---
title: Privacy Policy
canonical: https://bemysource.com/privacy
last_updated: 2026-02-03
version: 1.0
publisher: Be My Source (BeMySource Ltd)
contact: privacy@bemysource.com
---

# Privacy Policy

Last Updated: February 3, 2026 · Version 1.0

Be My Source ("we," "us," "our," or "Source") is committed to protecting your privacy and personal data. This policy explains how we collect, use, share, and protect your personal information when you use the Source platform.

## Plain language summary

What we collect: account info (name, email), profile details, payment info (handled by Stripe), usage data (searches, transactions, connections), device info (browser, IP for security).

How we use it: connect you with other users and process transactions; improve Source and keep it secure; comply with laws and enforce our Terms; marketing (only with consent, opt-out any time).

Who we share with: other users (your public profile when you connect); payment processors, hosting providers, and security services; law enforcement (when legally required); institutions and rights holders (for copyright or policy violations). We NEVER sell your data.

Your rights: access, correct, or delete your data; object to certain processing; withdraw consent anytime; complain to data protection authorities.

Questions? Contact privacy@bemysource.com.

## 1. Introduction

This Privacy Policy applies to all users of Source, regardless of location. We comply with UK GDPR, Data Protection Act 2018, EU GDPR (for EEA users), California CCPA, and other applicable data protection laws.

Data Controller: Be My Source. Email: privacy@bemysource.com.

For EEA / UK users: you have the right to lodge a complaint with your local supervisory authority. UK: Information Commissioner's Office (ICO), ico.org.uk. EU: edpb.europa.eu.

## 2. Information we collect

2.1 Information you provide directly: account information (full name, email, username, password); profile information (bio, location, profile picture, areas of expertise); payment and bank account information (processed through Stripe); institutional affiliations and access credentials; government-issued ID if required for verification.

2.2 Information we collect automatically: usage data, device and technical information, security and fraud detection data, cookies and similar technologies, approximate location from IP address.

2.3 Information from third parties: Stripe (payment processors), Stripe Identity (identity verification), analytics and advertising services.

## 3. How we use your information

3.1 Contract performance: provide Platform services, account management, transaction processing, communication facilitation, customer support.

3.2 Legal obligations: legal process compliance, terms enforcement, fraud prevention, copyright enforcement, regulatory compliance.

3.3 Legitimate interests: platform improvement, research and development, marketing, security and fraud prevention, business operations.

3.4 Consent: marketing communications, non-essential cookies, optional features, research participation. You can withdraw consent at any time.

## 4. How we share your information

We do not sell your personal data. We share information only:

4.1 With other users: your public profile information is visible to other users. Email and payment information are never shared.

4.2 Service providers: Stripe (payment processing, fraud prevention, identity verification), Microsoft Azure (cloud hosting, UK / EU regions), Mailjet (email communications, EU-based), Google Analytics (platform usage analysis).

4.3 Legal requirements: when required by law, for copyright enforcement, institutional cooperation, or in emergency situations.

## 5. International data transfers

Source is based in the United Kingdom. Data may be transferred to UK, EU, and US locations with appropriate safeguards including Standard Contractual Clauses (SCCs). Core platform data is stored in Microsoft Azure UK / EU regions. US transfers (Stripe) use SCCs and supplementary measures.

## 6. Data retention

- Active account data: while active plus 90 days after last activity
- Closed account data: 7 years (legal, tax, fraud prevention)
- Transaction records: 7 years (financial regulations)
- Copyright infringement records: 10 years
- Marketing data: until consent withdrawn or 2 years of inactivity

## 7. Your rights under GDPR

If you are located in the UK or EEA: Right of Access (Article 15), Right to Rectification (Article 16), Right to Erasure (Article 17), Right to Restriction (Article 18), Right to Data Portability (Article 20), Right to Object (Article 21), Right to Withdraw Consent (Article 7(3)), Right to Lodge a Complaint.

To exercise your rights, email privacy@bemysource.com with your request. We respond within one month.

## 8. Cookies and tracking technologies

Types of cookies:

- Essential: session_id, auth_token, security_flags (necessary for Platform function)
- Functional: language_pref, ui_theme (requires consent)
- Analytics: _ga, _gid Google Analytics (requires consent)
- Marketing: ad targeting and conversion tracking (requires consent)

Managing cookies: browser settings or our Cookie Preference Center in the footer. Opt out of Google Analytics at tools.google.com/dlpage/gaoptout.

## 9. Data security

Technical: TLS 1.3 in transit, AES-256 at rest; RBAC, MFA for employees, principle of least privilege; firewalls, IDS / IPS, DDoS protection; OWASP guidelines, input validation, CSRF / XSS protection; 24/7 monitoring, centralized logging, anomaly detection.

Organizational: employee security training and background checks; incident response plan and 24/7 response team; regular security audits and compliance reviews.

No system is 100% secure. You acknowledge internet transmission carries inherent risks.

## 10. Children's privacy

Source is not intended for children under 18. We do not knowingly collect personal data from children. If we discover child data, we will delete it immediately and notify the parent or guardian.

## 11. California Consumer Privacy Act (CCPA) rights

California residents have additional rights: Right to Know, Right to Delete, Right to Opt-Out (we do NOT sell personal information), Right to Non-Discrimination. To exercise, email privacy@bemysource.com with "CCPA Request" in the subject. We respond within 45 days.

## 12. Changes to this privacy policy

For material changes, we notify you via email at least 30 days before changes take effect. Continued use constitutes acceptance.

## 13. Contact us

- Privacy team: privacy@bemysource.com (acknowledgment within 2 business days, full response within 1 month)
- Security issues: security@bemysource.com (within 24 hours for critical issues)
- Marketing opt-out: marketing@bemysource.com (or click unsubscribe in any email)

## 14. Acknowledgment and agreement

By using Source you acknowledge you have read and understood this Privacy Policy; understand how we collect, use, and share your data; understand your rights; consent to our data collection where consent is the legal basis; can withdraw consent any time; are 18 or older; understand our cookie practices. If you do not agree, you must not use the Platform.

Version: 1.0 · Next Review: August 2026