ERDA

Privacy Policy

Last updated: February 20, 2026

This Privacy Policy explains how Erda Group, SIA ("we", "us", or "the Company"), registration number 40103692668, registered at Elizabetes iela 4-2, Rīga, LV-1010, Latvia, collects, uses, and protects your personal data when you use the Salary Benchmark platform ("the Service") at salaries.erda.lv.

We process personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Latvian data protection laws.

1. Data Controller

Erda Group, SIA
Elizabetes iela 4-2, Rīga, LV-1010, Latvia
Reg. nr. 40103692668
Email: hello@erda.lv

2. Data We Collect

2.1 Account Data

When you register, we collect your first name, last name, email address, and company name. We also record a timestamp of your GDPR consent and your marketing communications preference.

2.2 Job Description Data

When you create salary benchmark reports, you submit job descriptions via text input or file upload. These are processed by AI to classify occupations using ESCO (European Skills, Competences, Qualifications and Occupations) codes. Job descriptions are used solely for report generation and are not shared with third parties.

2.3 Payment Data

Payments are processed by Stripe, Inc. We do not store your credit card details. Stripe may collect billing address, VAT number, and legal entity name for invoicing purposes. We store only your Stripe customer ID to link payments to your account.

2.4 Usage Data

We collect standard server logs (IP address, browser type, pages visited, timestamps) to maintain the security and performance of the Service. We use cookies solely for authentication session management — no tracking or advertising cookies are used.

3. Legal Basis for Processing

We process your personal data based on:

  • Contract performance (Art. 6(1)(b) GDPR) — to provide the Service, generate reports, and process payments.
  • Consent (Art. 6(1)(a) GDPR) — for marketing communications (optional, withdrawable at any time).
  • Legitimate interest (Art. 6(1)(f) GDPR) — for security, fraud prevention, and service improvement.
  • Legal obligation (Art. 6(1)(c) GDPR) — for tax and accounting records related to invoices.

4. How We Use Your Data

  • Authenticating your account via magic link email
  • Generating salary benchmark reports from your job descriptions
  • Processing payments and generating invoices
  • Sending product updates and market insights (only with your consent)
  • Maintaining platform security and preventing abuse

5. Data Sharing

We share personal data only with:

  • Supabase, Inc. — database hosting and authentication (data stored in EU region)
  • Stripe, Inc. — payment processing
  • Vercel, Inc. — application hosting
  • Anthropic, PBC — AI processing of job descriptions for occupation classification (no personal data is sent; only job description text)
  • Upstash, Inc. — rate limiting infrastructure to protect the Service from abuse (only anonymized request identifiers and counters are stored temporarily; no personal data is sent)

We do not sell your personal data. We do not share data with advertisers.

6. International Transfers

Some of our service providers (Stripe, Vercel, Anthropic, Upstash) are based in the United States. Transfers are safeguarded by Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework, as applicable.

7. Data Retention

  • Account data: retained while your account is active, deleted within 30 days of account deletion.
  • Reports: retained while your account is active. Uploaded job descriptions are processed and not stored beyond report generation.
  • Payment records: retained for 7 years as required by Latvian tax law.
  • Server logs: retained for up to 90 days.

8. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data (via Settings or by contacting us)
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Data portability — receive your data in a structured format
  • Object to processing based on legitimate interest
  • Withdraw consent for marketing communications at any time

To exercise these rights, contact us at hello@erda.lv. We will respond within 30 days.

9. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), row-level security policies in our database ensuring users can only access their own data, secure authentication via magic links (no passwords stored), and rate limiting to prevent abuse and protect service availability.

10. Cookies

The Service uses only essential cookies for authentication session management. No third-party tracking, analytics, or advertising cookies are used. No separate cookie consent is required as these cookies are strictly necessary for the Service to function.

11. Children

The Service is intended for business professionals. We do not knowingly collect data from individuals under 18 years of age.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a prominent notice on the Service. Continued use after changes constitutes acceptance.

13. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Data State Inspectorate of Latvia (Datu valsts inspekcija), www.dvi.gov.lv.

14. Contact

Erda Group, SIA
Elizabetes iela 4-2, Rīga, LV-1010, Latvia
Email: hello@erda.lv