Legal

Privacy Policy

Last updated: April 16, 2026

[PLACEHOLDER — Insert finalized policy before public launch.] This document describes how AllForSourcing ("we", "us") collects, uses, stores, and discloses personal information and business data submitted through allforsourcing.com (the "Site") in accordance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and applicable B2B data-protection regimes.

1. Data we collect

We collect (a) information you submit voluntarily via the contact and audit-request forms — name, business email, company name, supplier URL, budget band, free-text context; (b) technical log data — IP address, user-agent, referrer, pages visited — for security and analytics; (c) OSINT data about third-party suppliers aggregated from public sources (customs records, B2B marketplaces, corporate registries).

2. Lawful basis for processing (GDPR)

Processing is performed on the basis of (i) your explicit consent when you submit a form; (ii) performance of a contract when you engage a paid audit; (iii) our legitimate interest in operating the Site and preventing fraud.

3. How we use your data

Submitted data is used exclusively to respond to your audit request, prepare quotes, deliver reports, and maintain business correspondence. We do not sell personal data. We do not share personal data with advertisers.

4. Sub-processors

We rely on a limited set of infrastructure providers (Cloudflare for hosting, GitHub for source control, an email delivery partner for outbound messages). Each operates under its own privacy terms and data-processing agreement.

5. Your rights

You have the right to access, rectify, export, or erase personal data we hold about you, and to withdraw consent at any time. To exercise any of these rights, email privacy@allforsourcing.com. California residents may additionally exercise rights under the CCPA, including the right to opt out of sale (we do not sell personal information).

6. Retention

Contact-form submissions are retained for the duration of the audit engagement plus 24 months for audit-trail purposes, after which they are deleted or anonymized.

7. International transfers

Data may be processed in jurisdictions outside your country of residence. Where required, we use Standard Contractual Clauses and equivalent safeguards.

8. Changes

We may update this policy. The "Last updated" date at the top reflects the latest revision. Material changes will be flagged prominently.

9. Contact

Privacy inquiries: privacy@allforsourcing.com. General inquiries: audit@allforsourcing.com.