Privacy.

Who we are

Sovereign Standard Ltd, a private limited company registered in England and Wales (company number 17248595), is the controller of your personal data. You can reach us at info@sovereign-standard.com. Our registered office is on the public register at Companies House.

What we collect and why

We only collect what is needed to run your membership. Each category below lists what we collect, what we use it for, and the lawful basis under UK GDPR and EU GDPR.

Account data (name, email, password hash, chosen community, profile picture if you upload one). Used to create and run your account. Lawful basis: performance of the contract between you and us.

Membership and billing data (subscription status, plan, billing history, partial card details such as last four digits and expiry, returned to us by Stripe). Used to provide and bill your membership. Lawful basis: performance of the contract, and compliance with our legal obligations around bookkeeping and tax.

Training data (questionnaire answers, programme assignment, logged sessions, habit logs, weekly progress). Used to run the Body coach and the 90 Day Standard. Lawful basis: performance of the contract.

Sangat content (posts, replies, reactions). Used to run the community feed. Lawful basis: performance of the contract.

Strava data (only if you connect Strava: athlete id, activity name, distance, moving time, type, start time). Used to show your training inside the Sangat feed and your dashboard. Lawful basis: your consent, which you give by clicking Connect on the Strava authorisation screen and which you can withdraw at any time by disconnecting from Settings.

Communications (the contents of messages you send us through the contact form or by email). Used to reply to you. Lawful basis: our legitimate interest in answering inbound messages.

Technical data (IP address, browser, device, referrer, pages visited). Used to operate the site, debug issues, and protect against abuse. Lawful basis: our legitimate interest in running a secure service, and your consent for non-essential analytics cookies.

The Body coach and AI

The Body coach is software we built. The reasoning step that turns your questionnaire and logged sessions into a week of training is performed by a large language model operated by Anthropic. When the coach runs, the relevant slice of your training data is sent to Anthropic so the model can produce your plan. The output is stored back in your account on our database.

Anthropic processes that data only to return the response to us and, under their terms with us, does not use it to train their general models. The processing happens in the United States, under the appropriate safeguards described below.

Who we share data with

We use a small set of operational providers. Each one is a processor acting on our instructions, under a written data processing agreement.

Supabase hosts our database (EU region) and authentication.
Vercel hosts the website and runs our serverless functions.
Stripe processes payments and stores your card details directly. We do not see your full card number.
Anthropic runs the language model behind the Body coach.
Resend sends transactional email (sign-up confirmations, contact form replies).
PostHog records anonymised product analytics, only if you give consent.
Strava only if you connect it.

We do not sell your data. We do not run third-party advertising against your profile. We do not share your personal information for marketing purposes.

International transfers

Some of our processors (Anthropic, Resend, PostHog, Vercel, Stripe) are based in or operate from the United States. Where personal data leaves the UK or EEA, the transfer is covered by the UK International Data Transfer Addendum and the European Commission's Standard Contractual Clauses, or by an adequacy decision where one applies. Copies of those safeguards are available on request.

How long we keep your data

Account, training, and Sangat content are kept for as long as your account is active. If you delete your account, we remove your profile and content within thirty days, except where we are required to keep records for a longer period (for example billing records under UK and EU tax law, which we retain for up to seven years). Contact form messages are kept for up to two years for reference.

Your rights

Under UK GDPR and EU GDPR you have the right to access your data, correct it, ask us to delete it, restrict or object to how we use it, receive it in a portable format, and withdraw consent where we rely on consent. The Settings page has a Delete account control. For anything else, email info@sovereign-standard.com from the address on your account and we reply within thirty days.

Cookies and analytics

We use a session cookie to keep you signed in. This is strictly necessary and does not require consent.

We also use PostHog to understand how the product is used. PostHog may set cookies and uses your IP address. We only load PostHog after you give consent on the cookie banner. You can change your choice at any time by clearing the banner choice from your browser storage or by emailing us. We do not use third-party advertising cookies.

Children

Sovereign Standard is for adults. You must be 18 or older to create an account. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with their data, contact us and we will delete it.

Changes to this policy

We may update this policy. Material changes are communicated to members by email. The Last updated date at the top is always current.

Complaints

If you are in the UK and believe we have not handled your data correctly, you can complain to the Information Commissioner's Office (ico.org.uk). If you are in the EEA, you can complain to your local data protection authority. We would always prefer to hear from you first so we can put it right.