Sourcebase Logo

Sourcebase

Privacy Policy

Effective Date: 2025-03-18

1. Introduction

Sourcebase, LLC (“Sourcebase,” “we,” “our,” or “us”) is committed to protecting your privacy and providing transparency about how we collect, use, and share personal information. This Privacy Policy explains how we handle personal information across our business-to-business (B2B) software-as-a-service (SaaS) platform, available at sourcebase.app, as well as any future mobile or API-based applications (collectively, the “Services”).

Our Services help companies discover which individuals and organizations are engaging with specific open-source technologies by analyzing publicly available data and enriching it with third-party sources. While our customers are primarily businesses, individual users may also sign up for accounts.

Sourcebase processes personal information about two types of individuals:

  • Customers and users, who create accounts and interact with the Sourcebase platform directly.
  • Non-customer individuals, primarily professionals who contribute to open-source technologies or participate in related technical communities. We collect and process public and licensed professional data about these individuals to provide insights to our paying customers.

Both types of data subjects are covered by this Privacy Policy, though the rights and data collection methods may differ depending on your relationship to Sourcebase.

This Privacy Policy also covers:

  • The types of personal information we collect (directly and indirectly)
  • How we use, share, and protect that information
  • Your rights and choices, including under GDPR and CCPA
  • Our use of cookies and tracking technologies
  • How to contact us about privacy questions

By accessing or using the Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Services.

2. Information We Collect

Summary:

To operate our Services effectively, Sourcebase collects information from users, automated systems, public sources, and third-party partners. This section outlines the types of information we collect and where it comes from.

2.1 Information You Provide

When you sign up for an account, interact with the platform, or contact us directly, you may provide us with:

  • Account Information: When you create an account, we ask for basic identifying details such as your name, email address, company/organization, and job title.
  • Social Login Data: If you choose to register or log in via Google, LinkedIn, or Microsoft single sign-on, we receive information from those providers (for example, your name, email address, and profile picture, as authorized by your privacy settings with the provider).
  • Profile Content: You may upload a profile photo or other content to the Service. For example, users can create custom collections of open-source technologies. Any such content you choose to provide (including images or descriptions) is stored in our system and associated with your account.
  • Billing Information: If you subscribe to a paid plan, we (or our payment processor acting on our behalf) collect billing details. This may include your payment method information (such as credit card number, security code, and expiration date) and billing address. Note: Sourcebase uses third-party payment processors (e.g., Stripe) to handle payment transactions. These processors are PCI-DSS compliant. We do not store your full credit card information on our servers; however, we maintain records of your transactions (e.g., subscription level, payment dates, and amounts) for accounting and customer support.
  • Communications: If you contact us (for example, via support email or chat), we will collect and keep a record of your contact information and the content of your communication. This may include any feedback you provide about the Service.
  • Marketing Preferences: If you opt in to receive updates, we may collect and store your subscription preferences. We may also track engagement with our emails (e.g., opens and clicks) to understand interest and improve messaging.
  • Event Participation: If you register for a demo, webinar, or meeting, we may collect registration details (e.g., name, company, submitted questions)
  • Integrations: We may receive data from third-party tools you connect to SourceBase (for example, customer relationship management systems or email services). We only access and process this information with your express authorization (for example, through an OAuth token or API key you provide when configuring the integration). However, this will only happen when you authorize it. The data we collect from these third-party tools may include business contact information, email addresses, or user data.

You agree that any personal data you upload or share through the Services has been collected lawfully and in compliance with all applicable data protection laws. You further represent that you have obtained all necessary consents and authorizations to upload such data, and that no data you upload or share infringes on the rights of any data subject.

You acknowledge that you are solely responsible for the legality, reliability, and appropriateness of all data you upload or share, and you will indemnify and hold us harmless for any claims arising from your violation of this provision.

2.2 Information Collected Automatically

We automatically collect information about how you interact with our platform. This includes

  • Technical Data, such as your IP address, browser type, device type, operating system, and unique device identifiers
  • Activity Data, such as pages or features you access, the time and date of visits, search queries, and clickstream data
  • Cookies, noting we may use cookies and similar tracking technologies (explained below) to collect some of this usage information

2.3 Information from Public Sources

We collect publicly available information relevant to technology adoption and open-source engagement. We conduct research on public websites, repositories, forums, and social media to identify individuals and organizations engaging with specific technologies. This data is largely business or professional, but that some of it can still be considered “personal” under certain laws.

This data may include:

  • Professional summaries, titles, and affiliations
  • Technical or community contributions
  • Public usernames, handles, or associated metadata
  • Other information made public through professional or technical platforms, including company and professional blogs

2.4 Information from Third-Party Partners

We obtain data from trusted third-party providers, such as licensed data providers and open data repositories, to enrich the professional and business profiles displayed in our Services. This may include:

  • Name, professional title, and company affiliation
  • Employment history and job tenure
  • Location (e.g., city, region, or country)
  • Public skills, summaries, or professional credentials
  • Profile URLs or social handles We do not collect sensitive personal details from these sources. If your information was obtained indirectly and you prefer it removed, you may exercise your rights as described in this Policy.

2.5 No Sensitive Personal Data

Sourcebase is focused on business and technical information, and we do not intentionally collect any sensitive personal data about individuals. This means we do not seek to collect data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric identifiers, health information, or sex life/sexual orientation details. We also do not collect government-issued identifiers or financial account information apart from basic billing details required for purchases. In the event you provide us with any sensitive information (for example, if you upload a photo or resume containing such details), we will treat it with heightened security and will only process it for the limited purpose for which you provided it, or we will delete it.

3. How We Use Information

Summary:

We use personal data to operate and improve the Service, process transactions, enable collaboration, support user personalization, and maintain security. We also use it to communicate with you and comply with legal obligations.

Sourcebase does not sell personal information provided to us by our users (such as account details, login credentials, or billing information).

3.1 Information You Provide and Information Collected Automatically

3.1.a Providing and Maintaining the Service

We use personal data to create and manage accounts, authenticate users, and provide requested features.

  • Set up and manage accounts using your name, email, organization, and job title
  • Log you in using your credentials or social login provider
  • Display your name, profile, or uploaded content within your organization’s tenant
  • Associate saved settings and custom collections with your account
  • Enable key features of the platform, including tracking open-source engagement

Legal basis (GDPR): Performance of contract

3.1.b Service Functionality and Interaction

As a multi-tenant B2B application, Sourcebase supports intra-organizational collaboration. Your account data may be visible to other users within your company’s workspace.

  • Display your name and contributions to coworkers
  • Share collections or insights created by you with others in your tenant
  • Power key features that rely on public or enriched data (e.g., showing open-source usage trends)

Legal basis (GDPR): Performance of contract; Legitimate interest

3.1.c Improvement and Development

We analyze usage data to understand how people use Sourcebase and where improvements can be made.

  • Monitor which features are used or underused to guide product design
  • Troubleshoot issues and improve stability and performance
  • Analyze aggregated trends across users to shape product roadmap
  • Conduct internal research and testing (often using pseudonymized or aggregated data)

Legal basis (GDPR): Legitimate interest (product development and quality improvement)

3.1.d Personalization

We use certain data to tailor the experience to your preferences and context.

  • Remember settings like UI preferences or saved searches
  • Recommend relevant content based on your company’s technology interests or activity
  • Customize onboarding or help content based on usage patterns

Legal basis (GDPR): Legitimate interest (enhancing user experience)

3.1.e Communication

We use contact information to send necessary communications and, where permitted, marketing content.

  • Send transactional messages like password resets, account confirmations, billing updates, and service alerts
  • Respond to support requests and product feedback
  • Notify you about changes to terms or privacy policies
  • Send marketing emails if you opt in, and let you unsubscribe at any time

Legal basis (GDPR):

  • Performance of contract (for service-related messages)
  • Legitimate interest or consent (for marketing)

3.1.f Billing and Account Management

For paid plans, we use billing-related information to process payments and manage account status.

  • Charge subscription fees through our third-party payment processor
  • Send invoices, renewal notices, or payment reminders
  • Issue refunds or adjust billing as needed

Legal basis (GDPR): Performance of contract; Legal obligation

3.1.g Safety and Security

We monitor activity and use technical data to detect misuse, protect the platform, and enforce our Terms.

  • Detect and investigate suspicious activity
  • Protect against fraud or abuse
  • Prevent unauthorized access and maintain service integrity

Legal basis (GDPR): Legitimate interest (platform and data security)

3.1.h Legal Compliance

We may process or retain personal information as required to comply with legal, regulatory, or contractual obligations.

  • Maintain records for accounting, tax, or audit purposes
  • Respond to valid legal requests or investigations
  • Enforce our agreements or defend against legal claims

Legal basis (GDPR): Legal obligation

3.1.i De-identified and Aggregated Data

We may transform personal data into a de-identified or aggregated format that no longer identifies an individual. We may use this data to:

  • Measure overall trends and engagement across users or technologies
  • Produce analytics dashboards or internal usage benchmarks
  • Train machine learning models or power predictive features

De-identified data is not considered personal information and cannot be linked back to any individual.

Legal basis (GDPR): Legitimate interest (analytics, innovation, and research)

3.2 How We Use Information from Public and Third-Party Sources

Summary: In addition to the information our customers provide directly, Sourcebase processes publicly available and licensed professional data to help companies understand who is engaging with specific technologies.

We use this professional information to create and deliver insights to our customers, including:

  • Identifying individuals and organizations engaging with specific technologies
  • Matching and displaying relevant professional details alongside technographic signals
  • Enriching technology-related data with organizational context (e.g., company affiliation, location, skill set)

We do not use your personal data in a way that produces legal or significant effects on you without human review (no solely-automated decisions that would impact your rights).

Legal basis (GDPR): Legitimate interest (delivering commercial insights based on publicly available and licensed professional data)

4. Your Rights and Choices

Summary:

Whether you are a Sourcebase customer or an individual whose professional data appears in our platform, you may have rights under global privacy laws such as the General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA/CPRA). This section outlines your rights and how to exercise them.

4.1 Rights for Data Subjects Who Are Customers of the Services

This section applies if you are a registered user or paying customer of SourceBase and we collect personal information from you in the context of providing the Services.

4.1.1 For Individuals in the EEA, UK, or Switzerland (GDPR and UK GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, you have the following rights under applicable data protection laws:

  • Right of Access: Request a copy of the personal data we process about you.
  • Right to Rectification: Ask us to correct inaccurate or incomplete data.
  • Right to Erasure (“Right to Be Forgotten”): Request deletion of your personal data in certain circumstances, such as when it’s no longer necessary or if you withdraw consent.
  • Right to Restriction of Processing: Request limited use of your data while an issue is being resolved (e.g., contesting accuracy).
  • Right to Data Portability: Receive a copy of your data in a portable format and request its transfer to another service.
  • Right to Object: Object to our processing where based on legitimate interests, including profiling.
  • Right to Withdraw Consent: Withdraw previously given consent at any time.
  • Right to Lodge a Complaint: File a complaint with your local supervisory authority.

4.1.2 For Residents of the United States (CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA)

If you are a resident of California, Virginia, Colorado, Connecticut, or Utah, you may have the following rights, subject to certain limitations:

  • Right to Access (Right to Know): Request a copy of the personal data we have collected about you.
  • Right to Correct: Ask us to correct inaccurate personal information.
  • Right to Delete: Request deletion of personal information we hold about you.
  • Right to Data Portability: Obtain a copy of your personal data in a format suitable for transfer (available in CA, CO, CT, VA).
  • Right to Opt Out of Targeted Advertising: Opt out of data sharing that may be used for cross-site or cross-app behavioral advertising.
  • Right to Opt Out of Sale or Sharing: Direct us not to “sell” or “share” your personal information (as defined in California law and similarly under other state laws). To be explicit, while you have this right, SourceBase does not sell the information you provide to us.
  • Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights.

Authorized Agents: You may designate an agent to act on your behalf. We may require identity verification and written authorization.

Appeals: If we deny your request, residents of Virginia, Colorado, and Connecticut have the right to appeal our decision. Instructions will be provided with any denial.

4.2 Rights for Data Subjects Who Are Not Customers of the Services

This section applies if your professional information appears in Sourcebase’s Services (for example, through public profiles or licensed third-party data) and you are not a registered user or paying customer of SourceBase.

We process this type of information under our legitimate interest in helping businesses understand engagement with and usage of specific technologies, but you still have rights under applicable privacy laws depending on your location.

4.2.1 Individuals in the EEA, UK, and Switzerland (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights regarding the personal data we process about you:

  • Right of Access – You can request confirmation of whether we process your personal data and receive a copy of it.
  • Right to Rectification – You can ask us to correct inaccurate or incomplete data.
  • Right to Erasure – You can request deletion of your data in certain circumstances (e.g., if we no longer need it or you object and there are no overriding grounds).
  • Right to Restriction of Processing – You can ask us to temporarily stop using your data while we verify accuracy or assess an objection.
  • Right to Object – You can object to our use of your personal data when based on our legitimate interests, including profiling.
  • Right to Lodge a Complaint – You may complain to your local data protection authority.

We will assess each request and comply as required under GDPR or UK GDPR. In most cases, we can remove your data upon request.

4.2.2 Residents of California (CCPA / CPRA)

If you reside in California, and your professional information appears in our platform, you have the following rights under the California Consumer Privacy Act (as amended by the CPRA):

  • Right to Know – You may request to know what personal information we have collected about you and how it is used or disclosed.
  • Right to Delete – You may request that we delete your personal information, subject to certain exceptions.
  • Right to Correct – You may request that we correct inaccurate information we maintain about you.
  • Right to Opt Out of Sale or Sharing – You may request that we do not “sell” or “share” your personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination – You will not be discriminated against for exercising your rights.

You do not need to be a customer to exercise these rights. Please visit our [Privacy Rights Request form / contact email] to submit a request.

4.2.3 Residents of Virginia (VCDPA)

If you reside in Virginia, you have the following rights under the Virginia Consumer Data Protection Act:

  • Right to Access – Obtain a copy of the personal data we process about you.
  • Right to Correct – Ask us to correct inaccuracies in your data.
  • Right to Delete – Request deletion of your personal data.
  • Right to Opt Out of Targeted Advertising or Profiling – You may ask us not to use your data for targeted advertising or automated profiling in furtherance of decisions that produce legal or similarly significant effects.
  • Right to Data Portability – Request a copy of your personal data in a portable format.
  • Right to Appeal – If we deny your request, you have the right to appeal that decision.

4.2.4 Residents of Colorado (CPA)

If you reside in Colorado, your rights under the Colorado Privacy Act include:

  • Right to Access – Request a copy of your personal data.
  • Right to Correct – Ask us to correct inaccuracies.
  • Right to Delete – Request deletion of your personal data.
  • Right to Opt Out of Targeted Advertising, Sale, or Profiling – You can opt out of your data being used for these purposes.
  • Right to Data Portability – Receive a portable copy of your personal data.
  • Right to Appeal – You may appeal if we deny your request.

4.2.5 Residents of Connecticut (CTDPA)

If you reside in Connecticut, your rights under the Connecticut Data Privacy Act include:

  • Right to Access – Obtain confirmation of whether we process your personal data and access that data.
  • Right to Correct – Request that we correct inaccurate personal data.
  • Right to Delete – Ask that we delete your personal data.
  • Right to Data Portability – Obtain your data in a portable and usable format.
  • Right to Opt Out – You may opt out of the sale of personal data, targeted advertising, and profiling in furtherance of significant decisions.
  • Right to Appeal – You may appeal our denial of a request.

4.2.6 Residents of Utah (UCPA)

If you are a Utah resident, you have the following rights under the Utah Consumer Privacy Act:

  • Right to Access – Request what personal data we collect and how it is used.
  • Right to Delete – Request deletion of personal data you believe we should no longer retain.
  • Right to Data Portability – Obtain a copy of your data in a portable format.
  • Right to Opt Out of Sale or Targeted Advertising – You may ask that your data not be sold or used for cross-site advertising.

4.3 How to Exercise Your Rights

If you wish to exercise any of the rights above, please contact us at privacy@sourcebase.app or fill out our privacy center form here. This privacy center form also includes a way to submit a “Do Not Sell or Share My Personal Information” request. To help us locate your data, please include sufficient information such as:

  • Your name
  • Your current or past employer
  • A link to a public profile (e.g., GitHub or LinkedIn)
  • Any email addresses you believe may be associated with your profile

To help protect your privacy, we will take reasonable steps to verify your identity before fulfilling a request. Depending on the nature of your request and the sensitivity of the data involved, we may ask you to provide additional information.

We also honor recognized global privacy signals. For instance, if your browser is set with a Global Privacy Control (GPC) signal, our site will treat that as a valid opt-out of sale/sharing for that browser and associated user.

We will respond within the timeframes required by law:

  • Within 30 days under GDPR/UK GDPR (with possible extensions)
  • Within 45 days under CCPA (with a possible 45-day extension)

You do not need to create an account to exercise your rights.

5. Cookies and Tracking Technologies

Summary:

Sourcebase uses cookies and similar technologies to help operate our Services, understand user behavior, and improve the user experience. Some of these technologies are essential to the functioning of the platform, while others support analytics, personalization, and customer support.

5.1 What We Use

We use the following types of tracking technologies on our platform and marketing website:

  • Essential Cookies: Required for core site functionality, such as logging in, maintaining your session, and securing your account.
  • Functional Cookies: Remember user preferences (e.g., interface settings, saved searches) and enhance your experience.
  • Analytics Cookies: Help us understand how users interact with the platform, including which pages or features are most used. We may use tools like Google Analytics or other third-party providers to track performance and usage patterns.
  • Customer Support Tools: We may use session replay or chat widgets (e.g., Intercom, HubSpot, or similar) to assist with troubleshooting, understand user interactions, or provide live support.
  • Marketing and Attribution Tags: On our public website, we may use pixels, UTM parameters, or referrer tracking to understand how users discover our Service and which campaigns are effective.

Some tracking technologies remain active only during your session (“session cookies”), while others persist across visits (“persistent cookies”).

5.2 Your Choices

You have several options to manage cookies and similar technologies:

  • Browser Controls: Most browsers let you block or delete cookies through your settings. Note that disabling certain cookies may affect platform functionality.
  • Do Not Track: Some browsers offer “Do Not Track” signals. Our platform does not currently respond to these signals, but you may use cookie preferences or browser controls instead.

5.3 Third-Party Services

We may allow third-party service providers to place cookies or similar technologies on your device to support services such as analytics, session recording, or customer engagement. These third parties may collect usage data in accordance with their own privacy policies.

We do not allow third parties to use cookies for targeted advertising on our platform.

6. Data Retention and Deletion

Summary:

We retain personal data only for as long as it is needed to fulfill the purposes described in this Privacy Policy, including to comply with legal, regulatory, or contractual obligations. When personal data is no longer necessary, we delete or de-identify it in accordance with our internal data retention policies.

6.1 How Long We Keep Personal Data

We retain different categories of data for different durations, depending on how and why the information was collected:

  • Customer Account Information: We retain user account data (e.g., name, email, company, profile content) for as long as your account remains active. If you delete your account or request deletion, we will remove your data unless we are required to retain it for legal, regulatory, or dispute resolution purposes.
  • Billing and Transaction Records: We retain subscription and payment records for the period required by applicable tax, accounting, and audit laws (generally 7 years or as otherwise required).
  • Support and Communications: Customer support records, emails, and internal correspondence are retained as long as needed for service improvement, legal protection, or dispute resolution.
  • Usage Data and Logs: Technical logs and analytics data are retained for a limited time to support security, debugging, and platform optimization—typically for up to 12–24 months, unless legally required to retain it longer.
  • Professional Profile Data (Non-Customer Subjects): We retain publicly available and third-party licensed professional information for as long as it remains relevant to our Services and permissible under applicable agreements. Individuals may request removal of their profile from SourceBase at any time.
  • Aggregated and De-identified Data: We may retain de-identified or aggregated data indefinitely, as it no longer constitutes personal information.

6.2 Requesting Deletion

If you wish to delete your personal data:

  • Customers and registered users can contact us at privacy@sourcebase.app to request account deletion or data erasure.
  • Non-customers whose professional information appears in Sourcebase may also contact us to request removal from our platform (see Section 4.4).

We will verify your identity before processing the request and may retain limited data as necessary for compliance with legal obligations, fraud prevention, or platform integrity.

7. International Data Transfers

Summary:

Sourcebase is headquartered in the United States, and our systems and service providers may store or process personal data in the U.S. or other countries. If you are located outside the United States, your personal data may be transferred to jurisdictions that may not offer the same level of data protection as your home country.

7.1 Transfers from the EEA, UK, and Switzerland

When we transfer personal data from the European Economic Area (EEA), the United Kingdom (UK), or Switzerland to countries outside those regions (including the United States), we rely on lawful transfer mechanisms recognized under applicable data protection laws.

These safeguards may include:

  • Standard Contractual Clauses (SCCs): We use the European Commission-approved SCCs (and UK Addendum, where applicable) in our agreements with service providers and partners who receive personal data from these jurisdictions.
  • Supplementary Measures: Where appropriate, we implement additional safeguards such as data minimization, encryption, and access controls to further protect international data transfers.
  • Service Provider Commitments: We ensure that our third-party subprocessors are contractually obligated to handle transferred data in compliance with applicable privacy standards.

7.2 Transfers Outside the EU/UK

If you access our Services from outside the U.S., please note that your information may be transferred to, stored in, and processed in the United States. By using the Services, you acknowledge that your data may be transferred to and processed in the U.S. and other jurisdictions as necessary to provide the Service.

8. Third-Party Service Providers and Subprocessors

Summary:

We work with trusted third-party service providers ("subprocessors") who help us deliver, secure, and support the SourceBase platform. These subprocessors may process personal data on our behalf, but only under our instructions and with appropriate contractual safeguards.

We do not share or disclose personal information to third parties for their own independent marketing or advertising purposes.

8.1 Categories of Subprocessors

We engage third-party subprocessors to perform functions such as:

  • Cloud infrastructure and hosting (e.g., AWS, GCP, or similar)
  • Authentication and identity services (e.g., Clerk, Google, Microsoft, LinkedIn SSO)
  • Payment processing (e.g., Stripe)
  • Analytics and diagnostics (e.g., Google Analytics, PostHog, or equivalent)
  • Customer support and CRM (e.g., Intercom, HubSpot)
  • Email delivery (e.g., SendGrid, Mailgun, or similar)
  • Database services (e.g., AWS, ClickHouse, Supabase, or similar)
  • Logging, monitoring, and performance tracking
  • Document storage and internal productivity tools (used in support operations)

Each of these subprocessors is contractually bound to process data only as instructed, to implement reasonable security controls, and (where applicable) to support international transfer mechanisms such as Standard Contractual Clauses (SCCs).

8.2 Due Diligence and Oversight

We conduct due diligence before onboarding any subprocessor, including:

  • Reviewing their data protection policies
  • Assessing compliance with relevant privacy laws
  • Assessing their technical and organizational security measures

We also maintain a process for regularly reviewing the performance and security posture of key subprocessors.

9. Security Measures

Summary:

Sourcebase takes the security of your data seriously. We implement administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, loss, misuse, disclosure, or destruction.

9.1 Security Practices

We use a range of best practices to protect data, including:

  • Data encryption in transit and at rest
  • Access controls and authentication for systems and user accounts
  • Audit logging and system monitoring to detect and respond to suspicious activity
  • Regular software updates and vulnerability patching

9.2 Organizational Measures

In addition to technical controls, we have internal policies and procedures in place to:

  • Limit access to personal data to employees and contractors on a need-to-know basis
  • Review and update our security practices on a regular basis

9.3 No Guarantee

While we work hard to protect your information, no system is completely secure. We cannot guarantee that unauthorized access, data loss, or a breach will never occur. In the event of a data breach affecting personal information, we will notify affected individuals and regulators as required by law.

10. Children’s Data

Summary:

Sourcebase is a business-to-business platform intended for use by adults. We do not knowingly collect or process personal information from anyone under the age of 18.

10.1 Intended Audience

The Sourcebase platform is designed for use by professionals, businesses, and organizations. By using the Service, you represent that you are at least 18 years old or the legal age of majority in your jurisdiction.

We do not market to or knowingly collect personal data from children under 18. If we learn that we have inadvertently collected personal information from a minor, we will delete it promptly.

10.2 Contact for Concerns

If you believe a child under 18 has provided us with personal information, please contact us at privacy@sourcebase.app, and we will take appropriate action.

11. Changes to This Privacy Policy and Contact Information

Summary:

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or product functionality. We encourage you to review it periodically to stay informed about how we handle personal data.

11.1 Policy Updates

We may revise this Privacy Policy from time to time. If we make material changes, we will provide notice through one or more of the following:

  • An update posted within the SourceBase application
  • A notice on our website
  • An email to registered users (where appropriate)

Your continued use of the Services after the effective date of any update constitutes your acceptance of the revised policy.

11.2 Contact Us

If you have questions about this Privacy Policy, your personal data, or your rights, you can reach us at:

📧 Email: privacy@sourcebase.app

📬 Mailing Address:

Sourcebase, LLC

Poughkeepsie, New York, USA

We aim to respond to all inquiries within a reasonable timeframe and in accordance with applicable privacy laws.

12. Miscellaneous

12.1 Severability

If any part of this Privacy Policy is found to be invalid, unlawful, or unenforceable under applicable law, the remaining provisions will remain in full force and effect.

12.2 International Users

Sourcebase is headquartered in the United States, and our Services are governed by U.S. law. If you access the platform from outside the United States, you acknowledge that your personal data may be transferred to, stored in, and processed in the U.S. or other jurisdictions where our systems or subprocessors are located.

Depending on your location, you may have additional rights under your local privacy laws.

12.3 Transfers of Business

If Sourcebase is involved in a merger, acquisition, sale of assets, or other business transfer, your personal data may be transferred as part of that transaction. We will take reasonable steps to ensure the new entity honors this Privacy Policy or provides notice of any material changes.

12.4 Conflicts with Other Terms

If there is a conflict between this Privacy Policy and our Terms of Service or another agreement between you and SourceBase, the terms of that agreement will control to the extent allowed by law.