PRIVACY POLICY (Individual Version)
Effective Date: February 8, 2026
Data Controller: Kulniev Roman, Individual Entrepreneur
Trading As: ProChinaSource
Contact: privacy@prochinasource.com
Registered Address: For address contact privacy@prochinasource.com
1. Introduction
I operate ProChinaSource as an individual entrepreneur (sole proprietor). This means I personally am responsible for the processing of your personal data on this B2B lead generation platform.
Legal Status: While I operate under the brand "ProChinaSource", legally this is a personal business activity. All obligations, liabilities, and responsibilities described herein apply to me personally as the data controller.
2. Data I Collect
2.1 Account Information
- Email address, full name/company name
- Role (Client or Provider)
- Business details (for B2B matching purposes)
2.2 Tender & Contact Data
When you post a tender, I collect contact details (email, phone, messenger IDs).
Important: This data is stored in secure cloud databases (Supabase) protected by industry-standard measures, but is not encrypted at the column level (see Section 5).
2.3 Technical Data
IP address, browser info, usage analytics (via Vercel/Supabase).
3. Legal Basis (GDPR)
As an individual processing data of EU residents, I rely on:
- Contract (account creation)
- Legitimate Interest (B2B lead generation — sharing contacts with paying Providers)
- Consent (email notifications, withdrawable anytime)
4. How I Share Your Data
4.1 With Other Users
When a Provider pays $10, I personally authorize the system to share your contact details with that specific Provider. This is the core service.
4.2 With Subprocessors (My Tools)
I use these services to operate the platform:
| Service | My Relationship | Your Data There |
|---|---|---|
| Supabase | Data hosting | Database storage |
| Paddle | Payment processor (they are Merchant of Record) | Payment data only |
| Resend | Email delivery | Email addresses |
| Vercel | Hosting | Access logs |
Note: These are business tools I use personally. They have their own Privacy Policies and DPA agreements with me.
5. Data Security & Important Disclosure
As an individual operator, I implement:
- TLS 1.3 encryption (data in transit)
- Strong passwords and 2FA on all accounts
- Access limited to me personally (no employees)
Critical Technical Limitation:
I do not currently use field-level encryption (Supabase Vault). Your email and contact details are stored in the database in a format that I, as the administrator, can technically access. While I never do this without legal necessity, you should understand that:
- I can see email addresses in the admin panel
- In case of a database breach, contact details would be exposed
- I am working on implementing column-level encryption in future updates
6. Your Rights
You have full GDPR rights (access, deletion, portability). To exercise them, email me personally at privacy@prochinasource.com. I will respond within 30 days as required by law.
Account Deletion: You can request deletion at any time. I will delete your data within 7 days, except:
- Purchase records (kept 7 years for tax authorities)
- Contacts already shared with Providers (cannot be deleted from their devices)
7. International Transfers
I may process data in:
- EU/US (Supabase/Vercel) — covered by Standard Contractual Clauses
- UK (Paddle payments)
As an individual, I rely on the same SCCs that companies use.