Privacy policy
Last updated: 25 June 2026
Saluto is a digital business card platform for brands and teams. This policy transparently explains what personal data we process, for what purposes, who we share it with, how long we keep it, and what rights you have. It applies to the website, the admin area and the public profiles served by Saluto. By creating an account or using the service, you accept the practices described here.
1. Who is the data controller
The data controller is the entity that operates Saluto, which decides the purposes and means of processing. For any privacy matter, or to exercise your rights, you can contact us at privacidade@saluto.spolly.ao.
2. What data we collect
We collect only the data needed to provide and improve the service:
- Account data: name, email address and, depending on the sign-in method, your password (stored only as a hash) or your Google account identifier.
- Profile and organisation data: the information you or your organisation enter on the cards, such as name, role, phone, email, address, social links, logos and photos.
- Usage data: interaction events on public profiles (for example, views and saved contacts), processed in aggregate for dashboard statistics.
- Subscription and payment data: when you subscribe to a paid plan, the plan you choose and your billing history. Payments are processed by our payment provider; Saluto does not store full card details.
- Behavioural measurement data: when you consent, analytics tools record interactions with the pages (including heatmaps and session recordings), so we can understand how the site is used and improve usability.
- Technical data: IP address, device type, browser and server logs, used for security, abuse prevention and diagnostics.
- Communications: the content of messages you send us (for example, support requests).
3. Purposes and legal bases
We process your data for the following purposes:
- Providing the service: creating and managing accounts, organisations, brands, members and public profiles (performance of the contract with you).
- Authenticating and protecting accounts, including limiting abusive access attempts and detecting fraud (legitimate interest and security).
- Sending essential operational communications: confirmation, password recovery, invitations and service notices (performance of the contract).
- Managing subscriptions and processing payments for paid plans (performance of the contract).
- Producing aggregate usage statistics for the organisation dashboard (legitimate interest).
- Measuring and analysing site usage to improve usability, when you consent (consent).
- Complying with legal obligations and responding to lawful requests from authorities (legal obligation).
4. Public profile content
Published profiles are public by design: they are accessible to anyone with the link or QR code and may be indexed by search engines. Therefore, do not publish on the profiles any data you do not wish to make public.
You and your organisation stay in control: deactivating a member immediately takes the corresponding profile offline, and that profile's personal data is no longer served publicly.
5. Cookies and similar technologies
We use a small number of cookies, in two categories:
- Strictly necessary: keep you signed in (a secure, server-only refresh cookie and a presence indicator for routing). Without these, the authenticated area does not work.
- Measurement and analytics on the Saluto site: with your consent, we use Google Analytics (usage statistics) and Hotjar (heatmaps and session recordings, to understand how the pages are used). They only load after you accept in the cookie banner, and you can refuse them at any time.
- Measurement on custom domains: when an organisation enables Google Analytics on its own domain, measurement cookies may be used on that domain only.
6. Who we share data with
We do not sell personal data. We rely on providers (processors) that handle data on our behalf and instructions, subject to confidentiality and security obligations:
- Hosting and CDN for the website and API (Vercel).
- Image and file storage (S3-compatible object provider).
- Transactional email delivery (Resend).
- Payment processing and subscription management (Stripe).
- Rate limiting and abuse protection (Upstash), when enabled.
- Error monitoring and reliability (Sentry), when enabled.
- Custom domain management and verification for organisations.
- Audience measurement (Google Analytics), on the Saluto site with your consent and, when the organisation enables it, on its own domain.
- Behaviour and usability analysis, with heatmaps and session recordings (Hotjar), on the Saluto site with your consent.
7. International transfers
Some of our providers may process data outside the country where you live. In those cases, we ensure appropriate safeguards are in place, in line with applicable law, so that your data remains protected.
8. How long we keep data
We keep account and profile data while the account is active. Billing data is kept for the periods required by tax and accounting law. Technical and security logs are kept for short periods appropriate to their purpose. After an account is closed, we delete or anonymise the data, unless the law requires us to keep it longer.
9. How we protect data
We adopt technical and organisational measures proportionate to the risk, including:
- Encryption in transit (HTTPS) across the platform.
- Passwords stored as bcrypt hashes, never in plain text.
- Short-lived session tokens, with rotation and revocation.
- Login attempt limiting and brute-force protection.
- Role-based access controls and isolation between organisations.
- Content validation to prevent injection, plus error monitoring.
10. Your rights
Under applicable law, you may exercise the following rights over your personal data: access, rectification, erasure, restriction of processing, portability, objection and, where processing is based on consent, withdrawing it at any time.
To exercise any of these rights, contact privacidade@saluto.spolly.ao. We will respond within the legal time limits. You also have the right to lodge a complaint with the competent data protection authority.
11. Minors
Saluto is intended for professionals and organisations and is not directed at minors. We do not knowingly collect data from minors. If you become aware that a minor has provided us with data, contact us so we can remove it.
12. Links to third-party sites
Profiles and pages may contain links to third-party sites (for example, social networks). We are not responsible for the privacy practices of those sites; we recommend reviewing their policies.
13. Changes to this policy
We may update this policy to reflect changes to the service or the law. We will publish the revised version on this page, with the last updated date. Significant changes will be communicated by appropriate means.
14. Contact
For any question about this policy or about the processing of your data, contact privacidade@saluto.spolly.ao.