Privacy Policy

Effective: June 4, 2026
Last updated: June 4, 2026

Who we are

Sovereign Systems Group LLC is a U.S. limited liability company that publishes the Operator's Field Manual and related products for building and operating local-first AI agents.

Contact: hope@sovereign-systems-group.com

If you have questions about this policy, your data, or anything else, that address goes directly to us. All inquiries are reviewed and responded to directly.

What we collect

When you buy from us, we collect:

• Your name (as you enter it at checkout)
• Your email address (to deliver your licensed copy and notify you of new editions within your update window — 6 months for Triple Threat, 12 months for Quadruple Threat)
• Your purchase history (which products, when, at what price)

When you pay, Stripe processes your card. Stripe is our payment processor. They see your card details so we do not have to. We never see, store, or have access to your credit card number, CVC, or full bank account information. What we get back from Stripe is your name, email, billing country, and a transaction ID.

We do not use tracking cookies, web beacons, or analytics that profile you. We do not have a "marketing pixel." We do not deploy any tracking or profiling technology on this website.

How we use it

We use your data for three things:

1. To fulfill your order. Deliver your licensed copy and provide order-related support.
2. To honor your update window. If you bought a tier that includes a 6-month or 12-month update window, we use your email to notify you when a new edition publishes inside that window.
3. To send you marketing emails — but only if you say yes first. At checkout, you will see a checkbox asking if you want to hear about new editions of the manual. If you check it, you go on our announcement list. If you do not, you only get transactional emails (receipts, delivery, support replies). We never opt you in by default.

We do not use your data for any other purpose.

What we don't do

• We do not sell your data. Not to advertisers, not to "data partners," not to anyone. Ever.
• We do not share your data with third parties for their marketing.
• We do not track you across other websites.
• We do not build a profile of your behavior to sell to anyone.
• We do not store your payment card information. Stripe handles that and we never see it.

If we ever change any of this, we will tell you directly — not in a quiet footer update.

How long we keep your data

• Order records (name, email, purchase history, transaction ID): we keep these for as long as we operate the business, because they are business records and we are required to keep them for tax and accounting purposes (typically a minimum of seven years under U.S. law).
• Marketing-list membership: we keep you on the list until you unsubscribe. When you unsubscribe, you come off the list. We retain a record that you were subscribed (so we can prove we honored your unsubscribe), but you stop receiving emails.
• Support correspondence: we keep your emails to us as long as we need to address what you wrote in.

If you want your data deleted (see "Your rights" below), we will delete what we can legally delete and keep only what we are legally required to retain.

Terms of sale

For your records, our terms of sale:

All sales are final. This is a digital product delivered immediately upon purchase. No refunds will be issued under any circumstances. By completing your purchase you acknowledge and agree to this policy. Your licensed copy is watermarked with your purchase credentials. Redistribution, sharing, resale, or reproduction of this material in any form is strictly forbidden and constitutes a violation of your license agreement.

This policy is disclosed before purchase on the Stripe payment page, on every receipt, and in the delivery email that accompanies your licensed copy. By completing checkout, you confirm you have seen and agreed to this policy.

Watermarking and redistribution

The Operator's Field Manual PDF you receive is watermarked with your purchase information. Every copy we ship is unique to you. This watermark is part of how we deter unauthorized redistribution.

Redistributing your copy — whether by sharing the file, uploading it, posting excerpts beyond fair use, or selling it — is forbidden under the terms of your purchase. If a copy traceable to your purchase appears in unauthorized distribution, the source of that copy may be identified through the watermark.

This is not us being adversarial; it is how we protect the work so we can keep selling it at a price that lets us keep producing it. Buy a copy for yourself, use it however you like for your own work. Unauthorized distribution in any form constitutes a violation of your license agreement and applicable copyright law.

Marketing emails

• You only get marketing emails if you explicitly opt in at checkout. If you do not opt in at checkout, you will not receive marketing emails.
• You can unsubscribe at any time by emailing hope@sovereign-systems-group.com with "unsubscribe" in the subject line, or by replying to any marketing email with the same.
• Unsubscribe is processed within one business day, and well before any required compliance window (CAN-SPAM gives us 10 business days; we do not use the full window).
• Transactional emails are not optional — if you buy something, we will send you a receipt and your delivery, even if you are unsubscribed from marketing. This is not marketing; this is us completing the transaction you paid for.

Your rights (EU / UK customers — GDPR)

Sovereign Systems Group LLC is the Data Controller for personal data collected through this website and its products. As a small business, we are not required to appoint a Data Protection Officer.

If you are in the European Union or the United Kingdom, the General Data Protection Regulation (GDPR) and the UK's equivalent give you specific rights over your data. You have the right to:

• Access your data — ask us what we have on you, and we will send it to you.
• Correct your data — if something we have is wrong, tell us and we will fix it.
• Delete your data — ask us to remove your data, and we will delete everything we are not legally required to retain.
• Restrict processing — ask us to pause using your data while we resolve a dispute.
• Portability — ask us to export your data in a machine-readable format so you can take it elsewhere.
• Object — tell us to stop using your data for any specific purpose.
• Lodge a complaint with your local data protection authority (e.g., the UK ICO, or your country's equivalent) if you think we have handled your data badly.

To exercise any of these rights, email hope@sovereign-systems-group.com. We will respond within 30 days, usually faster.

Our legal basis for processing your data is (1) contract — we need your data to deliver what you bought; and (2) consent — for marketing emails, only when you have actively opted in.

UK customers may also lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Your rights (U.S. customers — CAN-SPAM)

If you are in the United States, the CAN-SPAM Act governs commercial email. We comply with all of it:

• Honest sender identification — every email from us names Sovereign Systems Group LLC.
• No misleading subject lines — the subject of every email accurately reflects its content.
• Clear unsubscribe — every marketing email has an easy way out.
• We honor unsubscribes promptly — see the marketing emails section above.
• We disclose this is commercial communication — when an email is promoting something, we say so.

Your rights (California customers — CCPA / CPRA)

If you live in California, the California Consumer Privacy Act (CCPA) and its 2023 amendment, the California Privacy Rights Act (CPRA), give you specific rights over your personal information. You have the right to:

• Know what personal information we have about you, where we got it, and what we use it for.
• Delete the personal information we have on you, with the same exceptions noted above (we keep what we are legally required to retain).
• Correct inaccurate information.
• Opt out of "sale" or "sharing" of your personal information — though to be clear, we do not sell or share your personal information for advertising purposes. There is nothing for you to opt out of, but the right exists, and the answer to "is my data being sold" is always no.
• Limit the use of sensitive personal information — we do not collect any (no government IDs, biometrics, health data, geolocation precision, race, religion, sexual orientation, or union membership).
• Non-discrimination — we will not charge you more, give you worse service, or deny you our product for exercising any of these rights.

To exercise any of these rights, email hope@sovereign-systems-group.com. We will verify your identity (typically by confirming the email address on file matches your request) and respond within 45 days, usually much faster.

We do not have a "Do Not Sell My Personal Information" link because we do not sell personal information. If we ever changed that — we will not — we would add the link and tell you directly first.

Your rights (Canadian customers — PIPEDA)

If you are in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) governs how private-sector organizations handle your personal information. We comply with the ten fair information principles it is built around. In practical terms, you have the right to:

• Know what we have — ask us what personal information we hold about you, where it came from, and how we use it.
• Access your data — we will send you a copy of what we have, in a usable format.
• Correct inaccurate or incomplete information.
• Withdraw consent — for marketing emails, at any time. For data we need to fulfill your order, withdrawing consent may mean we cannot continue providing the product, and we will tell you that clearly if it applies.
• Challenge our compliance — if you think we have mishandled your data, you can complain to us first, and then to the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.

Our accountability: we are responsible for the personal information in our custody, including any we transfer to Stripe for payment processing. Stripe publishes a PIPEDA compliance posture we rely on.

To exercise any of these rights, email hope@sovereign-systems-group.com. We respond within 30 days, usually faster.

Breach notification: in the event of a breach involving your personal information that poses a real risk of significant harm, we will notify you and the Office of the Privacy Commissioner of Canada as required by law.

Your rights (Australian customers — Privacy Act 1988 / Australian Privacy Principles)

If you are in Australia, the Privacy Act 1988 and the Australian Privacy Principles (APPs) govern how we handle your personal information. You have the right to:

• Know what personal information we collect, why, and who we share it with — this policy covers all of it.
• Access the personal information we hold about you, and have it sent to you in a usable format.
• Correct information that is inaccurate, out-of-date, incomplete, or misleading.
• Anonymity or pseudonymity where practical — though for an order to be fulfilled, we need a real name and email to deliver the product.
• Opt out of direct marketing at any time — see the Marketing emails section above. We never opt you in by default.
• Complain to us first if you think we have handled your data badly, and then to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you are not satisfied with our response.

Cross-border disclosure: your data is stored on our own infrastructure in the United States, and Stripe (also U.S.-based) processes your payment. By purchasing from us, you consent to this cross-border transfer. Both we and Stripe handle your data in a manner consistent with the APPs.

To exercise any of these rights, email hope@sovereign-systems-group.com. We respond within a reasonable period, generally within 30 days.

Notifiable Data Breaches: in the event of a data breach likely to result in serious harm, we will notify affected individuals where required and where contact information is available, and the Office of the Australian Information Commissioner as required under the Notifiable Data Breaches scheme.

Your rights (other jurisdictions — Singapore PDPA, India DPDP Act)

We sell internationally, and several other countries have data protection laws that may apply to you depending on where you are based. The two most common we encounter:

• Singapore (Personal Data Protection Act 2012) — you have rights to access, correct, and withdraw consent for the personal data we hold about you. To exercise these rights, email hope@sovereign-systems-group.com. We respond within 30 days. If you are not satisfied with our response, you can complain to the Personal Data Protection Commission (PDPC) at pdpc.gov.sg.

• India (Digital Personal Data Protection Act 2023) — you have rights to access, correct, erase, and withdraw consent for the personal data we hold about you, and to nominate someone to exercise these rights on your behalf in case of incapacity or death. To exercise these rights, email hope@sovereign-systems-group.com. We respond within a reasonable period. If you are not satisfied, you can approach the Data Protection Board of India once it is operational.

If you are in another jurisdiction with data protection laws (Japan's APPI, South Korea's PIPA, Brazil's LGPD, South Africa's POPIA, or anywhere else) and you want to exercise rights under your local law, email us anyway. The substantive rights — access, correction, deletion, withdraw consent — we offer the same way to everyone. The legal frameworks differ; the underlying respect for your data remains constant.

Cookies and tracking

We do not use cookies, tracking pixels, or any client-side storage that profiles you. No cookie consent banner is displayed because there is nothing to consent to.

Children

We do not knowingly collect data from anyone under 13. The Operator's Field Manual is a technical product aimed at adults. If a parent or guardian believes we have collected data from a child, email hope@sovereign-systems-group.com and we will delete it promptly upon verification.

Where your data lives

Your data is stored in two places:

• Our own infrastructure — physical servers we operate ourselves. This is part of the local-first sovereignty thesis the product is built around. We do not outsource your data to a third-party CRM, marketing platform, or customer database.
• Stripe — for payment processing. Stripe is a U.S. company with its own privacy policy and is GDPR-compliant. Their policy is at https://stripe.com/privacy.

We do not use Mailchimp, SendGrid, HubSpot, Salesforce, Klaviyo, Customer.io, or any other third-party email or CRM service. When we email you, the email comes directly from our own systems via our email provider.

If we ever change this — for instance, if scale forces us to add an email service provider — we will update this policy and tell you directly before it happens.

Changes to this policy

If we change this policy in a way that meaningfully affects how we handle your data, we will:

• Update the "Last updated" date at the top
• Make reasonable efforts to notify affected customers at the email address on file
• Give you a chance to opt out, withdraw consent, or have your data deleted before the change takes effect

We will not change this policy quietly. On request, we will share the revision history of this policy.

Contact

For any privacy question, complaint, or data request:

Sovereign Systems Group LLC
78 Glocker Way, Suite 275
Pottstown, PA 19465
Email: hope@sovereign-systems-group.com

No phone number — email is the designated contact channel.

We aim to respond within 1–2 business days for most things, and within 30 days for any formal data request (often much faster).

This policy is written in plain English on purpose. If anything here is unclear or you'd like an interpretation in formal legal language, email us and we'll explain. We believe a privacy policy you can actually read is more honest than one you can't.