This policy describes how sourcesChip (the public website at this domain and related services operated by us) collects and uses personal information when you browse our catalog, create an account, submit quote requests, or contact us. It reflects how our Django-based application is configured today.
1. Who we are
The website is operated by SourcesChip, an electronics sourcing / distribution related business. Contact details shown in the footer (address, phone, email, Teams link where configured) apply for general correspondence. You may also email us about privacy at rose@sourceschip.com.
2. Categories of personal information we process
Depending on how you use the site, we may process:
2.1 Account registration & profile
If you register or maintain a B2B catalog account, we store:
- Email address (used as your login identifier)
- First name and last name
- Company name
- Optional telephone country code (ISO-3166 alpha-2) and national telephone number
- Authentication credentials (password stored using secure hashing)
- Account management flags required by our staff/admin tooling (for example active/staff flags)
2.2 One-time codes sent by email
For registration and password flows we issue email OTP codes. We store a salted hash of each code together with purpose, timestamps and expiry — not the plaintext code — until the verification completes or the record expires.
2.3 Quote requests (“inquiries”)
When you submit a quote request through our catalog interface we collect:
- Contact email
- Optional first name, last name, company
- Optional telephone country code and national number
- Requested quantity and target price (USD)
- Optional message text
- Which catalog line item or free-text model reference you asked about
- If you are logged in: an association to your user record
- A structured copy of the submission payload as received by our servers (for troubleshooting and audit)
- Internal workflow fields visible only to authorised staff (status and internal notes)
2.4 Technical logs when you browse the public site
Where enabled, our servers record basic HTTP access metadata for ordinary GET requests on the public catalog, excluding common static/admin/API routes configured on our side. Typical fields include client IP address (truncated/normalised where applicable), requested path and query string, referrer header when sent by your browser, user agent string, timestamp and — if you are logged in — your user identifier.
To understand coarse geography for analytics we may derive country-level location from your IP address using an offline MaxMind GeoLite2 Country database processed on our infrastructure (no third-party “live lookup” API for that step). Private / reserved IPs are flagged accordingly without inferring a country.
2.5 Cookies & similar technologies
We use cookies that are typical for secure Django websites and our catalogue UX:
- Session cookie — keeps you signed in where applicable.
- CSRF cookie — prevents cross-site request forgery on forms and AJAX submissions.
scpfp— a browser-stable pseudonymous fingerprint cookie used solely to enforce fair-use browsing limits on the public parts listing (/parts/) together with your IP address; the cookie value is not intended to identify you personally.
Rate-limit counters may be stored in our Redis-backed cache keyed by hashed bucket identifiers derived from IP + fingerprint slot, with a rolling TTL aligned to UTC calendar days — not a durable browsing history log on its own.
2.6 Staff-only operations console
Authorised employees authenticate through a separate console API using industry-standard tokens. Access is restricted to accounts explicitly marked as staff. Console usage may generate ordinary server logs where configured by hosting.
3. Purposes and lawful bases
We process personal information to:
- Respond to quote requests and operate sales workflows (performance of a requested commercial contact).
- Create and maintain accounts, authenticate users and secure credentials.
- Operate and secure the website, including abuse prevention (rate limiting), troubleshooting and fraud prevention.
- Analyse aggregated traffic at URL/country level for operational insight.
- Meet legal obligations where applicable (for example records retention tied to contracts or regulation).
Where EU/UK GDPR concepts apply, we rely — as appropriate — on contract necessity, legitimate interests that are not overridden by your rights, and consent where we expressly ask for it.
4. Sharing & processors
We do not sell personal information.
We share data only as needed to run the service: hosting/infrastructure providers, transactional email delivery for OTP and operational mail, and authorised personnel using internal tools. Third parties process personal information solely under appropriate contractual assurances where required by law.
5. International transfers
Our servers and backups may be located outside your country of residence. Where GDPR applies we implement safeguards consistent with regulatory guidance (such as Standard Contractual Clauses or equivalent mechanisms) together with infrastructure vendors where relevant.
6. Retention
We retain personal information only as long as necessary for the purposes above, unless a longer period is required by law or legitimate dispute resolution. Technical logs and inquiry records follow operational schedules defined internally and may be archived or deleted after relevant cooling-off periods. Cache entries used for daily browsing counters expire automatically within roughly twenty-four hours after UTC midnight boundaries.
7. Security
We implement administrative and technical measures appropriate to the risk — HTTPS transport encryption on production environments, password hashing, access controls on operator tooling and segregation between public catalogue vs console endpoints. No security programme can guarantee absolute protection; please use unique passwords for your account.
8. Your rights
Depending on where you live you may have rights to access, rectify, erase, restrict or object to certain processing, and — where consent was the basis — to withdraw consent. EU/UK residents may lodge complaints with their supervisory authority. Contact us using the details above and we will respond within reasonable timelines prescribed by applicable law.
9. Third-party websites
Our catalogue may reference manufacturer datasheet URLs or external documentation links. Opening those links is governed solely by the respective third-party privacy notices.
10. Changes
We may update this policy when features or regulations change. Material updates will be reflected by revising the effective date at the top of this page.
Disclaimer: This document explains our practices in plain language but does not constitute legal advice. Adapt retention timelines or lawful bases with counsel if your organisation faces sector-specific regulatory regimes (export controls, SEC filings, medical devices, etc.).