Plain language summary
A quick overview. Please read the full policy below for complete details.
What we collect
- Account info (name, email) and profile details
- Payment info (handled by secure processors like Stripe)
- How you use Source (searches, transactions, connections)
- Device info (browser, IP address for security)
How we use it
- To connect you with other users and process transactions
- To improve Source and keep it secure
- To comply with laws and enforce our Terms
- For marketing (only with your consent, you can opt out)
Who we share with
- Other users (your public profile when you connect)
- Payment processors, hosting providers, and security services
- Law enforcement (when legally required)
- Institutions and rights holders (for copyright or policy violations)
- We NEVER sell your data
Your rights
- Access, correct, or delete your data
- Object to certain processing
- Withdraw consent anytime
- Complain to data protection authorities
Questions? Contact privacy@bemysource.com.
01Introduction
Be My Source ("we," "us," "our," or "Source") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use the Source platform ("Platform").
This Privacy Policy applies to all users of Source, regardless of location. We comply with:
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
- EU General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA)
- California Consumer Privacy Act (CCPA) for California residents
- Other applicable data protection laws based on your location
Data Controller
Be My Source. Email: privacy@bemysource.com.
For EEA / UK users
If you are located in the EEA or UK, you have the right to lodge a complaint with your local supervisory authority:
- UK: Information Commissioner's Office (ICO), ico.org.uk, helpline 0303 123 1113
- EU: Find your national data protection authority at edpb.europa.eu
02Information we collect
We collect only the information necessary to provide and improve our services, ensure security, and comply with legal obligations.
2.1 Information you provide directly
Account information:
- Full name, email address, username and password
- Profile information (bio, location, profile picture, areas of expertise)
- Payment and bank account information (processed through secure processors)
- Institutional affiliations and access credentials
- Government-issued ID (if required for verification)
2.2 Information we collect automatically
- Usage data, device and technical information
- Security and fraud detection data
- Cookies and similar technologies
- Location data (approximate from IP address)
2.3 Information from third parties
- Payment processors (Stripe)
- Identity verification services (Stripe Identity)
- Analytics and advertising services
03How we use your information
3.1 Contract performance
To provide Platform services including account management, service delivery, transaction processing, communication facilitation, and customer support.
3.2 Legal obligations
To comply with legal requirements including legal process compliance, terms enforcement, fraud prevention, copyright enforcement, and regulatory compliance.
3.3 Legitimate interests
For platform improvement, research and development, marketing, security and fraud prevention, and business operations.
3.4 Consent
Marketing communications, non-essential cookies, optional features, and research participation. You can withdraw consent at any time.
04How we share your information
We do not sell your personal data. We share information only in the following circumstances:
4.1 With other users
Your public profile information is visible to other users. Your email and payment information are never shared.
4.2 Service providers
- Stripe: payment processing, fraud prevention, identity verification
- Microsoft Azure: cloud hosting and infrastructure (UK / EU regions)
- Mailjet: email communications (EU-based)
- Google Analytics: platform usage analysis
4.3 Legal requirements
We may disclose information when required by law, for copyright enforcement, institutional cooperation, or in emergency situations.
05International data transfers
Source is based in the United Kingdom. Your data may be transferred to UK, EU, and US locations with appropriate safeguards including Standard Contractual Clauses (SCCs).
- UK / EU: Core platform data stored in Microsoft Azure UK / EU regions
- US: Payment processing (Stripe) with SCCs and supplementary measures
06Data retention
We retain personal data only as long as necessary:
- Active account data: while active plus 90 days after last activity
- Closed account data: 7 years (legal, tax, fraud prevention)
- Transaction records: 7 years (financial regulations)
- Copyright infringement records: 10 years
- Marketing data: until consent withdrawn or 2 years of inactivity
07Your rights under GDPR
If you are located in the UK or EEA, you have the following rights:
- Right of Access (Article 15) · request a copy of your personal data
- Right to Rectification (Article 16) · request correction of inaccurate or incomplete data
- Right to Erasure (Article 17) · request deletion of your personal data in certain circumstances
- Right to Restriction (Article 18) · request limitation of how we use your data
- Right to Data Portability (Article 20) · receive your data in a machine-readable format
- Right to Object (Article 21) · object to processing based on legitimate interests or direct marketing
- Right to Withdraw Consent (Article 7(3)) · withdraw consent at any time for consent-based processing
- Right to Lodge a Complaint · complain to the ICO (UK) or your national data protection authority (EU)
To exercise your rights, email privacy@bemysource.com with your request. We respond within one month.
08Cookies and tracking technologies
We use cookies to enhance your experience, maintain security, and analyze usage.
Types of cookies
- Essential cookies: necessary for Platform function (session_id, auth_token, security_flags)
- Functional cookies: remember preferences (language_pref, ui_theme), requires consent
- Analytics cookies: Google Analytics (_ga, _gid), requires consent
- Marketing cookies: ad targeting and conversion tracking, requires consent
Managing cookies: use browser settings or our Cookie Preference Center in the footer. You can opt out of Google Analytics at tools.google.com/dlpage/gaoptout.
09Data security
We implement comprehensive security measures:
Technical measures
- Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
- Access controls: RBAC, MFA for employees, principle of least privilege
- Network security: firewalls, IDS/IPS, DDoS protection
- Application security: OWASP guidelines, input validation, CSRF / XSS protection
- Monitoring: 24/7 security monitoring, centralized logging, anomaly detection
Organizational measures
- Employee security training and background checks
- Incident response plan and 24/7 response team
- Regular security audits and compliance reviews
While we implement strong security, no system is 100% secure. You acknowledge that internet transmission carries inherent risks.
10Children's privacy
Source is not intended for children under 18. We do not knowingly collect personal data from children. If we discover child data, we will delete it immediately and notify the parent or guardian.
11California Consumer Privacy Act (CCPA) rights
If you are a California resident, you have additional rights:
- Right to know: request categories and specific pieces of personal information we collect
- Right to delete: request deletion of your personal information (subject to exceptions)
- Right to opt out: we do NOT sell personal information
- Right to non-discrimination: we won't discriminate for exercising CCPA rights
To exercise CCPA rights, email privacy@bemysource.com with "CCPA Request" in the subject. We respond within 45 days.
12Changes to this privacy policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. For material changes, we notify you via email at least 30 days before changes take effect.
Your options: continue using (constitutes acceptance), opt out of specific processing, or delete your account if you disagree with material changes.
13Contact us and exercise your rights
We're committed to addressing your privacy concerns promptly.
Privacy team
Email: privacy@bemysource.com. Response: within 2 business days (acknowledgment), within 1 month (full response).
Security issues
Email: security@bemysource.com. Response: within 24 hours for critical issues.
Marketing opt-out
Email: marketing@bemysource.com. Or click "unsubscribe" in any marketing email, processed immediately.
Quick reference card
| I want to | Contact | Method |
|---|
| View my data | privacy@bemysource.com | Email "Data Access Request" |
| Correct my data | Account Settings | Self-service or email |
| Delete my account | Account Settings | Delete Account function |
| Stop marketing emails | Unsubscribe link | Click link in emails |
| Report security issue | security@bemysource.com | Email immediately |
| File complaint | ico.org.uk (UK) | Online form |
14Acknowledgment and agreement
By using Source, you acknowledge that:
- You have read and understood this Privacy Policy in its entirety
- You understand how we collect, use, and share your personal data
- You understand your rights under applicable data protection laws
- You consent to our data collection as described (where consent is the legal basis)
- You can withdraw consent, object to processing, or exercise other rights at any time
- You are 18 years or older
- You understand our cookie practices and can manage your preferences
If you do not agree to this Privacy Policy, you must not use the Platform.
Thank you for trusting Source with your personal information. We take this responsibility seriously and are committed to protecting your privacy.
Version: 1.0 · Next Review: August 2026