Version 1.0 · Living document
Download the typeset PDF for procurement, legal review or enterprise records.
0. About this framework
Sovereign Suite is a verification engine and companion product suite for records that people rely on. It is published under Australian Privacy Network (ABN 86 921 751 764, ACN ), an Australian entity operating under Australian law.
This Framework is the master governance document for the platform. It is written to be read — by customers, regulators, procurement teams and the people who build the product — and it is the single source of truth from which every other policy on this site is derived. Where a product-specific document (Privacy, Terms, Security, Responsible AI, Cookies & Data, Compliance, Contact, and the product-legal pack under /legal) says something more specific, it must be consistent with this Framework. If it is not, this Framework prevails and the derivative document is corrected.
It is called a living framework because the platform evolves. We update this document as the product changes, and we update the derivative documents in the same pass so they cannot drift.
1. Governing principles
Six principles govern everything we build and operate.
- Evidence before data. The original evidence is preserved first; the ledger records integrity and provenance metadata about it. We do not paraphrase evidence into a database row and discard the source.
- Immutable raw layer. Records placed on the Sovereign ledger are append-only. Corrections are made by adding a superseding record, never by silently editing history.
- Portable, independently verifiable receipts. Receipts are designed so that a third party can verify integrity and provenance without needing continued access to us.
- Data minimisation. We collect the least information required to operate a feature. Where a feature does not yet exist on the site, we do not describe or pre-collect for it.
- Human oversight on consequential decisions. Automation exists to surface evidence and reduce toil. Consequential decisions about people remain with people.
- Public statements are commitments. Nothing on the public site describes a capability that is not part of the current production release. Planned capabilities are marked as planned.
2. Who we are and what we operate
Sovereign Suite is the product; Australian Privacy Network is the publisher. Correspondence for legal, privacy, security and general matters is directed to privacy@sovereignsuite.com.au. We do not publish a residential address; postal correspondence can be arranged on request.
The current production surface is the public website at sovereignsuite.com.au. The verification engine, workspace, and companion modules described elsewhere on the site are under active development; anything not yet in production is described as planned.
3. Privacy framework
We handle personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and we are preparing for the reforms introduced by the Privacy and Other Legislation Amendment Act 2024. In practice this means:
- we collect only the information required to operate a feature that actually exists;
- we tell you what we collect and why, in plain language, on the Privacy page;
- we do not sell personal information, and we do not build advertising profiles;
- we do not use customer content submitted to Sovereign Suite to train third-party models;
- you can ask what we hold, request correction, or request deletion, subject to lawful retention;
- where consent is required, we ask for it clearly and let you withdraw it.
The Privacy page under /trust/privacy is the operational statement inheriting from this section. Where it is more specific, it is authoritative for the website; where it conflicts, this Framework prevails and the Privacy page is corrected.
4. Security framework
Security is treated as a design property, not an afterthought. We apply least privilege, defence in depth, and minimal data collection. Traffic to the site is served over TLS; sensitive data at rest is protected using industry-standard encryption provided by our infrastructure providers; cryptographic operations backing the verification engine use widely reviewed primitives such as SHA-256 and Ed25519.
We deliberately keep specific provider identities, architecture diagrams, and control configurations out of public documentation. Prospective enterprise customers can request a security overview under NDA. Responsible disclosure is welcomed and described on the Security page.
5. Responsible AI framework
Automation and AI, where used, exist to help people make faster, more accurate decisions — never to make consequential decisions on someone’s behalf without oversight. Where a response or classification is produced or assisted by an automated system we say so; we do not disguise machine outputs as human ones; and we do not run silent scoring, ranking or eligibility systems that affect users without disclosure.
The current public release of the site does not perform automated decision-making about visitors. As AI-assisted features move into production in the verification engine and workspace, the Responsible AI page will describe exactly what they do and where a human is in the loop.
6. Verification and ledger philosophy
Sovereign Suite’s verification engine is built on the principle that trust should not depend on continued access to us. Evidence is preserved in an immutable raw layer; the ledger records integrity and provenance metadata; receipts are portable and independently verifiable using standard primitives. This design lets a customer, regulator or counterparty confirm a record’s integrity even if the platform is unavailable.
7. Governance and change control
This Framework is versioned. When the platform changes in a way that affects a statement in this document, we update the Framework and the derivative documents together, in the same release, and note the change in the last-updated date. We do not silently edit prior versions; substantive changes are re-published.
The Framework is reviewed at least annually and whenever a material change is made to the product, our infrastructure, or the relevant Australian legal environment (including further Privacy Act reform, state-level obligations, or sectoral rules).
8. Australian legal environment
The Framework operates within the Australian legal environment, including without limitation: the Privacy Act 1988 (Cth) and the APPs, the Privacy and Other Legislation Amendment Act 2024, the Australian Consumer Law (Schedule 2 to the Competition and Consumer Act 2010 (Cth)), the Spam Act 2003 (Cth), and applicable Western Australian law. Nothing on this site constitutes legal advice.
9. Inheritance map
The following documents inherit from this Framework and must remain consistent with it:
- Privacy — website privacy statement (Framework §3).
- Terms of Use — website terms (Framework §2, §8).
- Security — security-by-design and responsible disclosure (Framework §4).
- Responsible AI — automation and AI governance (Framework §5).
- Cookies & Data — browser data and analytics (Framework §3).
- Compliance — how the principles map to controls (Framework §§1–7).
- Contact & Legal — legal entity and correspondence.
- Product legal pack — product-facing terms that will apply when the workspace and verification engine are generally available.