Sourcefolk

Privacy

Privacy Policy

This policy explains what Sourcefolk collects, why it is used, who can see it, and the controls available to you. It describes the current product; it does not claim that publishing a policy alone satisfies every law.

Effective 12 July 2026 · Version 2026-07-12-sourcefolk

1. Who is responsible

The data controller is not yet configured, at an address not yet configured. The operator decides why and how personal information is used. Contact details appear at the end of this policy.

2. Information we collect and its source

Category What it includes and where it comes from
GitHub sign-in The base identity response and, only when needed, the user:email scope provide an immutable GitHub ID, login, display name, primary verified email, and GitHub avatar URL. We do not request repository or organisation scopes and do not store OAuth access or refresh tokens.
Profile and relationships Your name, username and time of the last username change, biography, profile photo, links, location, selected stack, work availability, follower and following relationships, and profile settings. Most comes from you; the initial name and avatar may come from GitHub.
Eligibility and agreement records The Terms version accepted, acceptance time, Privacy Policy version presented with that flow, and the minimum-age threshold you confirmed. We record that you confirmed you are at least 18; we do not ask for or store your date of birth.
Community activity Posts, projects, media, replies, reactions, reposts, bookmarks, tags, links, publication times, and related records. Public contributions may incidentally reveal sensitive traits; we do not use those traits for advertising or profiling.
Direct messages Encrypted message bodies, participant IDs, conversation and message IDs, sender ID, timestamps, and delivery state. Participants supply message content; the service creates delivery metadata.
Media storage User-uploaded profile photos and post attachments are private objects in Cloudflare R2. For post media we also keep the original filename, file type, and size. Media attached to a public post or profile is presented publicly through time-limited delivery URLs. A GitHub-provided avatar remains hosted by GitHub unless you replace it.
Safety and service logs Reports, selected reported messages, moderation decisions, content-request details, IP address, device and browser information, session and security events, rate-limit events, and records needed to investigate faults or abuse.
Automated discovery Tavily receives a search query and approved source domains. The integration is configured not to request raw page content. Azure OpenAI receives returned source metadata and short snippets. Member account data is not intentionally sent through the curation agent. Provider retention and training restrictions must be confirmed in the operator's contracts and production settings.

3. Why we use it

Provide the service

Authenticate accounts, record eligibility and Terms acceptance, publish profiles and contributions, store media, maintain follows, deliver messages, and apply settings. The UK/EU basis is normally performance of the contract you request by joining and using member features.

Protect the community

Prevent spam and fraud, secure accounts, investigate reports, enforce rules, and preserve proportionate evidence. The basis is the operator's legitimate interests in a safe, reliable service, balanced against people's rights and reasonable expectations.

Meet legal duties

Respond to valid legal process, safety reports, data-rights requests, and legally required removals or disclosures. The basis is legal obligation where one applies.

Optional uses

Optional analytics, advertising, or marketing are not part of the current product. They must not be enabled without updating this notice and obtaining consent or offering an opt-out where law requires.

A verified email, account identifier, confirmation that you are at least 18, and acceptance of the current Terms are required to provide an account. Profile details beyond a name and username, public contributions, follows, media, and direct messages are optional. Sourcefolk does not use automated processing to make decisions that produce legal or similarly significant effects. Automated curation and abuse controls may rank or flag material, but final account and legal-content decisions require authorized human review.

Public contributions can incidentally reveal health, beliefs, sexuality, ethnicity, politics, trade-union membership, biometric or genetic information, or allegations about offences. Sourcefolk does not ask members to provide those details, infer them for advertising, or build sensitive profiles. Do not publish another person's sensitive or criminal-offence information without a lawful basis. The operator must identify an applicable UK/EU Article 9 or Article 10 condition before deliberately using such information beyond displaying content at the member's direction, or remove or restrict it where no condition applies.

4. What is public and what is private

Names, usernames, biographies, profile images, follower and following lists, posts, projects, replies, reactions, and reposts are public by design. Public information can be copied or indexed by others. Bookmarks, account-security settings, and direct-message conversations are not shown publicly.

5. Direct-message privacy and encryption

Message bodies are encrypted over HTTPS and while stored with keys controlled by the service. They are not end-to-end encrypted. Vask processes connection and delivery-event metadata containing conversation, message, sender, and timestamp identifiers; it does not receive decrypted message bodies. The authorized participant fetches a body over HTTPS.

Administrators cannot ordinarily open or search conversations and have no blanket moderation bypass. The operator does not proactively read messages. If a participant reports a conversation, the selected messages and related identifiers are deliberately disclosed to authorized safety staff. Information may also be disclosed when valid law requires it or an urgent threat to life or safety must be addressed.

Messages are not disappearing and the current product has no per-message delete-for-everyone control. While both accounts remain, history stays visible to both participants even if they no longer follow one another. Deleting either participant's account removes the live conversation history from the primary database; backups and limited safety or legal records follow the configured retention schedule.

6. When information is shared

  • The public and other members: public community information is visible to anyone; message content is delivered only to conversation participants unless reported.
  • GitHub: provides OAuth sign-in and may continue to host the initial avatar under GitHub's own privacy terms.
  • Cloudflare R2: stores private media objects used for public posts and user-uploaded profile photos.
  • Vask: processes WebSocket connection data and metadata-only real-time events.
  • Curation providers: Tavily and Azure OpenAI process source searches, metadata, and short snippets—not member account data—for automated discovery.
  • Other processors: Hosting, database, email, monitoring, and other production processors have not yet been configured in this notice.
  • Legal and safety recipients: information is shared when required by valid law, to protect rights and safety, or in a properly governed business transfer.

Processors must be contractually limited, kept confidential, secured, and required to help with rights, incidents, deletion, and audits. The operator must keep its actual list current.

7. Retention

We keep identifiable information only for a documented purpose. The production operator must replace every unconfigured entry below with a specific period or clear deletion criterion.

Accounts and public content
Not configured — required before launch.
Direct messages
Not configured — required before launch.
Security logs
Not configured — required before launch.
Moderation and reports
Not configured — required before launch.
Backups
Not configured — required before launch.

8. Your privacy rights

Depending on where you live, you may ask to access, correct, delete, restrict, or receive a portable copy of your information; object to processing; withdraw consent for optional processing; or appeal a refusal. These rights are not absolute, and another participant's rights may affect a message export or deletion request. Requests are free unless law permits a fee for a manifestly unfounded or excessive request.

Use the content and rights request form or the privacy email below. We may verify your identity proportionately. Before serving UK or EEA users, the operator must be able to answer rights requests without undue delay and generally within one month. UK data-protection complaints must be acknowledged within 30 days, investigated without undue delay with appropriate updates, and closed with an outcome notice.

You may also complain to the regulator where you live, including the UK ICO, an EEA supervisory authority, or the California Privacy Protection Agency where applicable.

9. Cookies and local storage

The current service uses storage needed for authentication, security, sessions, CSRF protection, and your light or dark appearance preference. It does not currently use advertising or optional analytics cookies. Optional storage must remain off until a clear choice is offered; refusing it must not block core features, and consent must be as easy to withdraw as to give.

10. California disclosures

The categories, sources, purposes, recipients, retention information, and controls required for an online privacy notice are described above. The current product does not sell personal information or share it for cross-context behavioural advertising and does not offer financial incentives for personal information.

We do not respond to the legacy browser “Do Not Track” signal because the product does not perform cross-site advertising tracking. If a future deployment sells or shares information, it must add a “Do Not Sell or Share” control and honor valid opt-out preference signals such as Global Privacy Control before that processing begins. If the CCPA applies to the operator, California residents also have rights to know, delete, correct, limit qualifying sensitive-information uses, opt out of sale or sharing, and receive equal service.

11. Children

Sourcefolk is only for people aged 18 or over and does not offer a parental-consent route for younger users. The acceptance flow records a self-declaration that the threshold is met without collecting a date of birth. If the operator learns that an account belongs to someone under 18, it will restrict the account and delete or anonymize the person's information unless a limited record must be kept for safety or law. A parent, guardian, or other person can report a suspected underage account through the rights and safety form. The operator must assess whether children are nevertheless likely to access the service and introduce proportionate age assurance and age-appropriate safeguards if self-declaration is not adequate.

12. Security, transfers, and incidents

We use access controls, private object storage, transport encryption, encrypted-at-rest message bodies, and restricted administrative tools. No system is perfectly secure. The operator must maintain incident-response and breach-notification procedures appropriate to the risk.

Providers may process information outside your country. Where UK or EEA transfer restrictions apply, the operator must use an adequacy decision or an approved safeguard such as EU Standard Contractual Clauses, the UK International Data Transfer Agreement, or the UK Addendum, and explain how to obtain a copy. EU representative: not listed; configure one if legally required. UK representative: not listed; configure one if legally required.

13. Changes and contact

We will update the version and effective date and give clear notice before a material new use begins. Earlier information is not repurposed incompatibly without a valid legal basis and any consent that law requires. Updating this notice does not convert it into consent; if optional processing legally requires consent, Sourcefolk will ask separately with a real choice.

Operator
Not configured
Country
Not configured
Postal address
Not configured
Privacy contact
Not configured