This Privacy Policy describes how TC Szabla LLC, operator of the SalaryProof application (the “App”), processes information when you use the App. By using SalaryProof, you agree to the practices described below.
1. Who we are
Controller: TC Szabla LLC
30 N Gould St Ste 23157
Sheridan, WY 82801
United States
Contact: tcszabla@gmail.com
2. Data we process
- Account data: email address, authentication credentials, and a timestamp of your last activity in the App ("last active") used by admins to spot dormant accounts.
- Payroll & work-hour data: shifts, hours, wages, allowances and related notes you enter.
- Payslip uploads: PDF or image files you upload for scanning, plus the structured data (gross, net, tax, social contributions, period, employer, year-to-date totals, etc.) extracted from them.
- Employment contract uploads: PDF or image files of employment contracts you upload, plus extracted fields (employer, agency, contract type, start/end dates, hourly rates, allowances, premium rules).
- Tax-credit / ulga podatkowa questionnaire (
tax_profile): the answers you give (e.g. marital status, children, mortgage interest, 30% ruling, dependant deductions) used to compute a personal annual tax projection. - Contract Apply metadata (
contract_apply_events): a record of which contract terms you applied to which weeks/periods, so the same decisions can sync across devices. - Payroll-gap explanations: short notes you add to explain missing weeks/periods in your history.
- Accountant Checklist signals: derived locally from data you already store (payslips, contracts, tax profile, gaps) to suggest what to review or upload. No new personal data is collected.
- Cloud-sync metadata: last-synced timestamp and pending-change counters used to display sync status in Settings and the Dashboard.
- Dashboard / hours overview uploads: files from payroll dashboards (e.g. HelloFlex) used to verify your hours.
- Settings & preferences: country, region, currency, language, and learned payroll profiles.
- Local backups: JSON exports you create or that the App creates before destructive actions.
- Insights / analytics within the App: derived statistics about your own entries, computed locally.
- Issue reports: when you submit a report, the text you provide and (only if you tick the diagnostics consent) limited technical context about the screen.
3. Local storage and offline mode
SalaryProof stores your data in your device’s local storage so the App works offline. If you choose “continue without an account”, your data stays on your device and is never sent to our servers. You can export or delete it at any time from Settings.
4. Cloud sync
If you create an account, your weeks, payslips, contracts, contract-apply decisions, gap explanations, tax-credit answers, learned profiles and settings are synced to our managed backend so you can use the App on multiple devices. The local copy remains the primary working cache; the cloud copy is used as a backup and for cross-device sync. When you are offline, changes are queued and synced once you reconnect; Settings → Sync Status shows the last successful sync and any pending changes. Access to your rows in the database is protected by row-level security so that only your account can read them. A small amount of data is intentionally kept local-only (translation cache, sync diagnostics) because it is either regenerable or device-specific.
5. Automated processing of payslips and contracts (AI)
To save you typing, payslip and employment-contract files you upload are sent to a large language model (currently Google Gemini, accessed through the Lovable AI Gateway) which extracts structured fields (amounts, dates, employer name, contract terms, etc.). The extracted JSON is stored against your account so you can review and correct it; the source file is kept in our storage so you can re-scan or download it. We do not sell your documents and we do not allow third parties to use them to train their models. You can delete a payslip, contract or your full account at any time from the App.
Estimated payroll, projected annual tax and the tax-credit questionnaire are informational only; they are not legal, tax or accounting advice. Always verify against your official payslip and a qualified professional.
6. Authentication, multi-device sync & activity tracking
Authentication is handled by our backend provider. Session tokens are stored in your browser to keep you signed in. The App writes a low-frequency "last active" timestamp on your profile (at most once every few minutes) so admins can see whether accounts are still in use; no page-by-page tracking is stored. Logging out clears the session on the current device but does not delete data stored on other devices or in the cloud.
7. Sub-processors & third-party services
- Lovable Cloud (Supabase-managed Postgres, Auth, Storage, Edge runtime) — hosts your account, database rows, and uploaded payslip/contract files in the EU region.
- Lovable AI Gateway → Google Gemini — receives payslip and contract files (and extracted text) to return structured fields. Inputs are processed transiently and are not used to train models.
- Lovable Emails — sends transactional and authentication emails (signup confirmation, password reset, magic links, account notices) from
notify.salaryproof.app. We log delivery status (sent / bounced / suppressed) but not the email body content. - DeepSeek translation API — used to translate UI labels into additional languages. Only short interface strings are sent; your payroll, contract or tax data is never sent for translation.
- Payment processors (Stripe; and, future: Lemon Squeezy or Paddle as Merchant of Record) — when you purchase a subscription, billing is processed by an external payment provider. Payment card data never reaches SalaryProof servers. The provider receives only the information needed to process the payment (billing email, billing address for tax, card token, subscription plan reference). Providers operate independently as data controllers for fraud prevention and tax compliance. See their privacy policies: Stripe, Lemon Squeezy, Paddle.
7c. Data retention
- Active account data is retained for as long as your account is active.
- Account deletion: when you delete your account, primary records (profiles, payslips, contracts, tax answers, payroll data) are removed from production systems within 30 days.
- Encrypted backups are retained for up to 90 days before being permanently overwritten.
- Operational logs (access logs, error logs, audit logs) are retained for up to 13 months for security and abuse prevention.
- Billing records (invoices, payment receipts) may be retained by us and by our payment processor for up to 10 years where required by tax and accounting law.
7d. International data transfers
Primary storage and processing happen in the European Union. Some sub-processors (payment providers, the AI gateway, email delivery) may process data outside the EU/EEA. Where this happens, transfers rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (SCCs) and equivalent mechanisms such as the EU–US Data Privacy Framework where the recipient is certified. You can request a list of current sub-processor locations by emailing tcszabla@gmail.com.
7a. Optional anonymous label-pattern contribution
SalaryProof includes an opt-in feature that lets the app learn how different employers and countries label fields on payslips (for example, that an agency prints "Loonheffing bijz." for the special tax line). This is disabled by defaultand only runs when you explicitly enable it under Settings → Help improve payslip recognition.
When enabled, we only collect the printed label text, the field it was mapped to, the section it belongs to, an extraction confidence score, the country code, and optionally a one-way hash of your employer name (only if you separately enable the employer-hash toggle). We do not collect salary amounts, tax amounts, uploaded files, raw payslip text, names, BSN/PESEL/NI/SSN/SIN, addresses, IBAN or bank details, and the contribution is not linked to your user account in the shared dictionary. You can turn this off at any time in Settings.
7b. Administrator access & audit log
A small number of TC Szabla LLC administrators can see aggregated user metadata (email, country, creation date, last-active time, beta flag) to operate the service and respond to issue reports. Administrators do not see the contents of your payslips, contracts or tax-credit answers in the admin panel. Sensitive administrator actions are recorded in an internal audit log.
8. Your rights
Depending on where you live, you may have rights to access, correct, export, restrict or delete your personal data, and to object to certain processing. You can export your data at any time from Settings → Backup & restore. To request access or deletion of cloud data, contact us at tcszabla@gmail.com. We will respond within a reasonable time.
8a. Your U.S. state privacy rights (California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon and others)
If you are a resident of a U.S. state with a comprehensive consumer privacy law (including the California Consumer Privacy Act / CPRA, Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, Oregon, Montana, Iowa, Delaware, New Jersey, New Hampshire, Tennessee, Minnesota or Maryland), you have additional rights regarding your personal information:
- Right to know / access the categories and specific pieces of personal information we process about you.
- Right to delete personal information we have collected from you.
- Right to correct inaccurate personal information.
- Right to portability — receive your data in a portable, machine-readable format.
- Right to opt out of the "sale" or "sharing" of personal information and of "targeted advertising."
- Right to limit use of sensitive personal information (e.g. financial account details extracted from payslips).
- Right to non-discrimination for exercising any of these rights.
We do not sell or share your personal information (as those terms are defined under CCPA/CPRA), we do not use it for cross-context behavioral / targeted advertising, and we do not knowingly process the personal information of consumers under 16 for sale or sharing. We honor the Global Privacy Control (GPC) browser signal as a valid opt-out where applicable.
To exercise any of these rights, email tcszabla@gmail.com with the subject line "U.S. Privacy Rights Request". We will verify your identity using your account email and respond within 45 days (CCPA) or the timeline required by your state. You may designate an authorized agent to act on your behalf with written permission. If we deny your request, you may appeal by replying to our response.
California "Shine the Light": California Civil Code § 1798.83 permits California residents to request information about disclosures of personal information to third parties for direct marketing. We do not disclose personal information to third parties for their direct marketing.
Notice of financial incentive: we do not offer financial incentives in exchange for personal information.
9. Security
We use industry-standard measures, including encryption in transit and row-level security in the database, to protect your data. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
10. Children
SalaryProof is not intended for children under 16. We do not knowingly collect data from children.
11. Changes to this policy
We may update this Policy from time to time. The “Last updated” date at the top reflects the latest revision. Continued use of the App after changes means you accept the revised Policy.
12. Contact
Questions about this Policy? Email tcszabla@gmail.com.