Privacy policy
Last updated: April 18, 2026
Dynasty Ecom LLC, operating SourceFollow, is committed to protecting your privacy. This Policy explains what information we collect, how we use and share it, your choices and rights, and how we keep your data secure. It should be read together with our Terms of Service and Refund Policy.
1. Who we are and the scope of this policy
This Privacy Policy describes how Dynasty Ecom LLC, a New Mexico limited liability company with its principal place of business at 325 Don Gaspar Avenue, Suite 300, Santa Fe, New Mexico 87501, United States, operating the SourceFollow product line ("SourceFollow", "we", "our", "us"), collects, uses, discloses, and protects information when you access our website, create an account, subscribe to a plan, or otherwise use the SourceFollow platform. It applies to all users of the service, including account holders, their invited team members, and visitors to our websites. For the purposes of applicable data-protection laws, Dynasty Ecom LLC is the controller of personal information processed about account holders and visitors, and acts as a processor with respect to the data that account holders choose to store in the service.
2. Information we collect
Account information: when you register, we collect your name, email address, password (handled through our authentication provider and stored as a secure hash), profile photo (optional), and workspace or organization information. Billing information: when you subscribe, our payment processor collects billing name, address, and payment instrument details; we receive only limited billing metadata such as the last four digits of the card, brand, expiration, billing country, invoice history, and subscription status — we never receive or store your full card number. Customer content: the data you input into SourceFollow, including suppliers, products, notes, tasks, tags, files, activity logs, and AI prompts and outputs you generate. Usage and device data: IP address, browser type and version, operating system, device identifiers, referring pages, features used, pages viewed, timestamps, approximate location derived from IP, and performance and diagnostic data. Communications: the content of messages you send us, support tickets, and survey responses. Cookies and similar technologies, as described in Section 7.
3. How we use information
We use information to: (a) create and maintain your account, authenticate users, and deliver the features of the service; (b) process payments, manage subscriptions and credits, and send billing-related communications such as receipts, invoices, renewal notices, failed-payment alerts, and refund or chargeback responses; (c) provide customer support and respond to your inquiries; (d) operate, secure, monitor, debug, and improve the service, including measuring usage, reliability, and performance; (e) personalize the service and remember your preferences; (f) send essential service notices (security alerts, policy updates, downtime, significant product changes) and, where permitted, product updates and tips that you can opt out of at any time; (g) detect, prevent, and respond to fraud, abuse, security incidents, chargebacks, and violations of our Terms; (h) comply with legal obligations and enforce our agreements; and (i) aggregate and de-identify data for analytics and product development.
4. Legal bases for processing (EEA/UK users)
If you are located in the European Economic Area or the United Kingdom, our legal bases for processing your personal information are: performance of the contract between you and us to provide the service; our legitimate interests in operating, securing, and improving the service, preventing fraud, and communicating with customers, balanced against your rights; your consent, where required (for example, for certain cookies and marketing communications); and compliance with our legal obligations. You may withdraw consent at any time where consent is the basis for processing.
5. How we share information
We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only in the following circumstances: (a) service providers and subprocessors that help us operate the service, each under written contracts limiting their use of the data to providing services to us; (b) when you direct us to do so, for example by connecting a third-party integration; (c) with other members of your workspace or organization, who may see account, activity, and content you share inside that workspace; (d) to comply with valid legal process, a lawful government request, a court order, or a subpoena, and to enforce our Terms, protect our rights, property, or safety, or investigate fraud or security issues; and (e) in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to customary confidentiality protections and continued application of this Policy to transferred data.
6. Subprocessors
We rely on a limited set of reputable providers to run the service. As of the "Last updated" date, they include: Clerk (authentication and identity), Supabase (database, storage, and backend infrastructure hosted on secure cloud regions), Vercel (application hosting and edge delivery), Stripe (payment processing and subscription management), Anthropic and Perplexity (AI model providers for research and assistant features), Keepa (Amazon product and pricing data), Google Maps Platform (places and geocoding), Resend (transactional email), Google LLC (Google Tag Manager for tag orchestration, Google Analytics 4 for traffic measurement, and Google Ads for advertising and conversion attribution), Microsoft Corporation (Microsoft Clarity for product analytics, heatmaps, and session replay with strict text masking enabled), and Meta Platforms, Inc. (Meta Pixel for audience measurement, ad delivery, and conversion attribution on our marketing website only). Each subprocessor is bound by contractual confidentiality and data-protection obligations. We may update the list of subprocessors from time to time; material changes will be reflected in this Policy.
7. Cookies and similar technologies
We use cookies and similar technologies to keep you signed in, remember your preferences, secure the service, and understand usage. Strictly necessary cookies are required for the service to function (for example, authentication cookies set by Clerk). Functional cookies remember your settings. Analytics and advertising cookies help us measure performance, improve the product, and reach the right audiences for our marketing. Our analytics, measurement, and advertising partners currently include Google Analytics 4, Google Ads (conversion measurement and audience insights), Microsoft Clarity, and Meta Pixel (each active on our marketing website only, never inside the authenticated application). Additional advertising partners may be added (LinkedIn, TikTok) and will be disclosed here when activated. You can control cookies through your browser settings; blocking essential cookies may prevent you from using core features. We honor Global Privacy Control (GPC) signals — when your browser transmits a GPC signal, we automatically treat it as a request to opt out of sale/sharing of personal information and of targeted advertising.
8. AI features and your content
Some features of the service rely on third-party AI providers (currently Anthropic and Perplexity) to generate research, summaries, and suggestions. When you use these features, the relevant prompt, context, and minimum data required to produce the response are transmitted to the provider, which processes the data under its own enterprise data-handling terms. We have selected providers that contractually do not use our customers' inputs or outputs to train their general-purpose models. You should not submit sensitive personal information, regulated data, or credentials into AI features. AI outputs are generated probabilistically, may be inaccurate, and should be verified before you rely on them.
9. Your rights
Depending on where you live, you may have the right to: access the personal information we hold about you; correct inaccurate information; delete your account and associated personal data; restrict or object to certain processing; receive a portable copy of your data; opt out of non-essential communications; and lodge a complaint with your local data-protection authority. You may exercise these rights at any time by emailing info@sourcefollow.com from the address on file. We will respond within the timeframes required by applicable law. We may request information to verify your identity before acting on a request, and we may decline requests where an exemption applies, for example where retention is required by law, for fraud prevention, to enforce our Terms, or to protect the rights of others.
10. California privacy rights (CCPA/CPRA)
If you are a California resident, you have the right to know the categories and specific pieces of personal information we have collected about you, the sources, purposes, and categories of third parties with whom it is shared; to delete your personal information, subject to exceptions; to correct inaccurate personal information; to limit the use of sensitive personal information; to opt out of the sale or sharing of personal information; and to be free from discrimination for exercising these rights. We do not sell personal information for money. We may share limited device and usage information with advertising and analytics providers in ways that the CPRA defines as "sharing" for cross-context behavioral advertising; you can opt out of such sharing at any time. To exercise any of your California privacy rights, email info@sourcefollow.com from the address on file or write to the mailing address in Section 18; we will verify your request using information associated with your account and respond within the timeframes required by law. We also honor Global Privacy Control (GPC) signals automatically. You may designate an authorized agent to act on your behalf, subject to verification.
11. Data retention
We retain personal information for as long as your account is active, as needed to provide the service, and for legitimate business or legal reasons thereafter. When you delete your account, we will delete or de-identify your personal information within a reasonable period (typically thirty (30) days), except where retention is required for legal, tax, accounting, fraud-prevention, security, or dispute-resolution purposes, or where the data has been aggregated or de-identified. Billing and transaction records are retained for the period required by applicable tax and financial regulations. You are responsible for exporting any Customer Content you wish to retain before cancellation.
12. Data security
We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit and at rest, role-based access controls, row-level security on our database, least-privilege access for employees, audit logging, background checks for personnel with production access, and regular security reviews. Our primary infrastructure providers maintain recognized security certifications. No system is perfectly secure; we cannot guarantee absolute security, and you are responsible for maintaining the confidentiality of your credentials and for choosing a strong, unique password.
13. International data transfers
We operate from the United States, and our service providers may process data in the United States and other countries where they or their subprocessors have facilities. If you access the service from outside the United States, you acknowledge that your personal information will be transferred to, processed, and stored in the United States and other jurisdictions that may have data-protection laws different from those in your country. Where required, we rely on appropriate safeguards, including standard contractual clauses approved by the relevant regulators.
14. Children
The service is intended for business users and is not directed to, and we do not knowingly collect personal information from, individuals under the age of eighteen (18). If you believe a child has provided personal information to us, contact info@sourcefollow.com and we will promptly take steps to delete that information.
15. Third-party sites
The service may contain links to third-party websites, marketplaces, or services that are not operated by us. Your interactions with those third parties are governed by their own privacy policies. We are not responsible for their practices, and we encourage you to review their policies before providing personal information.
16. Breach notification
In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and, where required, the relevant supervisory authorities, within the timeframes required by applicable law.
17. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date and, for material changes, provide reasonable notice (for example, by email or in-app notice) before the change takes effect. Your continued use of the service after the effective date constitutes acceptance of the updated Policy.
18. Contact
If you have questions about this Privacy Policy, how we handle your data, or wish to exercise any of your rights, contact us at info@sourcefollow.com. Formal legal correspondence and privacy requests may also be mailed to Dynasty Ecom LLC, 325 Don Gaspar Avenue, Suite 300, Santa Fe, New Mexico 87501, United States. The service is operated by Dynasty Ecom LLC.