
Saldo Labs
Privacy Policy
Last updated: 12 July 2026
Saldo Labs GmbH ("Saldo", "we", "us" or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share and process personal data in connection with our website at getsaldo.com (the "Site"), our platform available at platform.getsaldo.com (the "Platform"), and our related products, features, technologies and services (together, the "Services"), as well as our interactions with you at meetings and events and through our other sales and marketing activities. It also describes your rights and how you can exercise them.
Our Site does not use cookies or other tracking technologies.
"Personal data" (or "personal information") means any information relating to an identified or identifiable individual — for example your name, address, email address, business contact details, job title, or information gathered through your interactions with us via our Site, Services, surveys and events.
1. Scope of this Privacy Policy
This Privacy Policy applies where Saldo is the data controller responsible for processing personal data of:
visitors and users of our Site, including anyone who joins our waitlist or contacts us;
users of the Platform (for example, advisers and other authorised users at our business customers) in respect of their account and their use of the Platform;
customers and prospective customers and their representatives;
subscribers to our newsletters and updates, and attendees of our events, webinars and surveys; and
suppliers, service providers, business partners and other third parties and their representatives.
Data we process on behalf of our customers ("Customer Content").
This Privacy Policy does not apply to the personal data that our business customers (such as wealth-management firms and banks) input into, generate through, or upload to the Platform — including prospect information, prospect dossiers, watchlists and other outputs created in the course of their use of the Services ("Customer Content"). We process Customer Content as a data processor on behalf of our customers, who are the data controllers, and that processing is governed by our agreement with the relevant customer and the associated Data Processing Agreement (DPA) — not by this Privacy Policy. In particular, we act solely as a processor in respect of prospect information sourced, aggregated and enriched through the Platform; the relevant customer is the data controller for that processing. If you are a prospect or client of one of our customers and have questions about how your personal data is handled on the Platform, please contact that customer (the controller). If we receive a rights request relating to data we process as a processor, we will refer it to the relevant customer.
2. What personal data we collect
We may collect and process personal data in the following ways. It may come directly from you, or indirectly from third parties such as our customers, business partners and data providers.
2.1 Information you provide to us
Waitlist and marketing sign-up: when you join our waitlist or sign up for updates, we collect your name, email address and, where provided, your company and role.
Account information: when you or your employer create a Platform account, we collect data such as your name, business email address, role, language and preferences, and account credentials.
Communication information: when you contact our sales, support or other teams, provide feedback or make enquiries, we collect your name, email address, phone number and the content of your communications. We may keep records of these communications for training and quality-assurance purposes.
Event and survey information: if you attend our events or webinars or take part in a survey, we may collect your name, contact details and the information you choose to provide. Participation is voluntary.
2.2 Information we collect automatically
When you visit or interact with the Site or the Platform, we automatically collect certain technical information, including:
Log data: your IP address, browser type and settings, the date and time of your requests, and how you interacted with the Site or Platform.
Device information: the device, operating system and browser you use, and related identifiers and settings.
Usage data: information about how you use the Services, such as the features you use, the actions you take, and the dates, times and duration of access. We do not use Customer Content for these purposes other than as permitted by the applicable customer agreement.
Our Site does not use cookies or similar tracking technologies.
2.3 Information from third parties
We may receive personal data about you from third parties, such as our customers (for example, contact details needed to set up Platform accounts for their authorised users), our business partners, event organisers, and marketing or security vendors. We may also collect publicly available business information about prospective customers and their representatives. We may combine this with information we collect from you and use it as described in this Policy.
3. How we use your personal data and our legal bases
We use your personal data for the purposes set out below. Where the GDPR applies, we rely on the legal bases indicated.
Purpose: Provide and manage the Services
What we do: Create and administer accounts, provide the Site and Platform, and manage our relationship with you and/or your employer.
Legal basis (Art. 6(1) GDPR): Performance of a contract (b); legitimate interests (f) where you are a representative of a customer.
Purpose: Support and communications
What we do: Respond to your questions, provide support and send service-related messages.
Legal basis (Art. 6(1) GDPR): Performance of a contract (b); legitimate interests (f).
Purpose: Security and fraud prevention
What we do: Verify identity, keep the Services secure, and prevent misuse and fraud.
Legal basis (Art. 6(1) GDPR): Legitimate interests (f); legal obligation (c).
Purpose: Product analytics and improvement
What we do: Analyse usage to maintain, improve and develop the Services.
Legal basis (Art. 6(1) GDPR): Legitimate interests (f) in improving our Services.
Purpose: Marketing
What we do: Send newsletters, updates and event invitations, and measure their effectiveness.
Legal basis (Art. 6(1) GDPR): Consent (a) where required; otherwise legitimate interests (f). You can opt out at any time.
Purpose: Legal and compliance
What we do: Comply with legal obligations and establish, exercise or defend legal claims.
Legal basis (Art. 6(1) GDPR): Legal obligation (c); legitimate interests (f).
Where we rely on legitimate interests, we have carried out a balancing exercise and consider that our interests do not override your rights. You can object at any time (see Section 6).
4. With whom we share your personal data
We may share your personal data with the following categories of recipients:
Vendors and service providers: third parties that help us operate and support the Services, including providers of cloud hosting and infrastructure, authentication and identity management, product analytics and monitoring, communication and email tools, artificial-intelligence / large-language-model services, and prospecting data sources. These providers process personal data on our documented instructions under data-processing agreements that require them to protect it. A current list of our sub-processors is available on request.
Professional advisers and auditors: lawyers, accountants and auditors, where necessary.
Business transfers: in connection with a merger, acquisition, financing or other corporate transaction, personal data may be disclosed to counterparties and advisers and transferred to a successor.
Legal and regulatory: where required by law, or to protect our rights, safety or property or those of others.
5. International transfers
We process personal data primarily within the EU/EEA. In some cases — for example where a service provider is located outside the EU/EEA — your personal data may be transferred to a third country. Where we do so, we ensure an appropriate level of protection through safeguards such as an adequacy decision, the European Commission's Standard Contractual Clauses, or the EU-US Data Privacy Framework, together with additional technical and organisational measures where needed. You can request more information about these safeguards using the contact details in Section 10.
6. Your rights
Under the GDPR and other applicable data-protection laws, you have the following rights in relation to your personal data:
Access and information — to be told whether we process your data and to receive a copy of it.
Rectification — to have inaccurate or incomplete data corrected or completed.
Erasure — to have your data deleted in certain circumstances.
Restriction — to ask us to restrict processing in certain circumstances.
Objection — to object to processing based on our legitimate interests, and at any time to processing for direct marketing.
Portability — to receive certain data in a machine-readable format and have it transmitted to another controller.
Withdraw consent — where we rely on consent, to withdraw it at any time without affecting prior processing.
Complaint — to lodge a complaint with a supervisory authority.
To exercise your rights, please contact us using the details in Section 10. We may need to verify your identity before acting on a request. You also have the right to lodge a complaint with a supervisory authority. As Saldo's registered seat is in Berlin, the competent authority is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit, BlnBDI).
7. How we keep your personal data safe
We take appropriate technical and organisational measures to protect personal data against loss, misuse and unauthorised access, disclosure, alteration and destruction. These include encryption in transit and at rest, role-based access controls on a need-to-know basis, logging and monitoring, and network protections. For more information about our security measures and certifications, please see our Security page.
8. How long we keep your personal data
We keep personal data for as long as necessary to fulfil the purposes for which we collected it, and longer where required by law (for example, tax and bookkeeping obligations, generally 6 or 10 years under German law). Waitlist and marketing data is kept until you unsubscribe or withdraw consent. Account data is kept for the duration of the account relationship and a reasonable period thereafter. When we no longer need your personal data, we delete or anonymise it, or securely isolate it from further processing where deletion is not immediately possible (for example in backups).
9. Updates to this Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will post the updated version on this page and update the "last updated" date, unless another form of notice is required by law.
10. Contact us
If you have any questions about this Privacy Policy or how we process your personal data, please contact us: privacy@getsaldo.com
