👑 Sovereign

Privacy Policy

Effective date: May 7, 2026 · Last updated: May 7, 2026

The short version: Sovereign stores all your financial data locally on your device by default. We do not collect, sell, or share your personal financial information. When cloud sync is enabled (optional), your data is stored securely in Supabase under your account.

1. Who We Are

Sovereign is a personal finance tracking application for precious metals and net worth management. References to "we," "us," or "Sovereign" in this policy refer to the developer of the Sovereign application.

2. Data We Collect

Sovereign collects the minimum data necessary to provide its service:

Holdings and account data — your metals trade history (gold, silver, platinum, palladium), cryptocurrency holdings, spending entries, future income projections, and tracked account balances. Stored in Supabase under Row-Level Security and Supabase's at-rest encryption.
Net worth snapshots — periodic captures of total assets, debts, net worth, year change, notes, account values, and spending breakdowns. Optionally end-to-end encrypted on your device before upload (see Section 5).
Account email — only when you create a Sovereign account for cloud sync. Used solely for authentication and to associate your data with your account.
Anonymous user identifier (UUID) — generated when you create an account. Used solely to associate your data with your account.
Purchase history — when you subscribe to Pro, your subscription tier and purchase status are recorded via Stripe (web) or RevenueCat + Apple StoreKit (iOS). Used only to unlock Pro features; never used for advertising or shared with third parties.
Subscription status — plan tier (Free / Pro / Lifetime), used to gate Pro features. Stored in your Supabase profile when cloud sync is enabled.

3. Data We Do NOT Collect

We do not collect banking credentials or brokerage login details.
We do not run analytics, trackers, or advertising SDKs.
We do not sell your data to third parties under any circumstances.
We do not access your device's contacts, camera, microphone, or location.

4. Local Storage (Default)

By default, all data is stored in your browser's localStorage or the app's local container. This means your data never leaves your device unless you explicitly enable cloud sync. Clearing your browser storage or uninstalling the app will permanently delete locally stored data. We strongly recommend using the Export feature to maintain your own backups.

5. Cloud Sync and Optional End-to-End Encryption

If you create a Sovereign account, your data is automatically synced to our cloud database (Supabase) so you can access it across devices. By default, your metals trade history, cryptocurrency holdings, spending entries, future income projections, and account profile (email, plan, encryption salt) are stored in your account's row in Supabase under Supabase's standard at-rest encryption and Row-Level Security policies that ensure only you can read your data via the API.

You can additionally enable end-to-end encryption (E2EE) for your net worth snapshots from the Account tab. When E2EE is enabled, the values inside each snapshot — total assets, total debt, net worth, year change, notes, account values, and spending breakdowns — are encrypted on your device using AES-GCM-256. The encryption key is derived from a passphrase you set at enrollment using PBKDF2-SHA256 with 600,000 iterations and a per-user salt. Your passphrase and key never leave your device; once enabled, only ciphertext for those snapshot fields reaches Supabase, and Sovereign cannot read them — even if compelled.

Scope of E2EE. End-to-end encryption applies only to net worth snapshot fields. Your metals trade history, spending rows, future income entries, and profile data (email, plan tier, encryption salt) are not end-to-end encrypted; they are protected by Supabase's at-rest encryption and Row-Level Security as described above. We are working to expand E2EE coverage to additional tables in a future release.

You can delete your cloud account and all associated data at any time from the Account tab. Upon deletion, all data and account metadata are permanently removed within 30 days.

6. Live Price Data and Hosting

Sovereign fetches live precious metal spot prices from gold-api.com and currency exchange rates from frankfurter.app. These requests do not include any personal or financial information — only your IP address is visible to those services as part of standard HTTP requests.

The Sovereign web app is hosted on Cloudflare Pages, which serves the app globally and may log anonymized request metadata (IP address, country, user-agent) for security, abuse prevention, and DDoS protection.

7. Payments

Pro subscriptions are processed by Stripe (web) and Apple's App Store via RevenueCat (iOS). Sovereign never sees or stores your payment card details. Stripe and RevenueCat receive your purchase information under their own privacy policies: Stripe, RevenueCat, and Apple.

8. Children's Privacy

Sovereign is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us to have it removed.

9. Data Retention

Local data persists until you clear it. Cloud data is retained as long as your account exists. Upon account deletion, all associated cloud data is permanently removed within 30 days.

10. Your Rights

Access — You can export all your data at any time using the Export feature.
Deletion — You can clear local data in-app. Cloud data can be deleted via Account → Danger Zone.
Portability — All data is exportable as JSON or CSV directly from the app.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via an in-app notice. Continued use of the app after changes constitutes acceptance of the revised policy.

12. Contact

Questions about this policy? Reach us at [email protected].

13. California and EU/UK Residents

If you reside in California, the EU, or the UK, you have additional rights under the CCPA, GDPR, and UK GDPR — including the right to access, correct, delete, and port your personal data, and to lodge a complaint with a supervisory authority. The personal data we hold about you when cloud sync is enabled consists of your account profile (email, anonymous user ID, subscription tier, and — if E2EE is enabled — your encryption salt) together with the holdings, snapshots, and other entries you choose to sync, all protected by Supabase Row-Level Security and, where applicable, end-to-end encryption (see Section 5). To exercise any of these rights, contact [email protected]. We do not sell or share personal information as defined by the CCPA.