Privacy Policy

Last updated: 13 January 2026

Jane Korneyko trading as Sova ("Sova", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

We comply with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

1. Information We Collect

1.1 Information You Provide

• Account information - email address, name, and password when you create an account
• Assessment responses - your answers to business health check questions
• Chatbot conversations - messages exchanged with our AI assistant
• Payment information - processed securely by Stripe (we do not store card details)
• Contact information - when you reach out via email or feedback forms

1.2 Information Automatically Collected

• Usage analytics - page views, feature usage, and conversion events via PostHog (privacy-focused analytics)
• Session data - login timestamps, device type, and browser information
• localStorage - temporary preferences during your visit (cleared when you log out)

1.3 Third-Party Services

We use the following services to operate Sova:

• Supabase - authentication and database hosting (Sydney, Australia). See Supabase Privacy Policy.
• Stripe - payment processing (Australian entity). See Stripe Privacy Policy.
• PostHog - privacy-focused product analytics. See PostHog Privacy Policy.
• Anthropic Claude - AI chatbot conversations (US-based). See Anthropic Privacy Policy.
• Resend - marketing emails (you can unsubscribe anytime). See Resend Privacy Policy.
• Google Fonts - typography. See Google Privacy Policy.

We do not sell your data. We do not use advertising technologies. Your data is stored in Australia where possible.

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain your account and assessment history
• Save your progress so you can return to incomplete assessments
• Generate your personalised health check reports
• Process payments and manage subscriptions
• Provide AI-powered chatbot assistance
• Send transactional emails (password resets, receipts)
• Send marketing communications (with your consent)
• Analyse usage to improve our services
• Respond to your enquiries and provide support
• Comply with legal obligations

3. How We Store and Protect Your Information

• Database storage - Your account data and assessment history are stored in Supabase (Sydney, Australia) with encryption at rest.
• Payment data - Processed and stored by Stripe. We never see or store your full card number.
• AI conversations - Chatbot messages are processed by Anthropic (US). Conversations are stored in our database for your history.
• Security measures - We use HTTPS encryption, secure authentication (including optional two-factor authentication), and row-level security policies.

4. Data Retention

• Active accounts - Data retained while your account is active
• After cancellation - Data retained for 12 months, then permanently deleted
• Payment records - Retained as required by Australian tax law (typically 7 years)
• Account deletion - You can request complete deletion of your account and data at any time

5. Your Rights Under Australian Privacy Law

Under the Australian Privacy Act 1988, you have the right to:

• Access - Request access to the personal information we hold about you
• Correction - Request correction of inaccurate or incomplete information
• Deletion - Request deletion of your personal information (subject to legal obligations)
• Complaint - Lodge a complaint about how we handle your personal information

To exercise these rights, contact us at: jane.korneyko@gmail.com

6. Disclosure of Information

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• With your consent - When you explicitly authorise us to share information
• Legal requirements - When required by Australian law or in response to valid legal processes
• Service providers - With trusted third-party service providers who assist in operating our website (e.g., hosting providers), under strict confidentiality agreements

7. International Data Transfers

Your core data (account, assessments, chat history) is stored in Australia via Supabase Sydney. Some services necessarily operate internationally:

• Anthropic Claude (AI) - US-based, used for chatbot conversations
• OpenAI (embeddings) - US-based, used for semantic search
• Stripe - Global infrastructure with Australian entity
• PostHog - EU/US infrastructure, privacy-focused

All international providers comply with equivalent data protection standards.

8. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page with an updated "Last updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

• Email: jane.korneyko@gmail.com
• Entity: Jane Korneyko trading as Sova
• ABN: [Your ABN if registered as sole trader]
• Jurisdiction: Victoria, Australia

11. Complaints

If you have a complaint about how we handle your personal information, please contact us first. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992