What we collect, and what we don’t.

Search queries. When you ask Sumber a question, the text of the query is logged so we can see what people look for and prioritise which datasets to ingest next. Your IP address is HMAC-hashed before storage — we keep the hash for rate-limiting and abuse-prevention, not the raw address. We do not attach your identity to a query.

Notify-me email. If you give us an email on an uncovered-query card, we store it to send you a confirmation and to let you know if we add coverage for what you asked. We hash the submitting IP the same way.

Usage analytics. We use Plausible — a privacy-friendly analytics service that is cookieless, sets no persistent identifiers, and collects no personal data. It records aggregate page views and a few interaction events (e.g. that a search happened), never tied to an individual.

Admin authentication. Staff sign-in uses Clerk. This applies only to Sumber operators — public visitors never authenticate and we set no auth cookies on the public site.

Queries drive our coverage backlog — what to scrape next. Emails are used solely to reply to you about coverage. Hashed IPs guard against abuse and enforce rate limits. Analytics tell us which pages and features are used, in aggregate. We do not profile visitors, run advertising, or sell or rent any data.

Sumber runs on a small set of sub-processors, each handling data only to provide their service:

• Neon — managed Postgres (database), Singapore region.
• Vercel — web hosting + serverless functions.
• Railway — data-ingestion workers.
• Resend — transactional email (notify-me confirmations).
• Plausible — cookieless analytics.
• Clerk — admin authentication (operators only).

Under Indonesia’s Personal Data Protection Law (UU 27/2022) and the GDPR (Art. 6) where applicable, we process: query logs and hashed IPs on the basis of legitimate interest (running and improving the service, preventing abuse); and notify-me emails on the basis of your consent, given when you submit the form. You can withdraw consent at any time (see Your rights).

Anonymised query logs are retained to inform coverage decisions. Notify-me emails are kept until you ask us to remove them or until they are no longer needed for the purpose you gave them. Hashed IPs are retained only as long as needed for abuse-prevention and rate-limiting.

You can request access to, correction of, or deletion of any personal data we hold about you (in practice: a notify-me email), and you can withdraw consent for future contact. Email us and we’ll action it. Because public queries are stored without identity and IPs are hashed, we generally cannot link a query back to an individual.

Questions or requests about your data: hello@sumber.io. We may update this policy as the service evolves; material changes will be reflected here with a new effective date.