Legal · Privacy

Privacy Notice

Last updated: 13 July 2026

1. Who we are and what Sovereign Suite does

Sovereign Suite is a verification engine: it preserves original evidence in an immutable raw layer, records integrity and provenance metadata in an append-only Ledger, and issues cryptographically verifiable Receipts. Defined terms used here (Verification, Receipt, Ledger, Physical Ledger, Guardian Loop) carry the meanings set out in the Compliance Glossary.

The platform is operated by [Your Legal Entity Name] (ABN [ABN]) ("Sovereign Suite", "we", "us"). We are the data controller / APP entity responsible for personal information handled through this website and the Service.

This Notice explains how we handle personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Privacy and Other Legislation Amendment Act 2024. Where we handle information about Western Australian public-sector clients or their personnel, we also observe the Privacy and Responsible Information Sharing Act 2024 (WA) as it applies to their information-handling obligations.

2. Personal information we collect

  • Account & identity: name, business email, organisation, role.
  • Authentication: hashed credentials, OAuth identifiers, session tokens.
  • Billing metadata: subscription tier, entitlement status, invoice references (payment card and billing details are collected by Paddle — see §6).
  • Service content: records, receipts, verifications and metadata you submit to the verification core.
  • Technical: IP address, device/user-agent, log timestamps, error diagnostics, cookie identifiers.
  • Support communications: messages, attachments and call notes you send us.

We do not knowingly collect sensitive information (APP 3) or personal information from children under 15. If a Children's Online Privacy Code is registered under the 2024 reforms, we will update controls to comply.

3. Why we collect it and legal basis

  • Provide the Service — performance of our contract with you (APP 3, APP 6).
  • Security, fraud prevention, integrity of verifications — our legitimate interests and legal obligations.
  • Billing, tax and record-keeping — legal obligation (Corporations, Tax and consumer laws).
  • Product improvement & support — legitimate interests, using minimum data required.
  • Direct marketing — only with your consent (Spam Act 2003; you may opt out at any time via any message or by emailing us).

4. Automated decision-making (transparency)

In line with the 2024 privacy reforms (transparency of automated decisions, in force from 10 December 2026), we do not use personal information to make decisions that produce legal or similarly significant effects about you without meaningful human review. If this changes, we will publish a plain-language summary of the logic, the personal information used and how you can request human review.

5. Disclosure of personal information

We disclose personal information only to:

  • Service providers / processors: hosting and database (Supabase / Lovable Cloud), email delivery, error monitoring, analytics.
  • Merchant of Record: Paddle.com Market Ltd for payments, subscription management, tax and invoicing (see §6).
  • Professional advisers: legal, accounting and audit, under confidentiality.
  • Law enforcement / regulators: where required by law, court order or to protect our rights.
  • Successors: in connection with a merger, acquisition or restructure, subject to confidentiality.

We do not sell personal information.

6. Payments — Paddle as Merchant of Record

Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders. Paddle provides all customer service inquiries and handles returns. Payment card data is collected and processed by Paddle under its own privacy notice; we receive only the metadata needed to provision entitlements (customer id, subscription id, status, period, tier).

7. Overseas disclosures (APP 8)

Some processors store or process personal information outside Australia, including in the United States and the European Union (for example, hosting, email delivery and payment processing). Before disclosing, we take reasonable steps to ensure the overseas recipient handles the information consistently with the APPs, or rely on a permitted exception in APP 8.2. A list of overseas recipients and jurisdictions is available on request.

8. Data retention

We retain personal information only as long as necessary for the purposes above or as required by law. Account and billing records are retained for at least 7 years to satisfy Australian tax and corporate record-keeping obligations. Verification receipts are retained for the life of your account plus 12 months, then deleted or de-identified.

9. Security

We use appropriate technical and organisational measures, including encryption in transit (TLS), encryption at rest for the primary database, role-based access control, row-level security policies, least-privilege service accounts, audit logging and vendor-managed patching. No system is perfectly secure; if a notifiable data breach occurs, we will comply with Part IIIC of the Privacy Act (NDB scheme) and notify affected individuals and the OAIC.

10. Your rights

  • Access the personal information we hold about you (APP 12).
  • Ask us to correct information that is inaccurate, out of date or incomplete (APP 13).
  • Withdraw consent to direct marketing at any time.
  • Request deletion where we are not required to keep the information.
  • Complain to us at privacy@sovereignsuite.com.au. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Under the 2024 reforms, a statutory tort for serious invasions of privacy is available in Australian courts from 10 June 2025. Nothing in this Notice excludes your rights under that tort or under the Australian Consumer Law.

11. Cookies and similar technologies

We use strictly necessary cookies to keep you signed in and to remember preferences. We may use privacy-respecting analytics to measure aggregate usage. Where analytics or marketing cookies are used, we will present a consent banner and you can change your preferences at any time. You can also control cookies in your browser settings.

12. Changes to this Notice

We will post material changes to this page and update the "Last updated" date. Continued use of the Service after changes take effect constitutes acceptance of the updated Notice.

13. Contact

Privacy queries and access/correction requests: privacy@sovereignsuite.com.au.
Postal: [Your Legal Entity Name] (ABN [ABN]), [Registered address], Western Australia.

See also: Terms & Conditions · Refund Policy

This Notice is provided as a starting compliance template. Review with Australian legal counsel before publishing. It does not constitute legal advice.