What we collect, what we don't, and what we do with it.
The Source Biome Project (“we,” “us,” “our”) is a 501(c)(3) community-funded nonprofit organization. Atlas is our first product. This Privacy Policy describes the limited information we collect when you sign up for the Atlas beta waitlist or contact us, how we use it, and what your rights are.
This is our pre-launch policy and covers only what we collect today: an email address you give us, optional contact form messages, and basic diagnostic data. A more detailed Privacy Policy will replace this one when Atlas launches and begins handling microbiome test data and journal entries.
1. What we collect
When you sign up for the Atlas beta waitlist, we collect:
- Email address — provided by you.
- Source — which form on our site you used to sign up (e.g., hero-form, join-form). Helps us understand which parts of the site work.
- User agent — your browser and device string, for diagnosing technical issues.
- Timestamp — when you signed up.
When you submit a Contact form, we additionally collect:
- Name
- Subject (optional)
- Message
2. What we do not collect
- Your IP address (we may add IP-based geo-blocking before public launch; this policy will be updated then)
- Cookies or tracking pixels of any kind
- Behavioral analytics or session replay
- Microbiome test data, journal entries, or other product data — Atlas is not yet live; when it is, a separate, more detailed Privacy Policy will govern that data
- Information from third-party data brokers
3. How we use what we collect
We use your email and signup data only to:
- Notify you when your beta seat is ready
- Send occasional project updates if you have not opted out
- Respond to messages you send us
- Diagnose technical problems (user agent only)
That is the entire list. We do not use your data for any other purpose.
4. What we will never do
- Never sell your data. Individual-level information is not for sale to anyone, for any reason. This is a foundational commitment we will not break.
- Never share with advertisers. We do not run ads, and we do not work with advertising platforms.
- Never use signup data to train AI models. Your email and contact messages are not training data.
- Never combine your email with data from other sources to build a profile of you.
5. Where your data lives
Your data is stored in two places, both of which act as data processors on our behalf:
- Supabase (database and authentication). SOC 2 Type II compliant. Data is stored in the United States and encrypted at rest and in transit.
- Vercel (web hosting). SOC 2 Type II compliant.
We do not share your data with any third party beyond these two infrastructure providers, and they are contractually prohibited from using it for their own purposes.
6. Your rights
Regardless of your jurisdiction, you have the right to:
- Access — request a copy of the data we have on you
- Correct — fix anything that is inaccurate
- Delete — have your data permanently removed
- Withdraw consent — opt out of communications and remove yourself from the waitlist at any time
- Portability — receive your data in a structured, machine-readable format
To exercise any of these rights, email privacy@sourcebiome.org. We respond within 30 days. There is no charge.
6.1 California residents
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the additional right to know what categories of personal information have been collected and the right to opt out of any “sale” or “sharing” of personal information. We do not sell or share personal information as defined under California law. To make a request, email privacy@sourcebiome.org.
6.2 European Economic Area, United Kingdom, Switzerland
Under the EU and UK General Data Protection Regulations (GDPR), you have additional rights including the right to lodge a complaint with your local data protection authority. The lawful basis for processing your email is your consent (you provided it when signing up); you may withdraw consent at any time. The Source Biome Project is the data controller; Supabase and Vercel are the data processors. To exercise any GDPR right, email privacy@sourcebiome.org.
7. Children
The Source Biome Project is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has signed up, contact privacy@sourcebiome.org and we will delete the data.
8. Data retention
We retain signup data until the earliest of:
- You request deletion
- You unsubscribe and explicitly request that your record be removed
- Five years from your most recent interaction with us
Contact form submissions are retained for up to two years to handle follow-up correspondence, then deleted.
9. Security
Data is encrypted in transit (TLS) and at rest (AES-256 at the database layer). Access to the production database is restricted to a small number of authorized team members. We will notify affected users without undue delay if we discover a security breach involving their personal information, consistent with applicable law.
10. Changes to this policy
We may update this Privacy Policy as the project evolves. We will note the last-updated date at the top of the page. Material changes will be communicated by email to anyone whose data we hold. Continuing to use the site after a change means you accept the updated policy.
11. Governing law
This Privacy Policy is governed by the laws of the State of Wyoming, without regard to its conflict-of-law provisions. Any dispute arising out of or relating to this policy shall be resolved in the state or federal courts located in Wyoming.
12. Contact
For privacy questions or to exercise your rights, email privacy@sourcebiome.org.
For everything else, email hi@sourcebiome.org.