Back to Home

Data Sources Policy

Standards for information acquisition and acceptance in OpenGPSR.

"Every record must have a verifiable source that can be pointed to and checked."

The purpose of this policy is to protect database users from the risk of errors and abuse, and to ensure data origin transparency (auditability). Every record should have a reproducible "trace": where the information comes from, when it was acquired, and to what extent it was verified (e.g., UNVERIFIED, COMMUNITY_CONFIRMED, PRIMARY_CONFIRMED, OUTDATED).

We accept new data submissions generally via form or GitHub Issue. The API is designed primarily for data reading, and any potential write paths are restricted and require additional verification.

✅ Accepted Sources (Whitelist)

  • Official entity websites (WEBSITE) Tabs: Contact, Imprint, Legal, Compliance, Safety, Support. Preferred: main domain or official subdomains.
  • Official online product documents (PRODUCT_LABEL / WEBSITE) Manuals, safety data sheets, PDFs/Docs published publicly (preferably hosted by the manufacturer or responsible entity).
  • Public Registries (OFFICIAL_REGISTRY) Auxiliary sources for entity identification (e.g., VIES). Note: registry might not contain the correct "safety" contact.
  • Information disclosed publicly in sales context (WEBSITE / COMMUNITY) Public offer pages / product presentations, provided they contain an unambiguous, verifiable contact and comply with platform rules.
  • Community reports with proof (COMMUNITY) Required direct URL or source material where the verifier can confirm data without guesswork.
  • Information from the entity (PRIMARY_SOURCE) Contact confirmed by the entity itself (e.g., official page, official channel). Private correspondence is not published as a source.

⛔ Prohibited Sources (Blacklist)

  • Private correspondence Emails, chats, and private messages not publicly shared by the sender. Can only be used for internal verification, not for publication.
  • Data Leaks Data from security incidents, hacking, dumps, dark web, and similar sources.
  • "From memory" / without proof Information unsupported by an active link or source material ("I know, but I don't have a link").
  • Private personal data Home addresses, private phone numbers, private mailboxes of individuals (unless they are clearly a public contact point).
  • Data from paid and license-restricted services Scraping or rewriting data from commercial databases protected by contract/license (including paywalls). Such data is not accepted.

Hierarchy of Source Importance

In case of conflicting data, we prioritize and mark verification statuses:

  1. Level 1 (Highest): Official entity website (main domain / official "Legal/Imprint/Contact" section).
  2. Level 2: Official product documents hosted by the entity (PDF/Doc/Manual) with unambiguous contact.
  3. Level 3: Public registries — mainly for identity confirmation (not always the correct "safety" channel).
  4. Level 4: Offer pages / distributor information — auxiliary, often require additional confirmation.

If unresolvable, the record may be marked as DISPUTED or HISTORICAL until a stronger source is obtained.

Personal Data Protection (GDPR):
OpenGPSR aggregates primarily B2B contact points. If an email address looks private (e.g., contains a name and surname), it may be rejected or restricted in publication, even if it appears in the source, when the privacy risk is too high. The goal is contact regarding product safety, not processing personal data of individuals.