Soverant← Back to home

Privacy Policy

Last updated: 8 June 2026

This Privacy Policy explains how Soverant collects, uses and protects personal data when you use our websites and platform (the “Service”), and your rights under the EU General Data Protection Regulation (“GDPR”) and the Irish Data Protection Act 2018.

1. Who we are

The Service is provided by Soverant, a product currently operated by Adverant Limited (Ireland) pending incorporation of Soverant Ltd (the “data controller” for the purposes of this policy). For Customer Data you submit when operating the platform, you are typically the controller and we act as your processor under a Data Processing Agreement.

2. Data we collect

We collect: (a) account data (name, work email, organisation, authentication identifiers from your sign-in provider); (b) usage data (log, device and analytics data needed to operate and secure the Service); and (c) Customer Data you choose to process in the platform. We do not seek to collect special-category data through the public site.

3. How we use data

We use personal data to authenticate you, provide and secure the Service, respond to requests, meet legal obligations, and improve reliability and performance. We do not sell personal data.

4. Legal bases

We process personal data on the bases of contract (to provide the Service you request), legitimate interests (to secure and improve the Service, balanced against your rights), consent (where required, e.g. certain cookies), and legal obligation.

5. Sovereignty & data residency

Where a sovereign or in-tenant deployment is configured, Customer Data is processed within the jurisdiction and boundary you select and need not leave your environment. EU-sovereign deployments keep processing within the EU/EEA.

6. Sharing & processors

We share personal data only with vetted sub-processors who act on our instructions (for example cloud hosting and identity providers), with your organisation’s administrators, and where required by law. A current list of sub-processors is available on request.

7. Retention

We retain personal data only as long as needed for the purposes above or as required by law, after which it is deleted or anonymised. Customer Data is retained and deleted per your configuration and agreement.

8. Security

We apply appropriate technical and organisational measures — including encryption in transit, access controls, audit logging and the option of on-device / in-tenant processing — to protect personal data. No method is perfectly secure, but we work to reduce risk.

9. International transfers

Where personal data is transferred outside the EEA, we rely on appropriate safeguards such as EU Standard Contractual Clauses. Sovereign deployments are designed to avoid such transfers entirely.

10. Your rights

Subject to applicable law, you have the right to access, rectify, erase, restrict or object to processing, to portability, and to withdraw consent. You may also lodge a complaint with the Irish Data Protection Commission (dataprotection.ie) or your local supervisory authority. To exercise your rights, contact us below.

11. Cookies

The public site uses only essential cookies/local storage needed to operate sign-in and remember preferences. We do not use non-essential tracking cookies without your consent.

12. Changes

We may update this policy from time to time; material changes will be reflected by updating the “last updated” date above and, where appropriate, by notice in the Service.

13. Contact

For privacy questions or to exercise your rights, contact privacy@soverant.ai.

This policy is provided in good faith and is subject to update. For enterprise and public-sector deployments, a separate Data Processing Agreement governs the processing of Customer Data and prevails over this policy where executed.