SourceLock privacy is built around public-content review and source discipline.

SourceLock stores account details, user email addresses, signed session records, terms acceptance, billing status, scan jobs, scanned page text, extracted claims, Truth Repository entries, share tokens, and usage ledger events needed to operate the service.

SourceLock is intended for public-facing business content. Users should not submit passwords, API keys, confidential legal strategy, regulated personal data, medical records, payment card data, or private content they do not have authority to process.

When OpenAI API keys are configured, SourceLock may send cleaned public page text or pasted copy to OpenAI models for claim extraction and high-risk review. SourceLock does not intentionally send secrets to the model, and the scan engine removes common navigation, forms, scripts, and style content before analysis.

Stripe processes payment and subscription events. Apex Blue stores billing status, Stripe customer identifiers, subscription identifiers, and webhook payload summaries needed to keep account access accurate.

Truth Repository share links are tokenized and noindex by default. They are designed for outside SEO teams, writers, contractors, and AI chat agents who need approved brand truth without full account access.