Privacy Policy

Last updated: 19.04.2026

1. Controller

2. Overview

This Privacy Policy explains how we process personal data when you visit https://sovereign-ai-node.com, contact us, or submit an application or waitlist request related to Sovereign AI Node or Mail Sentinel.

We aim to collect as little personal data as possible and to process it only where necessary.

3. Data We Process

When you visit this website, your browser may automatically transmit technical data such as:

• IP address
• date and time of access
• requested URL
• referrer URL
• browser type and version
• operating system
• language settings
• access status / HTTP status code

If you use our application or waitlist form, we may process the data you provide, including:

• email address
• name (optional)
• Matrix handle (optional)
• application type or area of interest (for example Mail Sentinel, Sovereign AI Node platform, or future managed node interest)
• preferred path or setup level (for example guided setup, DIY / self-hosted, or open-core only)
• mailbox source (for example generic IMAP or Proton Mail)
• interest in Bitcoin payment later (optional)
• managed node requirements or notes, if provided
• any additional information you submit voluntarily

We may also process technical metadata related to form submissions, such as submission time, page context, and internal CRM or workflow data required to review and respond to your request.

If you contact us directly, we process the information you provide in order to respond to your inquiry.

We do not currently collect payment data through this website as part of the application or waitlist flow. If payment processing is introduced later, this Privacy Policy will be updated accordingly.

4. Purposes and Legal Bases

We process personal data for the following purposes:

Providing the website
Purpose: delivery of the website, security, stability, and abuse prevention
Legal basis: Art. 6(1)(f) GDPR

Handling applications, waitlist requests, and onboarding communication
Purpose: reviewing requests, contacting applicants, preparing onboarding, and support communication
Legal basis: Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR

Responding to inquiries
Purpose: communication and follow-up
Legal basis: Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR

Fulfilling legal obligations
Purpose: accounting, tax, compliance, fraud prevention, and legal documentation where required
Legal basis: Art. 6(1)(c) GDPR

Optional updates or product communications
If you later request updates or product communications, we process your contact data on the basis of your consent or, where legally permitted, our legitimate interests.
Legal basis: Art. 6(1)(a) GDPR and/or Art. 6(1)(f) GDPR

5. Recipients and Service Providers

We may share personal data with service providers that help us operate the website or process applications and inquiries, for example:

• website builder, form, and CRM providers
• email delivery providers
• hosting or infrastructure providers
• support, security, or anti-abuse providers
• accounting or bookkeeping providers, where necessary

We only share data to the extent necessary for the relevant purpose.

Current providers may include:

• GoHighLevel
• Proton Mail

6. International Transfers

Some service providers may process personal data outside the European Economic Area (EEA) or in countries that do not provide the same level of data protection as the EEA.

Where required, we rely on appropriate safeguards such as adequacy decisions or Standard Contractual Clauses.

7. Retention

We keep personal data only as long as necessary for the relevant purpose.

Typical retention periods may include:

• server and security logs: up to 14 days, unless longer retention is necessary for security, abuse prevention, or incident investigation
• application and waitlist data: up to 12 months after the last relevant interaction, unless deletion is requested earlier or legal retention obligations apply
• support communications: up to 12 months after the last activity, unless longer retention is necessary in the individual case
• customer and billing data: only if a contractual relationship is later established, and then for the legally required retention period

8. Cookies and Similar Technologies

This website may use technically necessary cookies or similar technologies that are required to provide the website or its core functions, including security, session handling, and form delivery.

If non-essential cookies or tracking technologies are used later, we will request consent where required by law.

9. Your Rights

Under applicable data protection law, you may have the right to:

• obtain information about your personal data
• access your personal data
• request correction of inaccurate data
• request deletion of your data
• request restriction of processing
• receive your data in a portable format
• object to certain processing
• withdraw consent at any time, where processing is based on consent

To exercise your rights, contact us at: [email protected]

You also have the right to lodge a complaint with a data protection supervisory authority.

10. No Obligation to Provide Data

You are generally not legally required to provide personal data. However, some fields may be necessary if you want us to review an application, contact you, or provide a service.

11. Automated Decision-Making

We do not use your personal data for decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you through this website.

12. Security

We use appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or alteration.

No method of transmission or storage is completely secure, but we aim to apply reasonable and proportionate safeguards.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The current version will always be published on this website with the date of the latest update.

14. Contact