SourcingHubSourcingHub
Sign in
Back

Acceptable Use Policy & Data Processing Addendum

Effective date: 30 de junio de 2026

This Acceptable Use Policy and Data Processing Addendum ("AUP/DPA") are published by SourcingHub, operated by the following responsible party:

  • Name: José Antonio Villazón Maroney
  • Tax status: persona física con actividad empresarial
  • RFC: VIMA920403DQA
  • Tax regime: Régimen de las Actividades Empresariales en Plataformas Tecnológicas
  • Registered address: Av. Camino Arenero 150, Int. A-108, Col. San José Río Hondo, C.P. 53810, Naucalpan de Juárez, Estado de México
  • Contact: javillazon92@gmail.com

Part A — Acceptable Use Policy

This Acceptable Use Policy ("AUP") supplements the Terms of Service. Violations may result in suspension or termination without refund.

Prohibited content and conduct

  • Illegal activity, including fraud, money laundering, sanctions evasion or corruption.
  • Generation of malware, exploits or content designed to compromise systems.
  • Child sexual abuse material, non-consensual intimate imagery, or content sexualizing minors.
  • Targeted harassment, threats, hate speech or content inciting violence against protected groups.
  • Disinformation campaigns, deepfakes impersonating real people without consent, or election manipulation.
  • Unauthorized practice of law, medicine or any regulated profession as the sole source of advice.
  • Processing of sensitive personal data (health, biometrics, sexual orientation, etc.) without a valid legal basis under the LFPDPPP.
  • High-risk uses such as critical infrastructure, weapons systems, or fully automated decisions with legal effects on individuals without human oversight.

Technical restrictions

  • No reverse engineering, scraping or model extraction.
  • No circumvention of rate limits, quotas or credit costs.
  • No use of the Service to build a competing AI product.

Reporting abuse

Report violations to javillazon92@gmail.com with sufficient detail to investigate.

Part B — Data Processing Addendum (DPA)

This DPA applies when you (the "Controller") use the Service to process personal data and we act as Processor on your behalf. It is incorporated by reference into the Terms of Service.

1. Subject matter and duration

We process personal data only to provide the Service, for as long as your account remains active and during legally required retention periods.

2. Nature and purpose

Hosting, storage, transmission and AI-based analysis of documents and prompts submitted by the Controller.

3. Categories of data and data subjects

As determined by the Controller. The Service is not intended for sensitive personal data under the LFPDPPP. The Controller must avoid uploading such data unless strictly necessary and with a valid legal basis.

4. Obligations of the Processor

  • Process personal data only on the documented instructions of the Controller.
  • Ensure persons authorized to process personal data are bound by confidentiality.
  • Implement appropriate technical and organizational security measures.
  • Assist the Controller in responding to ARCO requests and security incidents.
  • Notify the Controller without undue delay (and in any case within 72 hours) of any confirmed personal data breach affecting their data.
  • At the choice of the Controller, delete or return personal data at the end of the relationship, subject to legal retention obligations.

5. Subprocessors

The Controller authorizes the subprocessors listed in the Privacy Policy. We remain responsible for their compliance with this DPA. We will give reasonable notice of any change of subprocessor.

6. International transfers

Where personal data is transferred outside Mexico, we rely on the exceptions under article 37 of the LFPDPPP, in particular transfers necessary to perform the contract between the Controller and the data subject and/or the contract between the Controller and the Processor.

7. Audits

Upon reasonable written request and no more than once per year, we will provide a reasonable summary of our security controls. On-site audits are not available; equivalent information may be requested by email.

8. Liability and governing law

Liability under this DPA is subject to the limitations set out in the Terms of Service. This DPA is governed by Mexican law and the tribunales competentes de la Ciudad de México, renunciando a cualquier otra jurisdicción que por razón de domicilio presente o futuro pudiera corresponder a las partes.

Contact

DPA requests: javillazon92@gmail.comJosé Antonio Villazón Maroney, México.

This page is maintained by the app owner. It is not legal advice and does not represent certification by Lovable or any third party. For binding legal terms, consult a qualified attorney in your jurisdiction.