Legal

Legal & Privacy

Our commitment to data handling, operational transparency, and clear terms of engagement.

Privacy Policy

Privacy by Design

Sovereign's architecture is built around a privacy-by-design approach. We limit operational collection to the metadata needed to authenticate, communicate, and maintain service integrity. We do not treat raw client audit materials as ambient application data.

Data Boundary Maintenance

Diagnostic operations, risk matrices, and compliance scoring are intended to run inside the agreed control boundary or through tightly constrained processing paths. The design goal is to keep intelligence leakage to third parties as close to zero as the engagement model allows.

Your Rights & Controls

Under applicable privacy regimes including PIPEDA and GDPR, clients retain authority over their records and disclosures. Subject access, deletion, and handling questions can be directed through the assigned engagement lead.

Essential Session Management

We deploy strictly essential, first-party functional cookies required to maintain encrypted session states and RBAC authentication parameters. These are technically necessary for the Auditor Portal to operate. We do not integrate third-party analytics, advertising scripts, or behavioral tracking.

Terms of Use

Acceptable Use & Access Controls

Access to Sovereign services is strictly limited to authorized corporate entities under an active engagement. You agree to utilize hardware-backed multi-factor authentication and maintain absolute secrecy of encrypted access tokens.

Intellectual Property

All proprietary algorithms, methodologies, threat models, and interface architectures provided by Sovereign GRC remain the exclusive intellectual property of tas Technology. You are granted a non-transferable, localized license to deploy these systems strictly within your corporate boundary.

Service Limitations & Termination

Any attempt to decompile, reverse-engineer, or externally expose our local inference engines constitutes an immediate breach, resulting in instantaneous cryptographic lockdown of access. Sovereign reserves the right to terminate service to maintain collective network integrity.