Privacy Policy

Effective Date: January 10, 2026

Your privacy is important to us. This policy explains how we collect, use, and protect your data.

1. Data We Collect

We collect the following types of information:

Account Information

  • Email address
  • GitHub username (if connected)
  • Profile information you provide (bio, wallet address)

Usage Data

  • Package download statistics
  • API access logs
  • Browser type and IP address

Payment Information

  • Transaction history
  • Payment method details are handled by Stripe and not stored on our servers

2. How We Use Your Data

We use your information to:

  • Provide and improve our services
  • Process payments and payouts
  • Send transactional emails (receipts, access tokens, etc.)
  • Communicate about service updates
  • Prevent fraud and ensure security
  • Generate aggregated, anonymized statistics

3. Third-Party Services

We use the following third-party services that may process your data:

Supabase

Database and authentication provider. Your account data is stored securely in Supabase.

Stripe

Payment processing. Stripe handles all payment card data according to PCI-DSS standards. See Stripe's Privacy Policy.

Cloudflare

CDN and edge computing. Our registry proxy runs on Cloudflare Workers.

Sentry

Error tracking and performance monitoring. May collect technical information for debugging.

4. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. You can disable cookies in your browser, but some features may not work correctly.

5. Data Retention

We retain your data for as long as your account is active. When you delete your account:

  • Personal profile data is anonymized immediately
  • Access tokens are revoked
  • Transaction records are kept for legal/tax purposes (7 years)
  • Published packages may remain available but anonymized

6. Your Rights (GDPR)

If you're in the European Union, you have the right to:

  • Access - Request a copy of your personal data
  • Rectification - Correct inaccurate data
  • Erasure - Request deletion of your data
  • Portability - Export your data in a machine-readable format
  • Objection - Object to processing of your data

To exercise these rights, contact us at privacy@source.software

7. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS/HTTPS)
  • Encryption at rest for stored data
  • Row-level security in our database
  • Regular security audits
  • Access logging and monitoring

8. Children's Privacy

SOURCE is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our website. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related questions or to exercise your data rights, contact us at:

Email: privacy@source.software

Questions about these terms? Contact our legal team