DRAFT — REVIEW BEFORE LAUNCH. This starter describes how Source Terminal actually handles data today, but it is not legal advice. Replace the [BRACKETED] placeholders and have an attorney confirm it meets your obligations (e.g. GDPR/CCPA) before you rely on it. Keep it in sync if your data practices change.
Contents
  1. Overview
  2. Information we collect
  3. How we use your information
  4. AI processing of your searches
  5. Third-party services (subprocessors)
  6. Cookies & local storage
  7. How we share information
  8. Data retention
  9. Your rights & choices
  10. Security
  11. International users
  12. Children
  13. Changes & contact

1.Overview

This Privacy Policy explains what information Source Terminal (operated by Christian Banks) collects, how we use it, and your choices. It applies to source-terminal.com and covers our use alongside the Terms of Service.

2.Information we collect

Account information

Business data you create

Information you enter to run your reselling business, including your watchlist and price alerts, inventory items (with your costs, sale prices, and profit/P&L figures), supplier lists, sourcing/buy plans, and your product-research history. This is your data; we store it to provide the Service.

Usage & technical data

Basic technical information needed to operate and secure the Service (such as the search terms you submit, request logs, and — via our hosting/CDN providers — IP address and browser type). We keep an internal signup log (date, email, name, plan, signup method) for record-keeping.

What we do not do: we do not sell your personal information, we do not use advertising or third-party tracking cookies, and we do not build advertising profiles about you.

3.How we use your information

4.AI processing of your searches

When you use Price Check, AI Suggestions, or the seasonal calendar, the product name or question you enter, together with public market/trend data, is sent to Anthropic's Claude API to generate the analysis you asked for. We do not send your email, account details, inventory, or other personal information to Anthropic for this. Anthropic processes the request under its own terms and, for standard API usage, does not use it to train its models.

5.Third-party services (subprocessors)

We rely on the following providers to run the Service. Each receives only the data needed for its function:

ProviderPurposeData it receives
Google Firebase / Google CloudAuthentication & databaseEmail, name, hashed password, your account & business data
Google (Sign-in with Google)Optional loginEmail, name from your Google profile
StripePayments & subscriptionsEmail, plan, payment details (entered directly with Stripe)
SendGrid / email (SMTP)Transactional emailYour email address
Anthropic (Claude)AI analysisYour search queries/questions + public market data
RapidAPI, DuckDuckGo, eBay, Google TrendsMarket & supplier dataYour search terms only (no personal data)
Hosting/CDN (e.g. Render, Cloudflare, Google Fonts)Serve the appIP address & request metadata

Each provider maintains its own privacy policy. We recommend signing available Data Processing Agreements with Stripe, Google, Anthropic, and your email provider.

6.Cookies & local storage

We use only strictly necessary cookies to keep you logged in: a session cookie and an optional "remember me" cookie (both expire within 14 days). We also store your light/dark theme preference in your browser's local storage. We do not use analytics, advertising, or tracking cookies, so no cookie-consent banner is required.

7.How we share information

We share information only with the subprocessors listed above to operate the Service, and when required by law, to protect our rights, or in connection with a business transfer. We do not sell your personal information.

8.Data retention

We keep your account and business data while your account is active and as needed to provide the Service. If you delete your account, we delete or de-identify your personal data within a reasonable period, except where we must retain records (e.g. payment/tax records held by Stripe or as required by law).

9.Your rights & choices

10.Security

We use reputable providers and industry-standard measures (encryption in transit, hashed passwords, access controls). No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11.International users

We operate in the United States and our providers are primarily US-based. If you use the Service from outside the US, you understand your information will be processed in the US and other countries where our providers operate.

12.Children

The Service is not directed to children and is intended for users 18 and older. We do not knowingly collect personal information from anyone under 18 (or under 13 as defined by COPPA). If you believe a child has provided us information, contact us and we will delete it.

13.Changes & contact

We may update this Policy; material changes will be reflected in the "Last updated" date and, where appropriate, communicated to you. Questions or privacy requests: privacy@source-terminal.com  ·  Christian Banks, 7401 Westlake Terrace, Apt. 416, Bethesda, Maryland 20817.