1. Overview
This Privacy Policy explains how Soviez ERP ("we," "us," or "our") collects, uses, stores, and protects information when you interact with our public storefront, customer dashboard, add-ons marketplace, installation request workspace, and licensing platform (the "Platform"). This Policy applies to website visitors, registered account holders, and purchasers of Soviez ERP licenses and optional add-on services.
Soviez ERP is an independent software distribution built upon the open-source Odoo 18 Community Edition. This Policy governs our Platform operations only and does not describe data processing inside your self-hosted Soviez ERP deployment, which remains under your exclusive control.
2. Data We Collect (Storefront & Account Services)
Account Registration Data
When you register for a Soviez ERP account, we collect information necessary to authenticate you and provision license services, including:
- Email address — used for account identification, transactional communications, and dashboard access;
- Password credentials — stored exclusively as cryptographic password hashes via our authentication infrastructure. We do not store plaintext passwords on our systems.
Account records are persisted in a Supabase-managed PostgreSQL database, protected by industry-standard access controls, Row-Level Security (RLS) policies that isolate each customer's rows, and encrypted transport (TLS).
Corporate Billing Profile Data
When you complete your corporate billing profile for invoicing, we store:
- Legal company / entity name;
- Tax registration ID;
- Full billing street address and country; and
- Direct billing phone number.
These fields reside in your profiles record and are accessible only to your authenticated session (and to authorized Soviez ERP administrators for support and compliance purposes) through RLS-enforced database policies. We use this data solely to generate legally compliant on-demand PDF invoices and to support account administration.
Sensitive platform integration secrets (for example SMTP passwords, Stripe secret keys, and Resend API keys configured by administrators) may be encrypted at the application layer using AES-256-GCM when SETTINGS_ENCRYPTION_KEY is configured in the deployment environment.
Payment Data
All payment transactions are routed securely and directly through Stripe using tokenized payment streams. Soviez ERP does not store, process, or retain raw credit card numbers, CVV codes, or full payment instrument details on our local infrastructure.
We may retain limited payment metadata necessary for order fulfillment and accounting, such as transaction identifiers, payment status, currency, amount, and timestamps—always as provided by Stripe's secure APIs.
License, Marketplace & Operational Records
When you purchase and activate a license or add-on, we store records associated with your order, including instance fingerprint binding metadata, cryptographic license key references, purchase timestamps, add-on slugs, bundle composition, regional pricing tier indicators, and checkout routing metadata required to enforce our licensing and marketplace model.
Sensitive Installation Credentials
If you purchase an installation add-on and submit an Installation Request, we collect server authentication payloads strictly necessary to perform the deployment service you requested. Depending on your submission, this may include:
- Production instance host addresses;
- Hosting provider identifiers;
- SSH usernames and passwords; and
- Database connection parameters or related access credentials when required for deployment.
We collect this information only when you voluntarily enter it into the Installation Request workspace for the purpose of fulfilling your ticket. We do not harvest credentials from your self-hosted Soviez ERP instance or from third-party infrastructure without your explicit submission through the Platform.
3. Browser Session Persistence & Transient Guest Isolation (Technical Support Chat)
The embedded Technical Support chat widget (Nancy) uses a zero-persistent-tracking model for conversation replay. Chat transcripts are held temporarily in the browser's sessionStorage only—not in long-lived cookies or cross-session localStorage archives for guest visitors.
- Guest visitors: messages persist under
ultimate_erp_nancy_chat:guestinsessionStoragefor the active browser tab session only. - Authenticated customers: messages persist under
ultimate_erp_nancy_chat:<userId>insessionStorage, segregated per account. - Automatic purge: guest and user chat keys are removed on logout, account session termination, and tab/window destruction. Closing the browser tab ends the transient chat archive on the device.
- No guest cookie tracking: Nancy guest mode does not establish persistent first-party cookies for chat replay; only ephemeral sessionStorage scoped to the active tab session is used.
Chat history in sessionStorage is not synchronized to our servers as a full transcript archive for casual browsing. Authenticated support escalations that create formal tickets are stored separately in our database under RLS. You may also clear history using the in-widget Clear chat history control.
4. AI Zero-Leak Protection (Nancy Ecosystem Context)
When signed-in customers interact with Nancy, the assistant may invoke a parameterless server tool named getUserEcosystemContext. This tool is architected for zero-leak contextual assistance:
- The tool accepts no lookup parameters from the LLM or client payload—preventing prompt-injection harvesting of arbitrary customer records.
- Context is resolved exclusively through authenticated server-side JWT verification tied to the active Supabase session; the external LLM backend never receives session tokens or database credentials.
- The returned snapshot includes safe operational references only—customer name, bound instance fingerprints, migration credit counts, ticket reference numbers, billing completeness flags, and subscription entitlement status.
- Excluded by design: raw cryptographic license keys, decrypted SSH passwords, corporate tax registration identifiers, full billing street addresses, and other high-sensitivity descriptors are not transmitted to the external LLM backend.
- Guest mode never invokes this tool; unsigned visitors receive generic guidance without personalized account data.
5. Automated PII Maintenance Purges
Soviez Cloud operates scheduled service-role maintenance routines to limit retention of transient operational data and rate-limit metadata:
- Failed email queue: rows in
failed_email_queue(including unsent invoice PDF payloads and recipient email addresses) are automatically destroyed after 30 days viapurge_stale_failed_email_queue(). - API rate-limit buckets: IP-scoped sliding-window keys in
api_rate_limitsare cleared after 7 days of idle time viapurge_stale_api_rate_limits(). - Verification tokens: expired signup and license-operation OTP tokens are purged on an hourly maintenance schedule.
These purges run with service-role privileges only; customer sessions cannot access or modify maintenance tables directly.
6. Advanced Cryptographic Protection of Server Credentials
All server credentials submitted through Installation Requests are encrypted at the application layer using AES-256-GCM authenticated encryption before they are written to our database. Plaintext SSH passwords, usernames, host identifiers, and related secret fields are never stored in readable form at rest.
Decryption is limited to authorized installation engineers during active, scoped deployment windows. This sub-encryption layer is designed to minimize breach visibility by ensuring that a raw database export alone does not expose usable production credentials.
7. Automated Activity Audit (Installation Chater)
The Installation Request workspace includes a unified activity stream ("Chater") that combines customer messages, administrator replies, and automated system-generated audit entries.
When you create or update installation credentials—such as changing a server IP, SSH username, SSH password, or hosting provider—the Platform automatically records a timestamped system log entry describing which field was modified and when the change occurred. These entries are created for security, accountability, and service tracking and cannot be authored manually with a spoofed system identity through the customer interface.
Audit entries may be visible to you, to authorized Soviez ERP installation staff, and—where applicable—to administrators supporting your ticket.
8. Third-Party Service Providers & Transactional Handlers
We integrate with trusted third-party processors to operate the Platform securely. Depending on your interaction, data may be processed by:
- Stripe — encrypted payment tokenization, checkout sessions, and dispute handling. Soviez ERP does not store raw card numbers.
- Supabase Auth — account authentication, signup email OTP delivery, password hashing, and session management.
- Resend and/or SMTP — transactional email delivery including payment confirmations, license operation 2FA codes, support ticket reply notifications, installation update alerts, and on-demand invoice delivery when requested.
- Cloudflare Turnstile (when enabled) — bot protection on registration and authentication endpoints.
Each provider processes data according to its own privacy policy and applicable compliance frameworks (including PCI-DSS for Stripe). We transmit only the minimum information required to fulfill each transaction.
9. Marketing Analytics (Storefront Only)
Our marketing storefront may utilize third-party analytics and advertising technologies configured by the platform operator, including:
- Google Analytics 4 (GA4) — to measure traffic, session behavior, conversion funnels, and storefront performance; and
- Meta Pixel — to capture marketing attribution, optimize advertising campaigns, and evaluate audience engagement.
These services may place cookies or similar identifiers in your browser to collect usage metrics in accordance with their respective privacy policies. Tracking scripts are injected only when corresponding measurement IDs are actively configured in the admin integrations panel.
You may control, block, or delete cookies through your web browser settings or through opt-out mechanisms provided by Google and Meta. Disabling cookies may limit certain analytics features but will not prevent core account or checkout functionality.
10. Core Distribution Telemetry Isolation
We draw a strict architectural boundary between our marketing storefront and the containerized Soviez ERP software delivered to your infrastructure.
While the public storefront may employ analytics cookies for traffic measurement, the distributed Docker-based Soviez ERP instance deployed on your servers is engineered to contain:
- ZERO outbound telemetry;
- ZERO phone-home scripts; and
- ZERO background tracking to Soviez ERP or third-party analytics endpoints.
Your self-hosted corporate records—including financial ledgers, inventory databases, human resource files, and customer data—remain 100% private and isolated within your server boundary. We do not access, ingest, or monitor operational data inside your production deployment unless you independently choose to share it with us for support purposes outside the scope of this Policy.
11. Data Security, Retention & Regulatory Rights
We implement industry-standard encryption protocols and security practices to safeguard account credentials, session tokens, installation secrets, and active license keys generated through the customer dashboard, including:
- Encrypted data transmission via HTTPS/TLS across all Platform endpoints;
- Hashed password storage through our authentication provider;
- AES-256-GCM application-layer encryption for submitted server credentials;
- Role-based and row-level database access controls for administrative data; and
- Segregation of payment processing to PCI-compliant Stripe infrastructure.
We retain account and completed purchase records for as long as your account remains active or as required to fulfill legal, tax, audit, and fraud-prevention obligations. Installation credentials for active paid tickets are retained only for as long as necessary to deliver and document the requested service.
Depending on your jurisdiction—including rights under the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) as amended—you may have rights to access, correct, delete, restrict processing of, or port certain personal data we hold about your account. To exercise applicable rights, contact us through the channels published on the Platform.
12. Right to Erasure (Pending Order Deletion)
You may delete incomplete or pending purchases directly from your customer dashboard before checkout is finalized. When you confirm removal of a pending order, our systems execute a hard cascade-delete that permanently purges the unpaid purchase record and all dependent Platform artifacts linked exclusively to that order, which may include:
- Provisioned Installation Request tickets;
- Encrypted server credentials associated with those tickets;
- Installation Chater messages and automated credential audit logs; and
- Other orphaned workflow records attached to the deleted pending purchase.
This deletion is immediate and irreversible. It does not affect completed, paid orders, issued license keys, or financial records we must retain for compliance purposes.
13. International Visitors
If you access the Platform from outside the country where our infrastructure is hosted, you acknowledge that your information may be processed in jurisdictions with data protection standards that differ from your own.
14. Policy Updates
We may update this Privacy Policy periodically to reflect changes in our Platform architecture, integrations, or legal obligations. Material changes will be indicated by updating the "Last Updated" date at the top of this page. Continued use of the Platform after changes constitutes acceptance of the revised Policy.
For licensing terms governing purchases, installation add-ons, and deployments, please review our Terms and Conditions.