Skip to content
CrownWatch
Notice

Privacy Policy

Last updated: March 29, 2026

§ 1. Data Controller

CrownWatch.org is administered by OptiMystic Holdings Corp., on behalf of Soteria Covenant, a private trust. For privacy inquiries, contact [email protected].

§ 2. Data We Collect

Sworn Declarations

Your legal name, email, digital signature, and report content. This data is public by design — sworn declarations carry legal weight and are attributed to the declarant.

Anonymous Reports

Report content only. No identifying information is collected or stored. Anonymous reports carry 25% trust weight.

Browsing Data

We use self-hosted analytics (Panoptikon) to track page views. No cookies are set. Your IP address is anonymized. We do not use Google Analytics or any third-party tracking.

Payment Data

Filing donations ($5) and general donations are processed through Invoice Ninja (card/bank) or BTCPay (Bitcoin). We do not store card numbers or bank details.

§ 3. How We Use Your Data

  • Sworn declarations are published publicly with your name and signature.
  • Anonymous reports are published without any identifying information.
  • Email addresses are used only to send filing receipts and report status updates.
  • Contact form submissions are used to respond to your inquiry.

§ 4. Storage & Security

  • All data is stored on LUKS-encrypted RAID 1 storage.
  • Database: PostgreSQL 17 with SSL/TLS connections.
  • Hash-chain ledgers are append-only NDJSON files on encrypted storage.
  • All connections use TLS 1.3 via Cloudflare tunnels.
  • No data is stored in or transmitted to cloud services (AWS, GCP, Azure).

§ 5. Data Retention

  • Report hashes and ledger entries are permanent and cannot be deleted (by design).
  • Server logs are retained for 90 days, then deleted.
  • Contact form data is retained for 1 year.

§ 6. Your Rights

Under PIPEDA (Canada), GDPR (EU), and CCPA (California), you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of personal data (where technically possible — cryptographic hashes cannot be deleted)
  • Object to processing
  • Data portability

Note: Sworn declarations are public records made under oath. The declarant's name and content cannot be retroactively anonymized, as this would undermine the evidentiary integrity of the filing.

§ 7. Third-Party Disclosure

We do not sell, trade, or rent your personal data. We may disclose data only in response to a valid court order from a court of competent jurisdiction (not an administrative tribunal or regulatory body).