Privacy Policy

Last Updated: February 20, 2026

1. Introduction

ESSENTIAL SERVICES ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, and protect information related to sovrium.com (the "Website") and the Sovrium software (the "Software").

Sovrium is designed with digital sovereignty in mind. As a self-hosted platform, we believe your data should remain under your control.

2. Data Collection

2.1 Website Analytics

We may use privacy-respecting analytics services (such as Plausible Analytics) to understand website traffic and usage patterns. These services:

• Do not use cookies

• Do not collect personal data

• Do not track users across sites

• Are fully GDPR compliant

2.2 Cookies

The sovrium.com website does not use cookies. We do not set any first-party or third-party cookies. No cookie consent banner is necessary because no cookies are used.

2.3 Self-Hosted Software

Sovrium is self-hosted software that runs on your infrastructure. We do not:

• Collect data from your Sovrium installations

• Store or process your application data

• Have access to your configurations

• Monitor your usage or deployments

You are the data controller for all data processed by your Sovrium installation.

2.4 GitHub and Open Source

When you interact with our GitHub repository (issues, pull requests, discussions), GitHub collects data according to their privacy policy. We may see public information you share on GitHub.

2.5 Facebook and Social Login

Sovrium-powered applications may integrate Facebook Login (or other social authentication providers) as an optional sign-in method. When a user authenticates via Facebook Login, the following data may be received by the Sovrium application:

• Name and profile picture

• Email address

• Facebook user ID

Legal basis: This data is processed under GDPR Art. 6(1)(b) (performance of a contract) when you choose to sign in via Facebook Login, and Art. 6(1)(a) (consent) as you explicitly authorize the data sharing through Facebook’s authorization dialog.

This data is used solely for the purpose of authenticating your identity and creating your user account within the Sovrium-powered application. For self-hosted installations, this data is stored on the infrastructure controlled by the organization operating the application. ESSENTIAL SERVICES does not have access to this data unless it directly operates the application.

You may request deletion of your data at any time. See our Data Deletion page at sovrium.com/data-deletion for detailed instructions.

3. Use of Information

Any analytics data we collect is used solely to:

• Improve our website and documentation

• Understand which features interest users

• Fix technical issues with the website

• Plan development priorities

3.1 Data Retention

• Website analytics: Aggregated and anonymized. No personal data is retained.

• Facebook Login data (for ESSENTIAL SERVICES-operated applications): Retained as long as your user account is active. Deleted within 30 days of a valid deletion request.

• Self-hosted installations: Data retention is determined by the organization operating the Sovrium instance.

4. Third-Party Services

Our website may link to or interact with third-party services:

• GitHub (for source code and issues)

• Google Fonts (for typography)

• Facebook/Meta (for social authentication in Sovrium-powered applications)

• CDN services (for faster content delivery)

These services have their own privacy policies and data practices. We encourage you to review their policies, in particular the Meta Privacy Policy at https://www.facebook.com/privacy/policy/.

4.1 Data Sharing

ESSENTIAL SERVICES does not sell, rent, or trade your personal data to third parties. We do not share your personal data with third parties for their marketing purposes. Data may only be shared with third parties in the following limited circumstances:

• With your explicit consent (e.g., when you authorize a social login)

• To comply with legal obligations or respond to lawful government requests

• To protect the rights, property, or safety of ESSENTIAL SERVICES, our users, or the public

5. International Data Transfers

When you use Facebook Login or other social authentication providers, your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. These transfers are necessary for the performance of the authentication service and are conducted in accordance with applicable data protection laws.

Where data is transferred outside the EEA, we rely on appropriate safeguards such as the EU-US Data Privacy Framework, Standard Contractual Clauses (SCCs), or other lawful transfer mechanisms to ensure your data is adequately protected.

For self-hosted Sovrium installations, data transfers are determined by the organization operating the instance. ESSENTIAL SERVICES has no involvement in those transfers.

6. Your Rights

Under GDPR and other privacy laws, you have the right to:

• Access any personal data we hold about you

• Request correction of inaccurate data

• Request deletion of your data

• Object to data processing

• Request data portability

To exercise these rights, contact us at privacy@sovrium.com.

7. Security

We take reasonable measures to protect any information we collect. However, as we collect minimal data and the Sovrium software is self-hosted, your primary security responsibility lies with your own infrastructure and deployment practices.

8. Children's Privacy

Our website and software are not directed to children under 13. We do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Your continued use of the website after changes constitutes acceptance of the updated policy.

10. Contact Information

For privacy-related inquiries:

• Email: privacy@sovrium.com

• GitHub Issues: https://github.com/sovrium/sovrium/issues

• Company: ESSENTIAL SERVICES, SAS au capital de 10 000 €

• RCS Paris — SIREN: 834 241 481

• SIRET: 834 241 481 00029

• TVA: FR04834241481

• Address: 128 Rue La Boétie, 75008 Paris, France

• President: Thomas Jeanneau

• Data Deletion: sovrium.com/data-deletion

11. Data Protection

As a company committed to digital sovereignty, we practice data minimization. We collect the absolute minimum data necessary and encourage you to maintain control of your own data through self-hosting.