Privacy Policy

Subsource Software LLC ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at subsource.org (the "Site") or engage our services. This policy applies to all individuals who visit our Site, submit inquiries through our contact form, or engage us for software development services. By using our Site or services, you consent to the data practices described in this policy. We comply with applicable data protection laws, including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) where applicable, and other relevant state and federal privacy regulations.

We collect the following categories of information: Personal Information You Provide Directly: • Name (first and last) • Email address • Phone number • Company name and job title • Project details and requirements you describe in contact forms or communications • Billing and payment information (processed securely through third-party payment processors) Information Collected Automatically: • IP address and approximate geographic location • Browser type, version, and language preferences • Operating system and device type • Pages visited, time spent on pages, and navigation paths • Referring website or source • Date and time of each visit Information from Third Parties: • Analytics data from Google Analytics or similar services • Information from business partners or referral sources, with your consent

We use the information we collect for the following purposes: (a) Service Delivery: To respond to your inquiries, provide consultations, prepare project proposals, deliver software development services, and communicate about project progress. (b) Communication: To send you project updates, invoices, and other transactional communications. We may also send you marketing communications about our services, which you may opt out of at any time. (c) Site Improvement: To analyze how visitors use our Site, identify trends, and improve our Site's functionality, content, and user experience. (d) Security: To detect, prevent, and respond to fraud, unauthorized access, and other potentially illegal activities, and to protect the rights and safety of our users and third parties. (e) Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests. (f) Business Operations: To manage our business, including accounting, auditing, and internal reporting purposes. We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data based on the following legal grounds: (a) Contractual Necessity: Processing is necessary for the performance of a contract with you or to take pre-contractual steps at your request (e.g., preparing a project proposal). (b) Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our services, marketing, and fraud prevention, where such interests are not overridden by your rights and freedoms. (c) Consent: Where you have given us explicit consent to process your data for a specific purpose (e.g., subscribing to marketing emails). You may withdraw consent at any time by contacting us. (d) Legal Obligation: Processing is necessary to comply with a legal obligation to which we are subject.

Our Site uses cookies and similar tracking technologies to enhance your experience. These include: Essential Cookies: Required for the Site to function properly. These cannot be disabled without affecting Site functionality. Analytics Cookies: Help us understand how visitors interact with our Site by collecting anonymized usage data. We use Google Analytics, which uses cookies to collect information about your use of the Site. Google Analytics data is aggregated and anonymized. Functional Cookies: Remember your preferences and settings to provide a personalized experience. You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Please note that disabling certain cookies may affect the functionality of the Site. We do not use cookies for targeted advertising purposes. For more details, please see our Cookie Policy at subsource.org/cookies.

We may share your information with the following categories of third parties: (a) Service Providers: We engage trusted third-party companies to perform services on our behalf, including cloud hosting (e.g., AWS, Vercel), payment processing (e.g., Stripe), email services, and analytics. These providers are contractually obligated to protect your information and use it only for the purposes we specify. (b) Professional Advisors: We may share information with our attorneys, accountants, and other professional advisors as needed for legal, tax, and accounting purposes. (c) Legal Requirements: We may disclose your information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others. (d) Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have regarding your information. We do not sell your personal information to third parties. We do not share your information with third parties for their direct marketing purposes.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include: • Encryption of data in transit (TLS/SSL) and at rest • Access controls limiting data access to authorized personnel on a need-to-know basis • Regular security assessments and vulnerability testing • Secure coding practices in our development processes • Employee training on data protection and security best practices • Incident response procedures for potential data breaches While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard protections. In the event of a data breach that affects your personal information, we will notify you and applicable regulatory authorities as required by law.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including: • Contact form submissions: Retained for the duration of any resulting business relationship, plus three (3) years after the last interaction. • Client project data: Retained for the duration of the engagement, plus seven (7) years thereafter for legal and accounting purposes. • Website analytics data: Aggregated analytics data is retained indefinitely. Individual-level data is retained for twenty-six (26) months. • Marketing communications: Until you opt out or request deletion. When personal information is no longer needed, we will securely delete or anonymize it in accordance with our data retention policies.

Depending on your location, you may have the following rights regarding your personal data: (a) Right of Access: You may request a copy of the personal information we hold about you. (b) Right to Rectification: You may request that we correct inaccurate or incomplete personal information. (c) Right to Deletion: You may request that we delete your personal information, subject to certain legal exceptions (e.g., data required for legal compliance or contract performance). (d) Right to Restrict Processing: You may request that we limit how we use your personal information. (e) Right to Data Portability: You may request that we provide your personal information in a structured, commonly used, and machine-readable format. (f) Right to Object: You may object to the processing of your personal information for direct marketing or based on our legitimate interests. (g) Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing. (h) Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. To exercise any of these rights, please contact us at privacy@subsource.org. We will respond to your request within thirty (30) days, or within the timeframe required by applicable law.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA): • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share your data. • Right to Delete: You may request deletion of your personal information, subject to certain exceptions. • Right to Opt-Out of Sale: We do not sell your personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link on our Site. • Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond what is necessary to provide the Services. To submit a verifiable consumer request, contact us at privacy@subsource.org or call (801) 793-5456. You may designate an authorized agent to make a request on your behalf.

Our servers and service providers are primarily located in the United States. If you are accessing our Site or services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence. For transfers of personal data from the EEA or UK to the United States, we rely on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, to ensure that your data is protected in accordance with applicable data protection laws. By using our Site or providing your information to us, you consent to the transfer and processing of your data in the United States.

Our Site and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information promptly. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@subsource.org.

Our Site may contain links to third-party websites, services, or resources that are not operated or controlled by us. This Privacy Policy does not apply to third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. We are not responsible for the content, privacy practices, or security of any third-party websites or services.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Last Modified" date at the top of this page and, where required by law, provide additional notice (such as a prominent notice on our Site or email notification). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: Subsource Software LLC Email: privacy@subsource.org Phone: (801) 793-5456 For GDPR-related inquiries, you may also contact your local data protection authority.