Privacy Policy
Last updated: 1 July 2026
This Privacy Policy explains how Saldora (the "Service", "we", "us") handles information when you use the Saldora API or website. We are the data controller for the purposes of the EU General Data Protection Regulation (GDPR).
Contact / Data controller: Asterios Lentzos — asterioslentzos@gmail.com
1. Our privacy-first design
The Service is stateless. The salary, revenue, expenses, and personal inputs you send to the calculator (e.g. gross salary, marital status, number of children, age) are used only in memory to compute your result and are returned to you in the response. We do not store, sell, or share your calculation inputs or results.
2. What we do collect
To keep the Service running, secure, and abuse-free, our servers process a limited set of technical data:
| Data | Purpose | Legal basis (GDPR Art. 6) |
|---|---|---|
| IP address | Rate limiting, security, abuse detection | Legitimate interest (Art. 6(1)(f)) |
| Request metadata (timestamp, HTTP method, endpoint path, response status, response time) | Operating, debugging, and monitoring the Service | Legitimate interest (Art. 6(1)(f)) |
| API key identifier (masked; for authenticated API clients) | Authentication, usage measurement, billing | Contract performance (Art. 6(1)(b)) |
We do not use advertising cookies or third-party trackers in the API. We do not log the contents of your calculation requests (your salary figures). Our website uses privacy-friendly, cookieless analytics that never receive your salary amounts.
3. How long we keep it
Technical logs (including IP addresses) are retained for up to 90 days and then deleted or anonymised, unless we must keep specific records longer to resolve a security incident or meet a legal obligation.
4. Who processes it
The Service runs on third-party infrastructure and platform providers acting as our data processors, which may include:
- Hosting / platform (e.g. Railway, Vercel) — runs the API/website and stores operational logs.
- API marketplace (e.g. RapidAPI), if you access the API through it — handles your account, subscription, and billing under its own privacy policy.
- CDN / DNS / security (e.g. Cloudflare), if enabled — processes connection data.
These providers may process data outside your country; where data leaves the EEA, it is covered by appropriate safeguards (e.g. Standard Contractual Clauses).
5. Your rights
Under the GDPR you have the right to access, rectify, erase, restrict, or object to the processing of your personal data, and the right to data portability. Because we do not maintain user accounts or store calculation data, the personal data we hold is generally limited to short-lived technical logs. To exercise a right, email asterioslentzos@gmail.com. You also have the right to lodge a complaint with your local data protection authority.
6. Children
The Service is not directed at children under 16 and we do not knowingly collect their personal data.
7. Changes
We may update this policy; the "last updated" date above will change accordingly. Material changes will be reflected on this page.