Privacy Policy

Last updated: January 2026

1.Introduction

Salda ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoicing and payment tracking service.

By using Salda, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2.Information We Collect

We collect information in the following ways:

Information you provide directly:

  • Account information: Email address, name, business name, and address when you create an account
  • Customer data: Names, email addresses, company names, addresses, and VAT numbers of your customers
  • Invoice data: Amounts, descriptions, due dates, and payment terms
  • Payment information: We use Stripe to process payments. We never store credit card details on our servers
  • Communications: When you contact us for support or feedback

Information collected automatically:

  • Usage data: Pages visited, features used, and actions taken within the service
  • Device information: Browser type, operating system, device type, and screen resolution
  • Log data: IP address, access times, and referring URLs
  • Email interaction data: Open and click tracking on payment reminders sent through our service

3.How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our service
  • Send invoices and payment reminders on your behalf
  • Process payments through our payment processor (Stripe)
  • Generate Proof Pack documentation for dispute resolution purposes
  • Send service-related communications and notifications
  • Respond to your comments, questions, and support requests
  • Monitor and analyze usage patterns to improve user experience
  • Detect, prevent, and address fraud, abuse, and security issues
  • Comply with legal obligations

4.How We Share Your Information

We share your information only as described below and only with parties who need it to perform their services:

  • Stripe: For payment processing and Stripe Connect account management
  • Resend: For sending transactional emails (invoices, reminders, receipts)
  • Supabase: For secure data storage and authentication
  • Vercel: For application hosting and analytics
  • Inngest: For background job processing (automated reminders)

We may also disclose your information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5.Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All data is encrypted in transit using TLS 1.3
  • Data at rest is encrypted using AES-256 encryption
  • Access to production systems is restricted and requires authentication
  • We perform regular security assessments and updates
  • Payment card data is handled exclusively by Stripe (PCI DSS Level 1 certified)

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6.Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Active accounts: Data is retained while your account is active
  • Deleted accounts: We delete your data within 30 days of account deletion, with the option to export your data beforehand
  • Legal requirements: Some data may be retained longer if required by law (e.g., financial records for tax purposes)
  • Audit logs: Timeline events may be retained for the legal compliance period

7.Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data ("right to be forgotten")
  • Portability: Request a copy of your data in a structured, machine-readable format
  • Objection: Object to processing of your personal data
  • Restriction: Request restriction of processing in certain circumstances
  • Withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at privacy@salda.io. We will respond to your request within 30 days.

8.Cookies and Tracking

We use cookies and similar technologies for:

  • Essential cookies: Required for authentication and core functionality
  • Analytics: To understand how users interact with our service (Vercel Analytics)
  • Preferences: To remember your settings (e.g., theme preference)

We do not use cookies for advertising or third-party tracking. You can manage cookie preferences through your browser settings.

9.International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. Our service providers (Stripe, Vercel, Supabase, Resend) may process data in the United States and other countries.

When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission for certain countries
  • Data Processing Agreements with all service providers

10.GDPR Compliance (EU Users)

If you are located in the European Union, we process your personal data based on the following legal bases under the General Data Protection Regulation (GDPR):

  • Contract performance: Processing necessary to provide our service to you
  • Legitimate interests: Processing for fraud prevention, security, and service improvement
  • Consent: Where you have given explicit consent for specific processing activities
  • Legal obligation: Processing required by applicable law

You have the right to lodge a complaint with a supervisory authority if you believe your rights have been violated.

11.CCPA Rights (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect, use, and disclose
  • Right to delete your personal information (subject to certain exceptions)
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination for exercising your privacy rights

Note: We do not sell personal information as defined under the CCPA.

12.Children's Privacy

Our service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us at privacy@salda.io, and we will take steps to delete such information.

13.Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date at the top
  • Sending an email notification for significant changes (if you have an account)

We encourage you to review this policy periodically to stay informed about how we protect your information.

14.Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Salda Privacy Team

Email: privacy@salda.io

Salda BV, Amsterdam, Netherlands

For data protection inquiries in the EU, you may also contact our Data Protection Officer at privacy@salda.io.

Related

Terms of Service