Privacy and Security
What Sovereign stores, what OpenWebUI stores, how API keys work, and how to handle sensitive information.
This page explains the practical storage boundaries of Sovereign.
Direct API Requests
For direct API usage, Sovereign does not store conversation content as a reusable chat history by default.
Sovereign stores operational data needed to run the service, including:
- user account data;
- API key metadata;
- plan and subscription state;
- credit ledger entries;
- request records;
- usage accounting;
- queue and worker state;
- error and provider metadata needed for reliability.
OpenWebUI Conversations
OpenWebUI stores conversations in its own database so the chat interface can display history.
If you use Sovereign through OpenWebUI, your conversations are stored by OpenWebUI as part of the chat product experience.
Files
Uploaded files may be processed into text context for chat usage. Avoid uploading secrets or regulated data unless you are allowed to process that data through the platform.
API Keys
API keys should be treated like passwords.
Never put API keys in:
- public GitHub repositories;
- frontend JavaScript;
- Discord messages;
- screenshots;
- client logs;
- browser console snippets.
If a key is exposed, revoke it and create a new one.
Model Privacy Boundary
Sovereign routes requests to a managed reasoning model. The exact upstream model/provider may change. Do not assume the upstream inference layer is local to your device.
Security Contact
For security reports, contact: