Privacy policy.
What we collect, why we collect it, and what you can do about it.
Sourced Ltd ("Sourced", "we") is the data controller for personal data processed through polhia.com. This page is our plain-English privacy notice. The legal-shorthand version of the rights below comes from the UK GDPR and the Data Protection Act 2018.
What we collect.
Account data — your email address (the only identifier we require), the name and domain of the business you sign up to audit, and the editorial preferences you set in Settings (brand-voice samples, forbidden phrases, vocabulary).
Audit data — the verbatim text that the four LLM engines we monitor return when prompted with your buyer-intent queries. This is fetched from Anthropic, OpenAI, Google, and Perplexity directly using our API credentials, not yours.
Usage data — basic request logs (timestamp, path, status) retained for 30 days for debugging and security monitoring. No third-party analytics tracker is loaded on these pages.
Billing data — when you subscribe, Stripe collects your payment details directly; Sourced receives only the subscription identifier and plan status. We never see card numbers.
Why we collect it.
To deliver the contracted product — the weekly citation audit, the draft generation pipeline, and the publishing surface — and to comply with our tax and book-keeping obligations under UK company law.
Where it lives.
Convex (United States) for the operational database and edge cache; Vercel (United States and the European Union, depending on edge region) for the marketing and product front-end; Resend (United States) for transactional email delivery; Stripe (United States) for payment processing. We rely on the EU/UK Standard Contractual Clauses and each provider's UK-GDPR addendum for these international transfers.
How long we keep it.
Account and audit data for the duration of your subscription plus 12 months after cancellation, so we can restore your data if you change your mind. Billing data is retained as long as required by HMRC (currently six years). You can request earlier deletion at any time.
Your rights.
You can ask us for a copy of your data, ask us to correct it, ask us to delete it, object to specific processing, or withdraw consent for any non-essential processing. Email hello@polhia.com with the request and we'll respond within 30 days. You also have the right to complain to the UK Information Commissioner's Office (ico.org.uk).
Cookies.
We set one functional cookie pair on signed-in pages — the Convex Auth session token and refresh token, bothHttpOnly and Secure with the __Host- prefix. No marketing or analytics cookies are set. We do not need a cookie banner because we don't set any non-essential cookies.