Skip to main content
← Back to Home

Privacy Policy

Last updated: March 29, 2026

1. Information We Collect

Account Information: Name, email address, and billing information when you create an account.

Usage Data: Which agents you use, task frequency, agent outputs, and performance metrics to improve the platform.

Content Data: Text, documents, URLs, and other inputs you provide to AI agents for processing.

Technical Data: IP address, browser type, and device information for security and analytics.

2. How We Use Your Information

We use your information to: provide and maintain the Sovereign Matrix platform, process payments, send transactional emails, improve our services, enforce usage limits, and provide customer support. We do not sell your data to third parties.

3. Lawful Basis for Processing

Contract: Processing necessary to provide the services you signed up for (agent execution, billing).

Legitimate Interest: Service improvement, security monitoring, fraud prevention.

Consent: Marketing communications, analytics cookies (you may withdraw consent at any time).

4. AI Processing & Third-Party Services

When you use Sovereign Matrix agents, your input data is processed by one or more AI model providers. The specific provider depends on the agent and your configuration (BYOK keys or platform defaults).

AI Model Providers:

  • NVIDIA NIM — Nemotron, NeMo Guardrails, embeddings, content safety (USA)
  • Google Gemini — Text generation, embeddings (USA)
  • Anthropic Claude — Text generation, computer use, citations (USA)
  • Groq — Inference acceleration, Whisper transcription (USA)
  • Meta Llama — Open-source models via NIM (USA)
  • DeepSeek — Reasoning models via NIM and Groq (China/USA)
  • Qwen — Multilingual models via NIM (China/USA)
  • Mistral AI — European models via NIM (France/USA)
  • Black Forest Labs FLUX — Image generation (Germany/USA)
  • Tavily — Web search and research (USA)

Infrastructure:

  • Clerk — Authentication and user management (USA)
  • Neon — PostgreSQL database hosting (USA/EU)
  • Vercel — Application hosting, CDN, edge functions (Global)
  • Pinecone — Vector database for agent memory (USA)

Payments:

  • Yoco — Payment processing (South Africa)
  • PayFast — South African payment processing (South Africa)
  • PayStack — Nigerian payment processing (Nigeria)

Communications:

  • Resend — Transactional email delivery (USA)
  • Twilio — Voice calls and SMS (USA)
  • ElevenLabs — Voice synthesis (USA)

5. AI-Generated Content Disclosure

All content produced by Sovereign Matrix agents (text, images, code, voice scripts) is AI-generated. AI outputs may contain inaccuracies and should be reviewed before use. Voice agents identify themselves as AI at the start of every outbound call, in compliance with TCPA and applicable regulations.

6. Cross-Border Data Transfers

Your data may be processed in the United States, European Union, and South Africa depending on which AI providers and infrastructure services are used. We rely on standard contractual clauses and adequacy decisions where applicable to ensure appropriate data protection.

7. Data Retention

Agent outputs: Retained for 12 months, then automatically deleted.

Billing records: Retained for 36 months as required by tax regulations.

Account data: Retained until you request deletion.

Usage analytics: Aggregated and anonymized after 6 months.

8. Data Security

We use TLS 1.3 encryption for all data in transit. Database connections use SSL. Payment information is processed securely through PCI-compliant payment providers and is never stored on our servers. API keys provided via BYOK are encrypted at rest. We implement security headers (HSTS, CSP, X-Frame-Options) and rate limiting on all endpoints.

9. Your Rights

Under GDPR, POPIA, and CCPA, you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Request correction of inaccurate data
  • Erasure — Request deletion of your data (“right to be forgotten”)
  • Portability — Request your data in a machine-readable format
  • Objection — Object to processing based on legitimate interest
  • Withdraw consent — For marketing and non-essential cookies
  • Non-discrimination — (CCPA) We will not discriminate against you for exercising your rights

Contact christiaan@sovereignmatrix.agency to exercise these rights. We respond within 30 days.

10. POPIA Compliance (South Africa)

Sovereign Matrix is operated from Cape Town, South Africa and complies with the Protection of Personal Information Act (POPIA).

Information Officer: Christiaan de Wet — christiaan@sovereignmatrix.agency

11. Cookies

We use the following cookies:

  • Essential: Authentication session cookies (Clerk) — required for the platform to function
  • Analytics: Plausible Analytics — privacy-friendly, no personal data collected, no consent required
  • Functional: A/B testing cohort cookie — used to improve the experience

We do not use advertising or tracking cookies. You can manage cookie preferences via the consent banner on your first visit.

12. Email Communications

We send transactional emails (account confirmations, billing receipts) and optional marketing emails. You can unsubscribe from marketing emails at any time via the unsubscribe link in every email or by visiting sovereignmatrix.agency/unsubscribe.

13. Do Not Sell My Personal Information

We do not sell, rent, or trade your personal information to third parties for marketing purposes. This applies to all users, including California residents under the CCPA.

14. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or an in-app notification. Continued use of the platform after changes constitutes acceptance.

15. Contact

For privacy-related inquiries: christiaan@sovereignmatrix.agency

Sovereign Matrix — Cape Town, South Africa