[S/1] SCORECARD — PRIVACY

Privacy Policy

Effective: May 2026. The S/1 Scorecard tool (“Scorecard”) is operated by Salient One as a free public utility. This policy covers data handling for the Scorecard web application at s1.salientone.eu and its sub-paths.

Cookies We Use

Consent cookie (s1-cookie-consent). A first-party cookie that stores your cookie preference (“accepted” or “declined”). Set the moment you interact with the cookie banner. Expires after 1 year. Strictly necessary — without it we cannot remember your choice.

Analytics cookies (_ga, _ga_*). Google Analytics (GA4) sets a small number of first-party cookies to measure aggregate site usage. We have enabled IP anonymisation; GA4 does not log or store individual IP addresses. These cookies are only set if you click “Accept” on the cookie banner. You may decline with no loss of functionality. See Google’s Privacy Policy for details on how Google handles this data.

Session cookie (s1_session). Set only when you log into an account. An HttpOnly, Secure, SameSite Lax cookie containing an opaque session token. Expires after 30 days of inactivity. Strictly necessary for authentication — we cannot keep you signed in without it.

Other Information We Collect

Server logs. Cloudflare, our infrastructure provider, retains standard access logs (URL requested, timestamp, anonymised client IP) for a limited period for operational purposes. These logs are not shared with third parties.

User accounts. When you create an account, we store your email address, the display name you provide, and a bcrypt hash of your password (the plain-text password is never stored). We also store API keys you generate, as a SHA-256 hash; the plain-text key is shown only once at creation time. We log aggregate daily API request counts per key for rate limiting purposes, but do not log individual request payloads or queried parameters.

Data Sharing

Salient One does not sell, rent, or share any user data with third parties. All indicator data displayed in Scorecard is sourced from publicly available official datasets (World Bank, Transparency International, INFORM JRC, US DOL, OFAC, EU FSF, UK FCDO, UN Security Council, Swiss SECO, GDELT).

Your Rights

Under the EU General Data Protection Regulation (GDPR), you have the right to access, rectify, or erase any personal data we may hold. This includes your account data, API keys, and usage records. To request account deletion or exercise any GDPR right, contact [email protected]. We will respond within 30 days.

Salient One · Independent advisory · salientone.eu