Legal · Privacy

Privacy Policy

We take the privacy of your personal information seriously. This policy explains exactly what we collect, why, and how we protect it.

Effective: 1 May 2026
Last updated: 1 May 2026
Jurisdiction: Hong Kong SAR
Contents
  1. Who We Are
  2. Information We Collect
  3. How We Use Your Information
  4. Sharing Your Information
  5. Data Retention
  6. Your Rights
  7. Security
  8. Cookies
  9. International Transfers
  10. Contact Us
1

Who We Are

SourcInspecify ("we", "us", "our") is a China supplier verification and factory audit firm. We provide financial-grade due diligence services to overseas importers sourcing products from Chinese manufacturers. Our services include supplier background checks, sample reception and review, pre-order factory inspections, in-progress quality control, pre-shipment assurance audits, and seasonal audits.

For the purposes of applicable data protection law, SourcInspecify is the data controller of the personal information described in this policy.

Quick summary: We are a professional services firm, not a data business. We collect only the information we need to deliver your audit and communicate with you about it.

2

Information We Collect

Information you provide directly

When you submit a consultation request, place a service order, or communicate with us, we collect:

  • Identity data: your full name, job title, and company name
  • Contact data: email address, phone number (if provided), and messaging handles (e.g. WhatsApp)
  • Order data: the services you request, your supplier's name and location, order value range, and any product specifications you share
  • Payment data: billing address and transaction reference. We do not store payment card numbers — card processing is handled by our payment provider
  • Communication data: the content of emails, messages, or form submissions you send us

Information collected automatically

  • Usage data: pages visited, time on site, referring URL, browser type, and device type
  • Technical data: IP address, approximate geographic location (country/region level), and session identifiers

Information we do not collect

We do not collect sensitive personal data such as racial or ethnic origin, health information, financial account details beyond transaction references, or information about children.

3

How We Use Your Information

Purpose Information used Legal basis
Deliver your service — conduct audits, prepare reports, communicate findings Identity, contact, order data Contract performance
Process payment — issue invoices, process transactions, handle refunds Identity, contact, payment data Contract performance
Respond to enquiries — answer questions before or after an order Identity, contact, communication data Legitimate interests
Improve our services — analyse usage patterns and service quality Usage, technical data (aggregated) Legitimate interests
Legal obligations — retain records as required by law, respond to lawful requests All categories where applicable Legal obligation
Marketing communications — occasional service updates or relevant content (only with your consent) Identity, contact data Consent (opt-in only)

We will never sell your personal data to third parties or use it for any purpose not listed above.

4

Sharing Your Information

We share your information only in the following limited circumstances:

Service partners

  • Payment processors — to process your order payments securely (e.g. Stripe). These processors are PCI-DSS compliant and bound by strict data processing agreements
  • Email service providers — to deliver transactional emails such as order confirmations and report delivery notifications (e.g. Brevo / Sendinblue)
  • Cloud infrastructure — our website and data are hosted on servers maintained by reputable providers with appropriate security certifications

On-the-ground audit teams

To conduct your supplier audit, our field team in China will need to know the name and address of your supplier. We share only the minimum information necessary for the audit to be carried out. Our auditors are bound by confidentiality obligations.

Legal disclosure

We may disclose your information if required by law, court order, or governmental authority. We will notify you where legally permitted to do so.

Your supplier's information is treated as confidential. Any details you share about your supply chain, sourcing strategy, or supplier relationships will not be disclosed to any third party beyond what is necessary to conduct your audit.

5

Data Retention

We retain your personal information only as long as necessary for the purposes it was collected:

  • Client records and audit reports: 5 years from the date of service, to support any follow-up, dispute resolution, or regulatory requirement
  • Financial transaction records: 7 years, as required by applicable tax and accounting law
  • Marketing consents: until you withdraw consent or unsubscribe
  • Website analytics data: 26 months from collection, after which it is aggregated or deleted
  • Enquiry records (non-clients): 12 months from the date of last contact

When retention periods expire, data is securely deleted or irreversibly anonymised.

6

Your Rights

Depending on your location, you may have the following rights regarding your personal data. We honour these rights regardless of where you are based.

  • Access: request a copy of the personal data we hold about you
  • Correction: ask us to correct inaccurate or incomplete data
  • Erasure: ask us to delete your data where we no longer have a lawful basis to hold it
  • Portability: receive your data in a structured, commonly used format
  • Object: object to processing based on legitimate interests, including direct marketing
  • Restriction: ask us to pause processing while a dispute is resolved
  • Withdraw consent: withdraw marketing consent at any time without affecting prior processing

To exercise any of these rights, contact us at the details in Section 10. We will respond within 30 days. We may ask you to verify your identity before processing your request.

7

Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include:

  • TLS encryption for all data in transit between your browser and our servers
  • Access controls limiting data access to team members who need it to perform their role
  • Confidentiality obligations binding all staff and audit partners
  • Regular review of security practices

No data transmission over the internet is entirely secure. If you believe your interaction with us has been compromised, please notify us immediately.

8

Cookies

Our website uses a small number of cookies to function correctly and improve your experience.

Cookie typePurposeDuration
Essential Required for the site to function — session management, security tokens Session / 1 year
Analytics Google Analytics — aggregate page view data to improve content and navigation (anonymised IP) Up to 26 months
Functional Remember your preferences (e.g. language, modal dismissal) Up to 1 year

You can control cookies through your browser settings. Disabling non-essential cookies will not affect your ability to use our services.

9

International Data Transfers

SourcInspecify operates globally. Your data may be processed in China (where our audit operations are based), Hong Kong SAR, and the country where our hosting infrastructure is located. When transferring data internationally, we ensure adequate protections are in place through contractual safeguards and by using only reputable service providers with appropriate certifications.

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with cross-border transfer restrictions, we rely on Standard Contractual Clauses or equivalent mechanisms to lawfully transfer your data.

10

Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have a concern about how we handle your data, please contact us:

Company SourcInspecify
Email info@sourcinspecify.com
Response time Within 30 days

This Privacy Policy may be updated from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We recommend reviewing this page periodically.