Privacy Policy
Last updated: 12 July 2026
This Privacy Policy explains how ZNT S.r.l.s., operator of SourceIQ (the βServiceβ), collects, uses, discloses, and safeguards personal data. We act as a data controller for account and billing data, and as a data processor for the sourcing data our customers process through the Service. We comply with the EU General Data Protection Regulation (GDPR) and applicable national law.
1. Who we are
The Service is operated by ZNT S.r.l.s. (βweβ, βusβ, βourβ). You can reach us at hello@sourceiq.org. For privacy-specific requests, contact privacy@sourceiq.org. Our registered address is james@sourceiq.org.
2. Data we collect
Depending on how you use the Service, we may collect:
- Account data β name, work email, organisation name, and authentication identifiers, handled through our identity provider (Clerk).
- Billing data β subscription status and payment metadata. Card details are handled directly by Stripe; we never see or store full card numbers.
- Sourcing data β the sourcing briefs, requirements, and supplier information you create or that our AI agents discover, including supplier names, countries, websites, and business contact details.
- Communications data β the content of Requests for Information (RFIs) sent through the Service and supplier replies received, processed to advance your sourcing funnel.
- Usage & technical data β log data, approximate token/cost usage, and standard server logs generated when you use the Service.
3. How we use data
- To provide, operate, and secure the Service and your account.
- To run AI-driven supplier discovery, scoring, and outreach on your behalf.
- To send and receive RFI correspondence with suppliers you target.
- To process subscriptions and payments.
- To communicate with you about your account, support requests, and service changes.
- To detect, prevent, and investigate abuse, fraud, or security incidents.
- To comply with legal obligations.
4. Legal bases (GDPR)
We process personal data on the following bases:
- Contract β to deliver the Service you have subscribed to.
- Legitimate interests β to operate, secure, and improve the Service, and to conduct B2B supplier outreach on behalf of our customers, balanced against the rights of the individuals concerned.
- Legal obligation β for tax, accounting, and compliance requirements.
- Consent β where specifically requested; you may withdraw consent at any time.
5. Supplier outreach & recipients
When you run an outreach campaign, the Service sends business emails to the professional contact addresses of the suppliers you target. Every message identifies the purpose of the contact and includes a one-click opt-out. If a supplier opts out, we suppress their address and do not contact them again. Suppliers may exercise their data-protection rights by contacting us at privacy@sourceiq.org.
6. Sub-processors & sharing
We share data with trusted service providers who process it on our behalf under appropriate data-processing terms:
- Clerk β authentication and user management.
- Stripe β payment processing and subscription billing.
- Resend β outbound and inbound email delivery.
- Anthropic β the AI models that power discovery, scoring, and drafting. Data sent to the model is used to generate responses and is not used to train models.
- Neon β managed database hosting.
- Vercel β application hosting and infrastructure.
We do not sell personal data.
7. International transfers
Some sub-processors may process data outside the European Economic Area. Where this occurs, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision.
8. Retention
We keep personal data only as long as necessary for the purposes described above, for the life of your account, and thereafter as required to meet legal, tax, and accounting obligations. You can request deletion of your account data at any time.
9. Your rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request erasure of your data.
- Restrict or object to certain processing.
- Data portability.
- Lodge a complaint with your supervisory authority (in Italy, the Garante per la protezione dei dati personali).
To exercise any of these rights, contact privacy@sourceiq.org.
10. Security
We use industry-standard technical and organisational measures β encryption in transit, access controls, and reputable infrastructure providers β to protect personal data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
11. Cookies
The Service uses only cookies strictly necessary for authentication and session management. We do not use advertising or third-party tracking cookies.
12. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by the βLast updatedβ date above and, where appropriate, communicated to you directly.
13. Contact
Questions about this policy or our data practices can be directed to privacy@sourceiq.org.