Summary: We collect only what is needed to provide the service. Your scanned cards, receipts, and voice notes are yours. We store them on EU servers. Trial data is deleted after 90 days; Pro data after 12 months. You can export or delete your data at any time.
1. Who We Are
SourceTrip Pro ("we", "us", "our") is a software service operated by Ann-Marie Prekebena, trading as SourceTrip Pro. We are the data controller for the personal data processed through this application.
Contact us at any time: hello@sourcetrippro.app
2. What Data We Collect
Data you provide directly
- Account data — your name, email address, and username, provided at sign-up via Whop
- Business card images — photos you upload for scanning
- Voice recordings and transcripts — audio and text from voice notes you record
- Receipt images — photos of receipts you upload for scanning
- Contact records — supplier details extracted from cards, edited by you
- Notes — free-text notes you enter manually
- Trip names and dates — trip organisation data you create
- Home currency preference — your selected currency for expense conversion
Data collected automatically
- Usage data — scan counts, feature usage, error events (via Sentry)
- Payment data — handled entirely by Whop. We do not receive or store card numbers or bank details
3. How We Use Your Data
| Purpose | Data used | Legal basis |
|---|---|---|
| Provide the service — OCR extraction, AI processing, currency conversion | Card images, receipt images, voice recordings | Contractual necessity |
| Store and retrieve your records | All contact, receipt, and trip data | Contractual necessity |
| Send transactional emails (welcome, data deletion warnings) | Email address, username | Contractual necessity |
| Enforce scan limits and tier access | Account data, scan counts | Contractual necessity |
| Monitor errors and fix bugs | Error events, usage data (anonymised) | Legitimate interest |
| Comply with GDPR data retention obligations | All data | Legal obligation |
4. Third-Party Services
To deliver SourceTrip Pro, we work with a small number of carefully selected third-party service providers. These providers support us with functions including data storage, payment processing, email delivery, and application infrastructure.
Each provider is engaged under a Data Processing Agreement or equivalent contractual safeguard. They are permitted to process your data only for the specific purpose for which they are engaged, and may not use it for their own purposes.
Where providers are located outside the UK or EEA, we ensure appropriate safeguards are in place — including Standard Contractual Clauses (SCCs) approved under UK GDPR — to protect your data during any international transfer.
Your payment card details are handled entirely by our payment provider. We never receive, see, or store them.
You may request the full list of named sub-processors at any time by emailing hello@sourcetrippro.app. We will respond within 30 days.
5. Data Retention
We retain your data according to your membership tier:
- Trial accounts — contacts and receipts are retained for 90 days from the date each record was created. You will receive an email 7 days before any data is due to be deleted.
- Pro accounts — contacts and receipts are retained for 12 months from the date each record was created.
- After account deletion — all data is permanently deleted within 30 days, including from backups.
Upgrading from Trial to Pro before the 90-day window extends retention immediately. Data already deleted cannot be recovered.
6. Your Rights (UK GDPR)
As a UK resident, you have the following rights regarding your personal data:
- Access — request a copy of all data we hold about you
- Rectification — correct inaccurate data (most fields are editable directly in the app)
- Erasure — request deletion of your account and all associated data via Settings → Delete Account
- Portability — export your contacts and receipts to CSV at any time from within the app
- Restriction — request we limit processing of your data in certain circumstances
- Objection — object to processing based on legitimate interest
To exercise any of these rights, email hello@sourcetrippro.app. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
7. Data Security
We take appropriate technical and organisational measures to protect your data:
- All data in transit is encrypted via TLS
- All data at rest is encrypted using AES-256 by our storage provider
- Row-level security policies ensure each user can only access their own data
- Signed URLs with short expiry are used for all file access — no files are publicly accessible
- API keys and secrets are stored server-side only, never exposed to the client
8. Cookies
SourceTrip Pro is delivered as a web application inside the Whop platform. We use session cookies for authentication only. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
9. Children's Privacy
SourceTrip Pro is intended for business users aged 18 and over. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email. The "last updated" date at the top of this page reflects the most recent version.
11. Contact
For any privacy-related questions or requests:
SourceTrip Pro
Email: hello@sourcetrippro.app