Notice: Revisions to the privacy policy are currently under discussion.
If you have any questions, please reach out to sr.ht-support via email.
The only data we require of your account is your email address; a username of your choosing, which must be unique among all users; and a password. Your email and username are stored in "plain text". Your password is stored after processing with bcrypt, from which the original password cannot be devised without a computationally expensive process. However, given your password, we can determine that it matches our stored key without expensive processing. The purpose of this step is to ensure that should our database become compromised, your original password will be difficult to recover. Regardless, you are strongly encouraged to use a unique password for your SourceHut account.
You may choose to give us additional information, which is shown publicly on the site. This includes:
You may omit or provide fictitious data for this information. The location shown on your profile is collected separately from your billing address, and may differ. (You may set your public location to "The Internet", for example, despite providing an accurate billing address).
You may be required to provide the following information in order to successfully operate some parts of the service, some of which may be used to uniquely identify you:
You may delete this information at any time by visiting your account details. If you provide a PGP key, you may choose to have email communications from SourceHut encrypted before being sent to you.
We also obtain some information from your client as you use our services and store it for up to 30 days:
Some of this information is available to you as an audit log. You are not able to delete this information. The purpose of this data collection is to inform both you and SourceHut of any unknown activity on your account. If we permitted deletion of this information, someone who obtains unauthorized access to your account would be able to delete it, too.
We also store various other kinds of information that you explicitly choose to give us, including (but not limited to):
If you choose to use our paid services, we will store a token which is used to bill your payment method. Information like your credit card number cannot be recovered from this token. We will also retain a copy of your billing records (e.g. invoices) for up to 7 years, even if you delete your account, in compliance with European law.
We also use cookies to store long-lived authorization data, to remember that you're logged into your account between visits without prompting you for your password again, and to store short-lived information, for example when filling out a form which requires several pages to complete.
Your data is primarily stored and processed on our servers in the Netherlands, which are owned and operated by SourceHut and colocated in a secured facility alongside other service providers. Under some circumstances, some or all of your data may be processed in other countries within the European Union on servers rented from European service providers on a temporary or ongoing basis.
Some of your personal data is stored in an encrypted form in the United States. This data is encrypted prior to transmission and is stored in an encrypted form, such that your personal data cannot be processed in the United States under any circumstances. The purpose of this system is for off-site backups, which SourceHut may use to restore data in the event of a systems failure in our European facilities.
Aside from information you choose to make public in the course of your use of SourceHut and information you explicitly choose to share with specific third parties, none of your information is shared with third parties.
We permit user-generated content to include images from and links to third-party sites. On pages displaying this content, information may be sent to these third-parties. This information includes:
We are not responsible for any additional information your client may send to these third parties.
If you use any of our paid services, we will transmit your payment information to a third-party payment processor, Stripe. You will be notified of this before the information is transmitted, and given an opportunity to prevent its transmission. We will be unable to provide you with paid services if you decline to transmit this information.
We may also be required to provide some or all of your account data upon receiving a lawful order from an applicable court with jurisdiction over SourceHut. We will notify you that we have received and complied with this order unless the order prohibits us from doing so.
You may submit a request via email to support to request an archive of the information we've collected about you, or to request that we remove any information we've collected about you.
You may also reach out to our data protection officer directly: Drew DeVault drew@ddevault.org.
We may make changes to this document with no less than 2 weeks notice. Notice of these changes will be sent to the email on file for your account.
commit 7044069582aac93e192bca8da8a6577b65c46109 Author: Drew DeVault <drew@ddevault.org> Date: 2025-07-09T12:07:29+02:00 Update billing-faq.md