← HOME

// CLASSIFIED DOCUMENT //

PRIVACY POLICY

LAST UPDATED: 2026-03-04 — SOVEREIGN ATLAS OPERATIONS

// CONTROLLER //

The Sovereign Atlas is operated as a personal project. For data-related enquiries, contact: CONTACT

We are subject to the General Data Protection Regulation (GDPR) as the service is operated from Germany and serves users in the European Union.

// WHAT WE COLLECT //

Account data: Email address and encrypted password, collected when you register. Required to provide access to the service.

Payment data: Subscription billing is handled entirely by Stripe. We store only your Stripe customer ID and subscription status — never card details.

Usage data: Watchlist entries and comments you create. Stored to provide core functionality.

Newsletter: If subscribed, your email is used to send the Dead Drop transmission. You can unsubscribe at any time via the link in each email or in your account settings.

We do not run analytics, tracking pixels, or third-party advertising.

// LEGAL BASIS //

Processing is based on:

Contract performance (Art. 6(1)(b) GDPR) — account and subscription data necessary to deliver the service.

Legitimate interest (Art. 6(1)(f) GDPR) — security logging and fraud prevention.

Consent (Art. 6(1)(a) GDPR) — newsletter subscription, withdrawable at any time.

// THIRD PARTIES //

We use the following processors:

Supabase (database + auth) — servers in Frankfurt, EU. Privacy policy

Stripe (payments) — data processed under Stripe's DPA. Privacy policy

Resend (email delivery) — used solely for transactional and newsletter emails. Privacy policy

Vercel (hosting) — standard access logs retained for 30 days. Privacy policy

No data is sold or shared for advertising purposes.

// RETENTION //

Account data is retained for the duration of your subscription plus 30 days after deletion request. Payment records are retained for 10 years as required by German tax law. Newsletter logs are retained for 12 months.

// YOUR RIGHTS //

Under GDPR you have the right to: access your data, correct inaccuracies, request deletion, restrict or object to processing, and request data portability.

To exercise any of these rights, email CONTACT. We will respond within 30 days.

You have the right to lodge a complaint with the relevant supervisory authority. In Germany: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

// COOKIES //

We use one session cookie to maintain your login state. No advertising or tracking cookies. No cookie consent banner required.

[END OF TRANSMISSION] — TERMS OF SERVICE