GDPR · CCPA · India DPDP Act 2023

Your data stays sovereign.

The Archive is built around local-first principles. The PSI Knowledge Ledger never leaves your device. Where data must cross the wire, we declare it here.

Data we collect by default

Essential cookies only: language preference, age-gate acknowledgement, jurisdiction override, and cookie-consent record. Stored locally in localStorage. No third-party trackers unless you opt in via the consent banner.

Data we collect when you opt in

Anonymous analytics (page views, no IP storage) and affiliate-attribution cookies set by partner networks (Amazon, Impact, Etsy) when you click a Tier A pointer link. We do not read those cookies; the partner network does.

Data we collect when you transact (Tier B mediated checkout)

Email, shipping address, and order line items, processed by Stripe under Stripe's merchant-of-record terms. Stripe is the data controller for payment data; we are the controller for order metadata and canonical lineage.

The PSI Knowledge Ledger

Every Oracle query and every Seal verification you make is SHA-256 hashed locally and stored only in your browser. Hashes never leave your device.

Your rights

GDPR Articles 15–22: access, rectification, erasure, portability, restriction, objection. CCPA §1798.100–.130: know, delete, opt-out of sale (we do not sell). DPDP §11–14: access, correction, erasure, grievance redress. Submit via dpo@apextatva.org or the in-app data-subject request form (coming soon).

Data Protection Officer

dpo@apextatva.org · The Archive maintains a designated DPO per GDPR Art. 37 and DPDP §10.

Subprocessors

Stripe (payments, tax compliance), Cloudflare (edge delivery), Lovable Cloud (database, storage, auth), Resend (transactional email), Lovable AI Gateway (Oracle inference).

ASHW-2487-KER · 0x9f2c4a7e1d…b71e