Privacy Policy

Last updated: April 2026

Our Commitment

SORCE is built on the principle of radical transparency. We collect the minimum data required to operate the platform. We do not sell your data. We do not serve ads. We do not use tracking pixels or third-party analytics scripts.

What We Collect

Account Data

If you register, we store your email address and a hashed password, or your Google OAuth token if you sign in with Google. We do not store your Google password.

Interaction Data

Likes, bookmarks, follows, and mutes are stored in our database and associated with your account. This data is private — only you can see it.

Usage Data

We do not run third-party analytics. We do not track your browsing behaviour across other websites. Server logs may record IP addresses for security purposes only and are not retained beyond 30 days.

What We Do Not Collect

We do not collect: payment information, precise location data, device fingerprints, behavioural advertising profiles, or any data from users who are not logged in beyond standard server logs.

Data Storage

Your data is stored on Supabase (PostgreSQL), hosted in the EU. Supabase is SOC 2 Type II certified. We apply Row Level Security — your private data (likes, bookmarks, follows) is only accessible by your account.

Third-Party Services

SORCE uses the following third-party services:

Supabase — authentication and database (EU-hosted)
Vercel — hosting and edge delivery
Cloudflare — DDoS protection and CDN
Google OAuth — optional sign-in only

No advertising networks, no data brokers, no tracking services.

Your Rights

You may request deletion of your account and all associated data at any time by contacting us via GitHub. We will process deletion requests within 30 days.

Changes to This Policy

If we make material changes to this policy, we will update the date at the top of this page. Continued use of SORCE constitutes acceptance.

Contact

Privacy questions? Open an issue on our GitHub repository.