[S/1] SCORECARD — PRIVACY

Privacy Policy

Effective: May 2026. The S/1 Scorecard tool (“Scorecard”) is operated by Salient One as a free public utility. This policy covers data handling for the Scorecard web application at s1.salientone.eu and its sub-paths.

Information We Collect

Analytics. We use Google Analytics (GA4) with IP anonymisation enabled. A single first-party cookie is set only after you accept the cookie banner. No personal data is stored; GA4 does not log individual IP addresses. You may decline the cookie with no loss of functionality.

Server logs. Cloudflare, our infrastructure provider, retains standard access logs (URL requested, timestamp, anonymised client IP) for a limited period for operational purposes. These logs are not shared with third parties.

User accounts. When you create an account, we store your email address, the display name you provide, and a bcrypt hash of your password (the plain-text password is never stored). We also store API keys you generate, as a SHA-256 hash; the plain-text key is shown only once at creation time. We log aggregate daily API request counts per key for rate limiting purposes, but do not log individual request payloads or queried parameters. Session cookies are HttpOnly, SameSite Lax, and expire after 30 days of inactivity.

Data Sharing

Salient One does not sell, rent, or share any user data with third parties. All indicator data displayed in Scorecard is sourced from publicly available official datasets (World Bank, Transparency International, INFORM JRC, US DOL, OFAC, EU FSF, UK FCDO, UN Security Council, Swiss SECO, GDELT).

Your Rights

Under the EU General Data Protection Regulation (GDPR), you have the right to access, rectify, or erase any personal data we may hold. This includes your account data, API keys, and usage records. To request account deletion or exercise any GDPR right, contact engage@salientone.eu. We will respond within 30 days.

Salient One · Independent advisory · salientone.eu