Privacy Policy

Introduction

Soursea ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered product sourcing platform ("Service"). Please read this policy carefully to understand our practices regarding your personal data.

1. Data Controller

Soursea is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact our Data Protection Officer at: Email: [email protected]. For users in the European Economic Area, you also have the right to lodge a complaint with your local data protection authority.

2. Information We Collect

We collect information in the following categories: (a) Account Information: name, email address, password (encrypted), profile information. (b) Payment Information: billing address, payment card details (processed securely by Stripe; we do not store full card numbers). (c) Usage Data: products analyzed, features used, session duration, interaction patterns. (d) Device Information: IP address, browser type, operating system, device identifiers. (e) Third-Party Data: when you connect services like Shopify, we collect store name, URL, and necessary authentication tokens. (f) Communications: support tickets, feedback, and correspondence with us.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your personal data on the following legal bases: (a) Contract Performance: processing necessary to provide our Service to you. (b) Legitimate Interests: improving our Service, preventing fraud, ensuring security. (c) Legal Obligation: compliance with applicable laws and regulations. (d) Consent: for marketing communications and optional features. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

4. How We Use Your Information

We use your information to: (a) provide, maintain, and improve our Service, (b) process transactions and send related information, (c) send technical notices, updates, and support messages, (d) respond to your comments, questions, and customer service requests, (e) monitor and analyze usage patterns and trends, (f) detect, investigate, and prevent fraudulent transactions and other illegal activities, (g) personalize and improve your experience, (h) comply with legal obligations.

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your data with: (a) Service Providers: third parties who perform services on our behalf (hosting, payment processing, analytics). (b) Business Transfers: in connection with any merger, acquisition, or sale of assets. (c) Legal Requirements: when required by law or to protect our rights. (d) With Your Consent: when you explicitly authorize sharing. All service providers are contractually bound to protect your data and use it only for specified purposes.

6. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and South Korea. For transfers from the EEA/UK to countries not deemed adequate by the European Commission, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission. By using our Service, you consent to such transfers.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including: (a) encryption of data in transit (TLS 1.3) and at rest (AES-256), (b) regular security assessments and penetration testing, (c) access controls and authentication mechanisms, (d) employee training on data protection. However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Account data is retained while your account is active and for up to 3 years after closure for legal compliance. You may request deletion of your data at any time, subject to our legal obligations.

9. Your Data Protection Rights

Depending on your location, you may have the following rights: (a) Access: request copies of your personal data. (b) Rectification: request correction of inaccurate data. (c) Erasure: request deletion of your data ("right to be forgotten"). (d) Restriction: request limitation of processing. (e) Portability: receive your data in a structured, machine-readable format. (f) Objection: object to processing based on legitimate interests. (g) Withdraw Consent: where processing is based on consent. To exercise these rights, contact us at [email protected]. We will respond within 30 days.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information. Types of cookies we use: (a) Essential Cookies: necessary for the Service to function. (b) Analytics Cookies: help us understand how visitors interact with our Service. (c) Functional Cookies: remember your preferences. (d) Marketing Cookies: track your activity across sites for advertising purposes. You can control cookies through your browser settings. Disabling certain cookies may affect Service functionality.

11. Shopify and Third-Party Integrations

When you connect your Shopify store, we collect: store name and URL, Shopify Shop ID, OAuth access tokens for API authentication. We access only product-related scopes (write_products, read_products, write_inventory, read_inventory). We do NOT collect: customer personal information, order details, or payment data from your store. Your Shopify connection data is deleted within 48 hours of disconnecting your store or deleting your account.

12. California Privacy Rights (CCPA/CPRA)

California residents have the following rights under the CCPA: (a) Right to Know: what personal information we collect, use, and disclose. (b) Right to Delete: request deletion of personal information. (c) Right to Opt-Out: opt out of the sale of personal information (note: we do not sell personal information). (d) Right to Non-Discrimination: receive equal service regardless of exercising privacy rights. (e) Right to Correct: request correction of inaccurate information. To exercise these rights, contact us at [email protected] or call our toll-free number. We will verify your identity before processing your request.

13. Korean Personal Information Protection (PIPA)

For users in South Korea, in accordance with the Personal Information Protection Act: (a) We collect and process personal information only with your consent or as permitted by law. (b) You may request access to, correction of, deletion of, or suspension of processing of your personal information. (c) We will respond to such requests within 10 days. (d) You may file complaints with the Personal Information Protection Commission (www.pipc.go.kr) or the Korea Internet & Security Agency (privacy.kisa.or.kr). Personal Information Protection Officer: [email protected]

14. Children's Privacy

Our Service is not intended for individuals under the age of 18 (or the age of legal majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at [email protected], and we will take steps to delete such information.

15. Automated Decision-Making

Our Service uses AI and automated systems to analyze products and provide recommendations. These automated processes do not make decisions that have legal or similarly significant effects on you. The AI analysis results are provided as informational guidance only, and you retain full control over all purchasing and business decisions.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email. We encourage you to review this Privacy Policy periodically.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: Data Protection Officer: [email protected]. General Inquiries: [email protected]. European Representative: For users in the EEA, our representative can be contacted at [email protected]. We aim to respond to all inquiries within 30 days.