Privacy Statement
(last updated: June 2026)
Download the full PDF Privacy Statement
Introduction
Welcome to Source.ag! Your privacy and the security of your personal data are very important to us. We therefore collect and manage your personal data with the utmost care and take specific measures to keep them secure. Below, you will find the main information regarding our processing of your personal data in relation to your use of our app, your browsing and interacting with our website (https://source.ag), leaving your contact details and other information and the use of our services.
We process your personal data in accordance with the data protection regulations, including the General Data Protection Regulation (GDPR). In this privacy statement, we explain what personal data we process for what purpose. We encourage you to read it carefully. If you have any questions, please contact us via info@source.ag.
Changes to this privacy statement
We reserve the right to modify this statement. We recommend that you consult this statement on a regular basis, so that you remain informed of any changes.
Data Controller
Source.ag B.V., with its registered office at Johan Huizingalaan 763A (1066 VH) in Amsterdam, the Netherlands (Source.ag or we) is responsible for all data processing described herein. Source.ag acts as a data controller for all such processing activities.
Collection and processing of personal data
Source.ag processes certain personal data to provide the services. We obtain personal data provided by our (potential) customers and, to a limited extent, automatically collect personal data as you use our services and browse our website. We only process personal data if we have a valid legal basis for that processing activity.
The categories of personal data that we collect and process are as follows:
Account data: We may process a (company) name, a telephone number, an e-mail address, a unique identifier, an IP-address, the session length, the operating system version, the configuration of the app and our other products when utilizing our services, and the time and date of your use of the services.
Personal data related to commercial inquiries and requests: We process your (company) name, a telephone number, email address and inquiry or request if you contact our customer service.
Contact details for non-commercial messages: We process your (company) name, a telephone number and email address for non-commercial messages, for example to inform you about updates to our services or to give you a demo of the software.
Billing and payment data: we process the (company) name, billing address, VAT number, bank account or other payment details, and invoicing history of our customers and their authorised contacts, in order to invoice and receive payment for our services.
Platform and usage data: where you use our platform as a customer (or as a user designated by our customer), we process your login credentials, user role, activity and interaction logs, preferences, and any content you submit to the platform, in order to provide and support the services.
Legal basis for processing
We only process your personal data in the presence of one or more of the lawful bases established by current legislation, and specifically:
On the basis of your consent: we may process your personal data where you have given your consent for one or more specific purposes (for example, subscribing to our newsletter or signing up for a webinar). You have the right to withdraw your consent at any time by contacting us at legal@source.ag; withdrawal does not affect the lawfulness of processing based on your consent before the withdrawal.
For the performance of a contract: we may process your personal data where this is necessary for the performance of a contract with you, or in order to take steps at your request before entering into a contract (for example, responding to a request for a demo, a quote or pre-contractual information).
For compliance with a legal obligation: we may process your personal data if such is necessary for compliance with a legal obligation to which we are subject, such as keeping records for tax purposes or providing information to a public body or law enforcement agency.
For our legitimate interest: we only process personal data based on our legitimate interests insofar as such processing is necessary to achieve our purposes. We do not use more data than necessary. Furthermore, we make a balance of interests on a case-by-case basis. Only if the legitimate interests prevail over your privacy interests or other interests or fundamental rights, will we base our processing on this legal ground. You can contact us for more information on the legitimate interests in relation to a specific processing operation.
Purpose of processing
We may use your personal data for the following purposes:
-To deliver and implement our services, including to set up and manage your account, to provide technical support and to ensure the services function correctly for you.
-To respond to any requests for help or support that you submit to us.
-To perform an agreement in which you have instructed us to provide our services. If you subscribe to our services, your contact and company details will be requested in any case. Other personal data may also be necessary for handling the request, depending on the subscription. Data of parties involved may also be processed.
-To invoice services provided.
-To comply with our legal obligations, such as the Dutch General State Tax Act, which requires us to process and retain certain personal data.
-To maintain contact with you.
-To prepare analyses.
-To improve and secure our website.
-To compile user statistics.
-To control access to the office and to protect security.
-To carry out audits.
-To perform evaluations.
-To respond to your queries or messages received from you via email correspondence, whether or not in connection with any of the above purposes.
We believe it is important to contact you with information that is relevant to you. To make this possible, we combine and analyze the personal data available to us. On this basis, we determine which information and channels are relevant and which moments are most suitable for providing information or establishing contact. This includes, where relevant, inviting you to webinars or product demonstrations and sending you related communications.
AI-assisted notetaking (Granola)
We use Granola to transcribe and summarise some scheduled online business meetings. We keep the transcript, summary and meeting metadata (date, time, duration, attendees) for a maximum period of 12 months and rely on our legitimate interest in keeping accurate records of business discussions. Granola acts as our processor under a DPA; transfers outside the EEA are covered by the 2021 EU Standard Contractual Clauses. You can object at any time, including at the start of any recording (which will contain a notification of the recording), or by emailing legal@source.ag.
Means of collection
We obtain the personal data as follows:
Provided by you. We use information you have actively provided to us. For example, if you contact us to obtain information about our services.
Automatically retrieved. We obtain some information about you in an automated manner. When you visit our website for example, we automatically obtain information about you via cookies. For more information on this, please see our Cookie Policy.
Third-party sources. We also obtain information about you from third parties. For example, we may request information about you or your company from public sources, such as the Trade Register of the Chamber of Commerce, or professional social media platforms like LinkedIn.
Derived. We may perform analysis on personal data about you. The resulting data can also qualify as personal data. For example, we may analyze which webpages on our website are visited most frequently.
Who has access to your personal data
Your personal data can only be accessed on a "need to know" basis by authorized persons at Source.ag. Outside the situations mentioned in this Privacy Statement, we do not disclose your personal data unless we deem it necessary to comply with our legal obligations, to protect our or others' rights.
Third Parties and cross-border transfers
We may share your personal data with the following categories of third-party service providers: cloud infrastructure and hosting providers, payment processors, CRM and sales tools, email and communication platforms, analytics and product usage tools, and AI-assisted productivity tools (such as Granola, described above). All such providers act as our processors under a data processing agreement.
Some of such third-party service providers operate outside the European Economic Area (EEA). Consequently, your personal data may be transferred to countries that do not offer the same level of data protection.
In these cases, we ensure your data remains protected by implementing appropriate safeguards. This includes relying on European Commission adequacy decisions or executing Standard Contractual Clauses (SCCs), supplemented by additional security measures based on a Transfer Impact Assessment.
Competent law enforcement, regulatory or government bodies
We may share personal data with third-parties if we are obliged to do so pursuant to a statutory provision or a decision of the court or supervisory body, or if this is necessary in the interest of preventing, detecting or prosecuting criminal offences (such as fraud or scams).
Children’s privacy
The services that Source.ag provides do not address anyone under the age of 16. We do not knowingly collect personal data from children under 16 years of age. If we discover that a child under 16 has provided us with personal data, we immediately delete this from our servers.
Security
We have taken technical and organisational security measures to protect your personal data from loss, destruction, manipulation and unauthorised access. All of our employees and all persons involved in data processing are obliged to comply with the data protection laws and to handle personal data confidentiality. In the case of collection and processing of personal data, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are constantly being revised in accordance with regulatory and technological developments.
We draw your attention to the fact that data transmission over the internet (e.g. e-mail communication) may involve security risks. It is not possible to protect such data completely from third-party access. We will, however, always process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Storage
Your personal data is stored on servers and in databases controlled by Source.ag. Source.ag stores your personal data on servers located in Frankfurt, Germany.
We retain your personal data for no longer than is necessary for the purposes for which it was collected, or as required by applicable law. The table below sets out our standard retention periods per category.
Category | Retention Period |
Account and platform data | Duration of the contract + 2 years after termination |
Commercial and non-commercial contact data | 2 years from the last contact, or until you withdraw consent |
Billing and payment data | 7 years (as required by Dutch tax law) |
Meeting Notes (Granola) | 12 months maximum |
Once a retention period expires, personal data is permanently deleted or anonymised.
Your privacy rights
You have a number of rights in relation to the personal data we process about you. In particular, you have the right to:
Access: obtain confirmation of whether we process personal data about you and, if so, receive a copy of that data together with information about the processing.
Rectification: have inaccurate personal data about you corrected, and incomplete personal data completed.
Erasure: ask us to delete your personal data in the circumstances set out in the GDPR, unless we are required or permitted to keep it (for example for tax, accounting or legal-defence purposes).
Restriction of processing: ask us to temporarily limit how we use your personal data, for example while we verify its accuracy.
Data portability: receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and have it transmitted to another controller, where the processing is based on consent or on a contract and is carried out by automated means.
Object to processing: object, on grounds relating to your particular situation, to processing based on our legitimate interests. You also have an absolute right to object to the processing of your personal data for direct marketing purposes.
Withdraw consent: where we process your personal data on the basis of your consent, you have the right to withdraw that consent at any time. Withdrawing your consent does not affect the lawfulness of processing based on your consent before it was withdrawn.
To exercise any of these rights, please send a request to legal@source.ag and indicate that it concerns a personal data request. We will respond to your request within one month, unless the request is particularly complex or we have received a large number of requests, in which case we may extend that period by up to two further months and will let you know. We do not charge a fee for exercising these rights, unless the request is manifestly unfounded or excessive.
Source.ag does not make automated decisions within the meaning of Article 22 GDPR.
Right to make a complaint
You can submit a complaint about the processing of your personal data. If we do not meet your request for access, rectification, objection, restriction, erasure or transfer of your personal data, you can submit a complaint with the Data Protection Authority in your country. In the Netherlands, the relevant authority is the Autoriteit Persoonsgegevens