SOVEREIGN — PRIVACY POLICY
Effective Date: March 12, 2026 Last Updated: March 12, 2026
1. Introduction
Sovereign (“we,” “us,” or “our”) built this app for people who need it most — individuals navigating law enforcement encounters, often in stressful and high-stakes situations. We take the privacy of that data seriously. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have over your data.
This Policy applies to the Sovereign mobile application and any related services. It should be read together with our Terms of Service.
If you have questions, contact us at: [INSERT SUPPORT EMAIL]
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Email address
- Password (stored in hashed form — we never store your plaintext password)
- Any profile information you voluntarily provide (name, demographic information)
2.2 Recording Data
When you activate a Sovereign session, the app records audio and video using your device’s front-facing camera and microphone. This recording captures:
- Your voice and likeness
- The voices and likenesses of other individuals present during the encounter, including law enforcement officers
- Your surroundings
Where recordings are stored: Recordings are stored in your private cloud storage partition, split across two independent cloud providers (Supabase and Firebase) for redundancy. Sovereign does not maintain a centralized media repository accessible to us. Your recordings are yours.
2.3 Audio Sent for Transcription — Important Disclosure
During an active session, short audio clips captured by the microphone are transmitted to OpenAI’s servers for speech-to-text transcription. This is how Sovereign’s AI voice agent understands what the officer is saying and selects an appropriate response.
These audio clips are transmitted through Sovereign’s backend infrastructure (Supabase Edge Functions) before reaching OpenAI — the OpenAI API key is never exposed in the app itself. However, you should be aware that this audio is processed by OpenAI in order for the app to function. OpenAI’s data handling practices are governed by OpenAI’s privacy policy and usage policies, which you can review at openai.com.
We do not store these transcription clips separately. The transcribed text is used to drive the session and is included in your post-session summary.
2.4 Location Data
When a session is active, Sovereign captures your GPS coordinates for timestamping and geolocation tagging of the encounter. Location data is stored as part of your session record and, if you opt in to data contribution, may be included in anonymized form in the Sovereign national stop database.
Location data is only collected while a session is active. Sovereign does not track your location in the background.
2.5 Session Metadata
For each session, we collect and store:
- Date and time of the session
- Session duration
- Rights invocations made by the AI agent
- Whether a search was requested (derived from session transcript)
- Whether consent was given (derived from session transcript)
- Outcome category (if you choose to record it post-session)
- Post-session summary text
2.6 Voluntarily Provided Demographic Data
During onboarding or in your profile settings, you may optionally provide demographic information (age range, race/ethnicity, gender). This information is never required to use the app. If provided and you opt in to data contribution, it may be included in anonymized, aggregated form in the national stop database.
2.7 Device and Usage Data
We collect limited technical data to operate and improve the app:
- Device type, operating system, and app version
- Crash reports and error logs (via Sentry)
- App usage patterns such as which screens are visited and which features are used (via PostHog)
Crash reports may include device state information at the time of the crash. We configure these tools to minimize collection of personally identifiable information, but some device-level data is inherent to crash reporting.
2.8 Payment Information
Sovereign does not collect or store your payment information. Subscription billing is handled entirely by the Apple App Store or Google Play Store. We receive only confirmation of your subscription status — not your card number, billing address, or any other payment details.
3. How We Use Your Information
We use the information we collect to:
- Operate the App — authenticate your account, run sessions, deliver AI voice agent responses, and store your recordings
- Transcribe audio — route audio clips to OpenAI for speech-to-text processing so the AI agent can respond appropriately
- Generate session summaries — produce a post-stop summary of the session for your records
- Provide geolocation tagging — attach GPS data to your session records
- Maintain the national stop database — if you opt in, include anonymized session data in the aggregate database
- Improve the App — use crash reports and analytics data to identify bugs and improve the user experience
- Communicate with you — send account-related notifications and, with your consent, product updates
- Comply with legal obligations — respond to valid legal process as described in Section 6
We do not use your data to serve you advertisements. We do not sell your personal information.
4. Opt-In Data Contribution
4.1 The National Stop Database
Sovereign maintains a national database of law enforcement stop data built from user-contributed session metadata. This database is designed to serve as an independent, user-verified dataset of police stops in the United States — a resource for researchers, journalists, civil rights organizations, and policymakers.
Contribution is entirely opt-in. You will be asked during onboarding whether you wish to contribute. You can change your selection at any time in the Settings screen.
4.2 What Is Contributed
If you opt in, the following data from your sessions may be contributed in anonymized form:
- Timestamp and general location (not precise GPS coordinates — location is generalized to a geographic area)
- Stop duration
- Rights invocations made
- Whether a search was requested
- Whether consent was given
- Outcome category
- Voluntarily provided demographic data
Your recordings are never contributed to the database. Your account identity is never linked to contributed data.
4.3 How Contributed Data Is Used
Anonymized, aggregated stop data may be shared with or licensed to:
- Academic research institutions and universities
- Investigative journalism organizations
- Civil rights and criminal justice policy organizations
- Expert witnesses in civil rights litigation
This data cannot reasonably be used to identify any individual user. Once data has been anonymized and contributed to the aggregate database, it cannot be retroactively removed.
5. Third-Party Services
Sovereign uses the following third-party services to operate the App. Each third party’s use of your data is governed by their own privacy policies.
| Service | Purpose | Data Received |
|---|---|---|
| Supabase | Authentication, database, storage, backend functions | Account data, session metadata, recordings |
| Firebase (Google) | Redundant recording storage | Recordings (backup copy) |
| OpenAI | Audio transcription (Whisper) and intent classification (GPT-4o) | Audio clips during active sessions |
| Sentry | Crash reporting | Device info, error logs, app state at crash |
| PostHog | Product analytics | App usage patterns, feature interactions |
| Apple App Store / Google Play | Subscription billing | Subscription status only (we do not receive payment details) |
We do not sell your data to any of these providers or any other third party. These services receive only the data necessary to perform the function described.
6. Legal Process and Law Enforcement Requests
6.1 Our Commitment
We will not voluntarily disclose your data to law enforcement without a valid legal process. We will comply with subpoenas, court orders, and warrants as required by law.
6.2 Architecture Matters Here
Because recordings are stored in your private cloud storage partition rather than a centralized Sovereign repository, a subpoena directed at Sovereign for your recordings would reach data we do not control. This architecture was chosen deliberately — it is the same reason the ACLU discontinued Mobile Justice (centralized video storage created subpoena liability). Requests for recordings would need to be directed to the applicable cloud storage provider under their legal process procedures.
6.3 What We Do Control
Account information (email, session metadata) and opt-in database contributions are within our infrastructure and would be subject to valid legal process directed at Sovereign.
6.4 Notice to You
To the extent permitted by law, we will notify you before complying with a legal process request for your data so that you have the opportunity to seek legal counsel. We cannot provide notice where prohibited by the order itself (e.g., a gag order) or where doing so would endanger someone’s safety.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until you delete your account |
| Recordings | Until you delete them from your cloud storage |
| Session metadata | Until you delete your account or request deletion |
| Transcription audio clips | Not retained — processed in real time and discarded |
| Crash reports (Sentry) | 90 days |
| Analytics data (PostHog) | 12 months |
| Contributed stop database data | Indefinite — cannot be retroactively removed once anonymized and aggregated |
8. Data Security
We take security seriously given the sensitive nature of the data this App handles. Measures include:
- Encrypted data transmission (TLS) between the app and all backend services
- Recordings stored with encryption at rest via Supabase and Firebase
- Authentication managed by Supabase with industry-standard password hashing
- OpenAI API key stored server-side only — never included in the app bundle
- Row-level security enforced on all database tables — you can only access your own data
No security measure is perfect. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.
9. Your Rights
9.1 Access and Portability
You may request a copy of the personal information we hold about you at any time by contacting us at [INSERT SUPPORT EMAIL].
9.2 Correction
You may correct inaccurate account information directly through the App or by contacting us.
9.3 Deletion
You may delete your account at any time through the App. Deletion removes your account information and session metadata from our systems. Recordings stored in your private cloud partition must be deleted separately through the applicable cloud storage provider.
Anonymized data contributed to the national stop database cannot be deleted because it has been aggregated and can no longer be linked to your account.
9.4 Opt-Out of Data Contribution
You may opt out of contributing data to the national stop database at any time through the Settings screen. Opting out applies to future sessions only — previously contributed data has been anonymized and cannot be retroactively removed.
9.5 Opt-Out of Analytics
You may opt out of PostHog analytics data collection through the Settings screen.
10. California Privacy Rights (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share it.
- Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions.
- Right to Correct: You may request correction of inaccurate personal information.
- Right to Opt-Out of Sale: Sovereign does not sell personal information. The licensing of anonymized, aggregated stop database data does not constitute the sale of personal information because it cannot reasonably be used to identify any individual.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise your rights, contact us at [INSERT SUPPORT EMAIL]. We will respond within 45 days.
11. Children’s Privacy
Sovereign is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected information from a minor, we will delete it promptly. If you believe a minor has provided us with personal information, please contact us at [INSERT SUPPORT EMAIL].
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification or email at least fourteen (14) days before the change takes effect. The “Last Updated” date at the top of this Policy reflects the most recent revision.
13. Contact
For questions, requests, or concerns regarding this Privacy Policy:
Sovereign [INSERT SUPPORT EMAIL]