Privacy Policy

1. Introduction

Source Engineering Services, LLC ("Source", "Company", "we", "us", "our") respects your privacy and is committed to protecting it through our compliance with this policy. This Privacy Policy ("Policy") describes the types of information we may collect or that you may provide when you visit our website (the "Site") or engage with us in connection with our engineering design services (the "Services"), and our practices for using, maintaining, protecting, transferring and disclosing that information. By accessing or using the Site or engaging our Services, you agree that you have read this Policy and consent to our collection, use and disclosure of your information as described herein. If you do not agree with this Policy, please do not use the Site or engage in our Services.

This Policy is intended to cover compliance with both:

• EU/EEA data protection laws (including GDPR) when we process personal data of individuals in the European Economic Area ("EEA"); and
• U.S. federal and state privacy laws (including CCPA and other laws as applicable) when we process personal data of U.S. residents.
• Indian law, specifically the Digital Personal Data Protection Act, 2023 (DPDP Act) and other relevant Indian data protection and IT laws when we process personal data of individuals in India or in relation to activities in India.

2. Scope of this Policy

This Policy applies to personal information collected or processed by Source in connection with the Site and our Services, whether you are a client, prospective client, vendor, consultant, job applicant, website visitor or other individual providing information to us.

Note: Source does not offer products for sale, subscription-based services, or a mobile application. Our business is strictly the provision of engineering design services via our Site and through client engagements. Accordingly, references to "Services" in this Policy relate to our service provision and related interactions.

3. Data Controller / Responsible Entity

For the purposes of processing personal data via the Site and in connection with our Services, the entities responsible are:

1. Source Engineering and Technology Services Private Limited, a company incorporated under the Companies Act, 2013 (CIN: U74900KA2010PTC054281), whose registered office is at No 32, 2nd Floor, 1st Main Road, 3rd Phase, J.P. Nagar, Bengaluru 560078, Karnataka, India ("India Controller").
2. Source Engineering Services, LLC, a company incorporated in the State of California, USA, with its principal office at 2880 Zanker Road #203, San Jose, CA 95134, USA ("US Controller").

The India Controller is primarily responsible for operations of the website and the collection of personal information via the Site. Data may be transferred to and processed by the US Controller for the purposes of global service delivery, business operations, analytics, and support. Each entity acts as a controller (or joint controller) depending on the region and purpose of processing.

If you are in the EEA, India or United States, and you wish to exercise your rights under applicable data protection laws (e.g., GDPR, India's Digital Personal Data Protection Act, CCPA), you may contact either of the above entities at the contact details set out in the "Contact Information" section of this Privacy Policy.

4. Information We Collect and How We Collect It

4.1 Information You Provide to Us

When you contact us, register to engage our Services (for example by submitting a project brief, enquiry form), or otherwise interact with us, you may provide personal information by which you may be identified ("Personal Information"). This may include:

• Name, telephone number, postal address, email address, employment history, education history, gender, tax ID number, Social Security number (if applicable), bank account information (for payment/invoicing), credit card information (if required for invoicing), and any other information by which you may be contacted or identified online or offline.
• Information you provide by filling in forms on the Site (for example: enquiry forms, job application forms).
• Details of our engagement with you: e.g., scope of Services, contract or agreement details, billing/invoicing details, correspondence records (including e-mail addresses and phone numbers).
• Your responses to surveys or feedback requests may be sent to you for quality improvement or research purposes.

5. Use of Personal Information

We use your Personal Information for the following business and operational purposes:

• To send you confirmations, invoices or billing information, technical notices, security alerts, support, and administrative messages.
• To operate, maintain, and improve our Site and the Services we provide.
• To respond to your comments and questions, provide client service and support.
• To communicate about our services, upcoming events or selected partner offerings, subject to your marketing consent where required.
• To protect, investigate, and deter fraudulent, unauthorized or illegal activity.
• To provide and deliver the engineering design services you have requested, manage our engagement, invoice, and receive payment.

6. Legal Basis for Processing (EEA / GDPR)

For individuals in the EEA, when we process personal data, we rely on one or more of the lawful bases under the GDPR:

• The processing is necessary for the performance of a contract with you (for example to deliver services you have engaged us for).
• The processing is necessary for our legitimate interests (provided that your rights and freedoms are not overridden) — for example business operations, improving our Services, marketing (where permitted), fraud prevention.
• The processing is based on your consent, where required (for example, for marketing communications).
• The processing is necessary to comply with a legal obligation or to protect vital interests.

We will identify the specific lawful basis for processing in any particular context when required by law.

7. Additional Legal Basis / Obligations (India / DPDP Act)

When we process digital personal data of individuals in India, we recognize the obligations under India's Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable Indian laws. Key obligations include:

• Ensuring the processing is for a lawful purpose, clearly communicated to the individual whose data is processed.
• Obtaining the individual's consent or other permissible legal basis as required under Indian law.
• Ensuring individual rights (access, correction, erasure, withdrawal of consent) are respected as required under Indian law.
• Ensuring cross-border transfers of data are effected with necessary safeguards (and adhering to any localization or restricted-destination requirements).
• Ensuring retention of personal data is only for the period necessary for the purpose, after which it must be deleted or anonymized.

8. Sharing of Personal Information

We may share your Personal Information in the following circumstances:

• With your consent (for example if you ask us to share your information with a third party for marketing or other purposes). In those cases, the third-party's privacy policy will apply.
• In connection with a business transaction involving all or part of our business or assets (such as a merger, acquisition or financing). Disclosed information in that context may be aggregated or anonymized to protect individual identities.
• To respond to lawful requests or legal processes (for example subpoenas, court orders, regulatory requests) under U.S., EU/EEA or Indian law.
• To protect the rights, property or safety of Source, our agents, clients or others — including enforcing our agreements, policies and Terms of Use.
• In an emergency, to protect the safety of any person.
• With service-providers, subcontractors or partners who perform work for us (such as hosting providers, payment processors, auditors). We require these parties to keep the information confidential and use it only for the purposes we permit.
• We may also share aggregated and/or anonymized data (which does not identify you) with others for their own uses.

9. International / Cross-Border Data Transfers

Because our Services and Site may operate globally (or involve international engagement), we may transfer Personal Information to countries other than the one in which the data was originally collected. These countries may not have the same data protection laws as your country of residence.

Where such transfers occur, we will protect your information as described in this Policy, and when required by law (including GDPR or Indian law) we will implement appropriate safeguards (for example standard contractual clauses, binding corporate rules or equivalent).

If you are a resident of the EEA, we will inform you when transfers outside the EEA are made and the safeguards applied.

If your data is processed under Indian law, we will ensure any necessary localization or restricted-destination rules are observed.

10. Data Retention

We retain your Personal Information only for as long as we have a legitimate business need for it (for example, to fulfill the services you requested, complete invoicing, or comply with legal, tax or accounting obligations). Once we no longer have such a purpose, we will either delete your data or anonymize it. If immediate deletion is not possible (for example because the data has been archived), we will retain the data securely and isolated from further processing, until deletion becomes possible.

11. Your Rights

For individuals in the EEA (under GDPR):

You have rights including (depending on circumstances): the right to be informed about how your data is processed; the right of access to your data; the right to rectification; the right to erasure (under certain conditions); the right to restrict processing; the right to data portability; the right to object to processing (including for direct marketing); the right to withdraw consent. You also have the right to lodge a complaint with a supervisory authority.

To exercise any of these rights, please contact us at [Info@source-es.com].

For individuals whose data is processed in India (under the DPDP Act):

You have rights including (depending on circumstances): right to obtain confirmation of whether your data is being processed; right to access your personal data; right to correction or erasure; right to restrict processing; right to data portability; right to withdraw consent; and right to lodge a complaint with the relevant authority in India.

To exercise your rights, please contact us at [Info@source-es.com].

For U.S. residents (including California under CCPA):

If you are a California resident or a resident of another U.S. state with similar laws, you may have rights such as: the right to request disclosure of categories of personal information we collected, the right to request deletion of your personal information (subject to applicable exceptions), the right to opt-out of the sale (or sharing) of personal information (if applicable), and the right not to receive discriminatory treatment for exercising your rights. If you are a California resident and wish to exercise such rights, please contact us at [info@source-es.com].

12. Security of Your Personal Information

We take the security of your Personal Information seriously. We implement administrative, technical, and physical safeguards designed to protect your information from unauthorised access, disclosure, alteration, or destruction. When you submit sensitive information (such as bank or credit-card details) via the Site or via secure communications, we use encryption (for example SSL/TLS). However, please note that no method of transmission over the internet or method of electronic storage is completely secure.

If you use a password (in contexts where you register or log in), you are responsible for keeping it confidential. Do not share it with others. If you believe your password has been compromised or someone has accessed your account without authorization, please notify us immediately at [info@source-es.com].

13. Children's Privacy

Our Site and Services are not directed to children under the age of thirteen (13). We do not knowingly collect Personal Information from children under 13. If we become aware that we have collected Personal Information from a child under 13, we will delete such information. If you believe that a child under 13 has provided us with Personal Information, please contact us at [info@source-es.com].

14. Cookies and Similar Technologies

We do not use cookies or similar tracking technologies to collect user information on the Site. The Site may rely on strictly necessary technical functions (e.g., for stable delivery of web pages) but we do not link such functions to personally identifiable information, nor use cookies for analytics, behavioral profiling, advertising or third-party tracking. If your browser blocks or declines cookies, your access to the Site will not be materially affected.

15. Choices About Your Information

• You may browse our Site without registering or providing personal information (subject to normal website use).
• You may opt out of receiving promotional or marketing communications from us by following the unsubscribe instructions in the email or by contacting us at [info@source-es.com]. Even if you opt out of marketing communications, we may still send you transactional or service-related communications (for example regarding your engagement with us).
• Where required by law, you may opt out of certain processing (such as direct marketing) or object to our processing of your personal information.

16. Updates to this Policy

We may revise or update this Policy at any time. When we make changes, we will update the "Last Updated" date at the top of this Policy and may notify you (for example via email if you have provided one). We encourage you to review this Policy each time you visit our Site or engage in our Services so that you understand how we collect, use and protect your information.

17. Contact Information

If you have any questions, comments or requests about this Privacy Policy or our data practices, or wish to exercise your rights under applicable laws, please contact us at: