Your data stays sovereign.
The Archive is built around local-first principles. The PSI Knowledge Ledger never leaves your device. Where data must cross the wire, we declare it here.
Data we collect by default
Essential cookies only: language preference, age-gate acknowledgement, jurisdiction override, and cookie-consent record. Stored locally in localStorage. No third-party trackers unless you opt in via the consent banner.
Data we collect when you opt in
Anonymous analytics (page views, no IP storage) and affiliate-attribution cookies set by partner networks (Amazon, Impact, Etsy) when you click a Tier A pointer link. We do not read those cookies; the partner network does.
Data we collect when you transact (Tier B mediated checkout)
Email, shipping address, and order line items, processed by Stripe under Stripe's merchant-of-record terms. Stripe is the data controller for payment data; we are the controller for order metadata and canonical lineage.
The PSI Knowledge Ledger
Every Oracle query and every Seal verification you make is SHA-256 hashed locally and stored only in your browser. Hashes never leave your device.
Your rights
GDPR Articles 15–22: access, rectification, erasure, portability, restriction, objection. CCPA §1798.100–.130: know, delete, opt-out of sale (we do not sell). DPDP §11–14: access, correction, erasure, grievance redress. Submit via dpo@apextatva.org or the in-app data-subject request form (coming soon).
Data Protection Officer
dpo@apextatva.org · The Archive maintains a designated DPO per GDPR Art. 37 and DPDP §10.
Subprocessors
Stripe (payments, tax compliance), Cloudflare (edge delivery), Lovable Cloud (database, storage, auth), Resend (transactional email), Lovable AI Gateway (Oracle inference).