privacy Policy

Effective Date: March 28, 2026

Sovereignty Academy (“we,” “us,” or “our”) operates the website sovereigntyacademy.net. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services. Privacy is not an afterthought for us — it is a founding principle.

Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Third-Party Services
  4. Cookies & Local Storage
  5. Data Retention
  6. Data Security
  7. Your Rights
  8. Children’s Privacy
  9. Changes to This Policy
  10. Contact Us

1. Information We Collect

Information You Provide Directly

  • Account registration: email address, password (stored as a cryptographic hash — we never store your plain-text password), and optionally your name.
  • Profile information: display name, bio, avatar image, archetype selection, and personal declarations you choose to share.
  • Purchases: when you buy a course, product, or membership, payment is processed by Stripe. We receive your name, email, and transaction details. We do not receive or store your full credit card number.
  • Community content: posts, comments, wins, and other content you submit to public community areas.
  • Contact form & email: name, email address, and message content when you reach out to us.
  • Newsletter subscription: email address and (optionally) your archetype.

Information Collected Automatically

  • IP address: used solely for rate limiting and abuse prevention on authentication endpoints. We do not log or store IP addresses beyond the current server session.
  • Essential cookies: a single authentication cookie (sov_token) is set when you log in. See Section 4 for details.

Privacy-Respecting Analytics

  • We use Matomo, a self-hosted, privacy-respecting analytics platform. Matomo runs on our own infrastructure — your data is never sent to Google, Facebook, or any third party.
  • Analytics are configured cookieless — no tracking cookies are set, and no cookie consent banner is needed.
  • We respect the Do Not Track browser setting. If you have DNT enabled, no analytics data is collected.
  • We do not build advertising profiles or sell your data to anyone.
  • We do not use fingerprinting, beacons, or invisible tracking pixels.

2. How We Use Your Information

  • To create, maintain, and secure your account.
  • To process purchases and deliver digital products, courses, and memberships.
  • To send transactional emails: account verification, password resets, purchase confirmations, and download links.
  • To send our newsletter (only with your explicit opt-in; you may unsubscribe at any time).
  • To display your profile and community contributions to other members (only information you choose to make public).
  • To protect the platform from abuse via rate limiting.
  • To respond to your inquiries when you contact us.

3. Third-Party Services

We use a limited number of third-party services, each chosen for its respect of user privacy and the necessity of its function:

Stripe

Payment processing. Stripe handles all credit card data under PCI-DSS compliance. We never see or store your full card number. Stripe Privacy Policy

Resend

Transactional email delivery. Receives your email address and message content solely to deliver emails on our behalf. Resend Privacy Policy

Cloudinary

Image hosting for avatars and uploaded media. Images you upload are stored on Cloudinary’s infrastructure. Cloudinary Privacy Policy

Vercel

Website hosting and serverless infrastructure. Vercel may process standard HTTP request metadata (IP, user-agent) as part of serving the site. Vercel Privacy Policy

Jitsi Meet

Video conferencing for live community events. Your camera, microphone, and display name are shared during live sessions you choose to join. Jitsi Security

We do not share, sell, rent, or trade your personal information with any party for marketing or advertising purposes. Period.

4. Cookies & Local Storage

We use a single, essential cookie:

NamePurposeDurationType
sov_tokenAuthentication session (keeps you logged in)7 daysEssential / httpOnly

We do not use analytics cookies, advertising cookies, or any third-party cookie-based tracking. No cookie consent banner is required because we only use a strictly necessary authentication cookie.

5. Data Retention

  • Account data: retained for as long as your account is active. You may request deletion at any time.
  • Email verification tokens: automatically expire after 24 hours.
  • Password reset tokens: automatically expire after 1 hour.
  • Download tokens: expire after 3 days or 5 downloads, whichever comes first.
  • Rate-limiting data: held in server memory only and cleared within minutes. It is never written to a database.

6. Data Security

We take reasonable technical and organizational measures to protect your personal data:

  • All data is transmitted over HTTPS (TLS encryption in transit).
  • Passwords are hashed using a cryptographic one-way hash with a unique salt per account.
  • Database connections are encrypted via SSL.
  • Authentication tokens are signed with HMAC-SHA256.
  • Security headers (Content-Security-Policy, X-Frame-Options, X-Content-Type-Options) are enforced on every response.
  • Rate limiting is applied to login, signup, and password-reset endpoints to prevent brute-force attacks.

No system is 100% secure. If you believe your account has been compromised, please contact us immediately.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data via your profile settings.
  • Delete your account and associated data by contacting us.
  • Unsubscribe from marketing emails at any time via the unsubscribe link in every email or by visiting /unsubscribe.
  • Export your data upon request.

To exercise any of these rights, email us at SovereigntyAcademy@pm.me. We will respond within 30 days.

8. Children’s Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective Date” at the top and, for material changes, notify you via email or a prominent notice on the website. Your continued use of the site after changes are posted constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or your personal data, contact us at:

Sovereignty Academy

Email: SovereigntyAcademy@pm.me

Web: sovereigntyacademy.net/contact