1love.works · Data Sovereignty
This is not a privacy policy in the conventional sense. It is a statement of architecture. On this platform, data sovereignty is not a promise we make — it is the design. You own your node. You own your data. The network reads from nodes it never holds.
I · The principle
Conventional platforms treat personal data as a resource they extract, store, and monetise. The user is the product. The privacy policy is the contract by which the platform justifies that extraction. We reject this model — not as a legal strategy, but because it contradicts what 1love.works is.
A PNC holder is a founding node in the measurement network of the European sovereign platform. A node is not a user record in a database. It is a sovereign participant — owning its own code, its own fraction of the platform, its own data. The network is the aggregate of nodes. The platform reads from nodes. It does not own them.
"Data sovereignty is not a privacy feature. It is the legal-physical expression of what a node is: a sovereign unit of measurement, owned by the person who holds it, anchored to no authority but the mathematics of the network."
This is the direction of the architecture. Some of it is already live. Some of it — full on-chain anchoring of node identity, decentralised storage, wallet-based authentication — is being built. This document is honest about both.
II · What lives where
Here is a precise account of every data point this platform touches, where it lives, and who can access it.
| Data | Where it lives | Who can access it | Why |
|---|---|---|---|
| Node declaration (name, role, jurisdiction, bio, link) |
Your device | You only. Never transmitted. | localStorage — the registry lives in your browser. No server ever receives it. |
| Manifest interest form (email, country, region, city, interests) |
Research server | Avv. Dr. Gian Marco Solas · Supabase (processor) | Empirical research map. Submitted voluntarily and explicitly. Used only to identify territories for codification priority. Never sold, never profiled, never shared. |
| Payment data (card, billing address) |
Stripe | Stripe only. We never see card data. | Payment processing. Stripe is GDPR-compliant and acts as an independent data controller for payment data under their own privacy policy. |
| PNC certificate (node ID, wallet address) |
On-chain (coming) | Public — by design. | The PNC is a public proof of participation in the measurement network. Its on-chain record is readable by the network. The identity behind the address is yours to disclose or not. |
III · The manifest interest form
When you submit the manifest interest form, your email address, country, region, city, and interest areas are transmitted to a research database hosted by Supabase (EU region). This is the only point in the platform where personal data leaves your device.
The legal basis is your explicit consent, given by submitting the form after reading this document. The purpose is singular: to build an empirical map of territories where codification is needed. The data is not used for marketing, profiling, advertising, or any purpose beyond that map.
Supabase acts as a data processor under a Data Processing Agreement. Data is stored in the EU. Supabase does not process your data for its own purposes.
You may request deletion of your submitted data at any time by emailing gmsolas@sustainab-law.eu with the subject line "Data deletion request". Your record will be deleted within 30 days.
IV · What we will never do
V · The Web3 architecture — where we are going
The current architecture is a transitional state. The direction is fully decentralised node identity: each PNC holder authenticates via a cryptographic wallet, their certificate is anchored on-chain, and their node data is stored on infrastructure they control — not on any server operated by or on behalf of 1love.works.
In this architecture, GDPR compliance is not a policy question — it is a mathematical fact. Data that never reaches a controller cannot be processed by one. The network reads the aggregate of node measurements. It holds no individual records. The phenography© protocol defines what is measured. The nodes decide what they declare.
This document will be updated as each layer of this architecture is implemented. The transition from centralised to decentralised storage will be communicated to all registered participants before it occurs.
"A legal system that measures entropy must itself be low-entropy. That means no unnecessary data, no unnecessary intermediaries, no unnecessary authority. The platform is the instrument. The nodes are the sovereigns."
VI · Your rights
Under GDPR (Regulation EU 2016/679), you have the following rights with respect to any personal data processed by this platform:
Beyond GDPR: the architecture of this platform is designed so that most of your data never reaches a controller at all. The node registry lives on your device. Your PNC is yours. These are not privacy promises — they are architectural facts.
To exercise any right, or for any question about data processing on this platform:
Avv. Dr. Gian Marco Solas
Data controller · 1love.works
gmsolas@sustainab-law.eu
Subject line: "Data request — [your name]"
Response within 30 days. Deletion within 30 days of request.