Sapster.io

Privacy Policy

How we collect, use, and protect your information

Last updated: 2025-01-19

1. Information We Collect

1.1 Technical Information

  • IP Address: For rate limiting and security purposes
  • User Agent: To identify browsers and prevent automated abuse
  • Request Logs: API endpoint access for monitoring and security
  • Usage Statistics: Aggregate data on table lookups and searches

1.2 SAP Table Data

  • Table Names: SAP table identifiers you search for
  • Search History: Temporarily cached for performance optimization
  • Public SAP Documentation: Cached from publicly available sources

1.3 Cookies and Local Storage

  • Essential Cookies: For basic site functionality and security
  • Preferences: Theme settings and display preferences
  • Session Data: Temporary data for improved user experience

2. How We Use Your Information

2.1 Service Provision

  • Provide SAP table documentation and field definitions
  • Cache frequently requested data for improved performance
  • Personalize your experience with saved preferences

2.2 Security and Compliance

  • Prevent abuse and protect against security threats
  • Enforce rate limits to ensure fair usage
  • Maintain audit logs as required by security standards
  • Comply with GDPR, ISO 27001, and other regulatory requirements

2.3 Service Improvement

  • Analyze usage patterns to improve performance
  • Identify popular SAP tables for better caching
  • Monitor system health and performance metrics

3. Legal Basis for Processing (GDPR)

Data TypeLegal BasisPurpose
IP Address, User AgentLegitimate InterestSecurity, abuse prevention
Request LogsLegitimate InterestService monitoring, security
Search PreferencesConsentPersonalized experience
Audit LogsLegal ObligationCompliance requirements

4. Data Retention

Data TypeRetention PeriodReason
SAP Table CachePermanentPublic data, performance optimization
Rate Limit Data30 daysSecurity and abuse prevention
Security Logs90 daysSecurity monitoring and compliance
Audit Logs2 yearsRegulatory compliance (ISO 27001)
Critical Security Events7 yearsLegal and compliance requirements

5. Your Rights (GDPR)

Access Right

Request a copy of your personal data we hold

Erasure Right

Request deletion of your personal data

Rectification Right

Request correction of inaccurate data

Portability Right

Receive your data in a machine-readable format

Exercise Your Rights

Contact us at contact@sapster.io to exercise any of these rights. We will respond within 30 days.

6. Data Security

6.1 Technical Measures

  • Encryption: All data encrypted at rest and in transit using industry-standard protocols
  • Access Controls: Role-based access with multi-factor authentication
  • Rate Limiting: Advanced protection against abuse and DDoS attacks
  • Monitoring: 24/7 security monitoring and threat detection

6.2 Organizational Measures

  • Staff Training: Regular security awareness and privacy training
  • Incident Response: Documented procedures for security incidents
  • Compliance: Regular audits and compliance assessments
  • Data Minimization: We collect only necessary data for service provision

7. Third-Party Services

ServicePurposeData SharedPrivacy Policy
VercelHosting and CDNTechnical logs, IP addressesVercel Privacy

8. International Transfers

Your data may be processed in countries outside your location. We ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries with adequate data protection
  • Standard Contractual Clauses: EU-approved safeguards for international transfers
  • Technical Safeguards: Encryption and access controls for all international processing

9. Children's Privacy

Our service is not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • For material changes, providing prominent notice on our website

11. Contact Information

Contact Information

Sapster

Email: contact@sapster.io

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns adequately.

This Privacy Policy is designed to be transparent and comply with GDPR, CCPA, and other privacy regulations.