Pāriet uz saturu

Cookie policy

1. Introduction

This cookie policy describes how the website Saldo.link (hereinafter “the Website”), owned by NSIS.LV OÜ, registration number 16114378, registered in the Republic of Estonia, uses cookies and similar technologies. The Website is a B2B SaaS platform for the preparation and reconciliation of mutual balance confirmation acts between accounting systems.

By visiting the Website, the user confirms that they have read this policy. If you do not agree with any of the terms set out herein, please do not continue using the Website.

Policy last updated: 2026-04-23

2. What are cookies?

Cookies (in English cookies) are small text files that a website stores on the user's device (computer, tablet or mobile phone) during a browser visit. Cookies allow the website to “recognise” the user's device during repeat visits, save user preferences and ensure the correct operation of the website.

In addition to cookies, similar technologies may also be used, such as server-side session identifiers or local storage (localStorage). In this policy, the term “cookies” covers all such technologies, unless otherwise indicated.

3. Why do we use cookies?

Saldo.link uses cookies only to the extent necessary to ensure the core functionality of the Website and user security. The specific purposes are:

  • to provide user authentication and session maintenance after sign-in;
  • to protect users from cross-site request forgery (CSRF) attacks;
  • to remember the user's acknowledgement of the cookie policy notice so that it is not shown repeatedly;
  • to ensure the technical stability and security of the Website.

The Website does not use cookies for advertising purposes, profiling, behavioural tracking or marketing analytics. Google Analytics, Meta Pixel, social network plugins or any advertising tracking tools are not used.

4. Types of cookies we use

Below is a complete list of cookies that Saldo.link places in the user's browser:

Name Type Purpose Expiry First / third party
saldo_session Strictly necessary (Flask session cookie) User authentication and session maintenance after sign-in, as well as CSRF protection. Flags: HttpOnly, Secure (HTTPS only), SameSite=Lax. Session duration (deleted when the browser is closed) and/or a 60-minute idle limit. First party (Saldo.link)
Flask-Login “remember me” Functional Optional “Remember me” feature that allows the user's sign-in state to be retained even after the browser is closed. Flags: HttpOnly, Secure, SameSite=Lax. 1 hour First party (Saldo.link)
CSRF token (Flask-WTF) Strictly necessary Protection of forms against cross-site request forgery (CSRF). 1 hour First party (Saldo.link)

Server-side records

In addition to the cookies listed above, the Website stores the following data on the server side (in the internal database table Connections) in order to remember the user's choice regarding the GDPR / cookie notice and to ensure security:

  • the visitor's IP address;
  • the country code according to the ISO 3166-1 alpha-2 standard;
  • a mark of the consent given and its date.

This data is not stored on the user's device and is not cookies in the strict sense, but it is listed here for transparency.

5. Third-party services

The Website uses certain external services that may place their own cookies in the user's browser or process technical information (for example, the IP address) to deliver their services. We do not manage these third-party cookies, and their processing is carried out in accordance with the privacy policies of these service providers.

These services are used only for the delivery of technical resources (fonts, libraries) and are not intended for tracking user behaviour within Saldo.link.

6. Legal basis

The processing of cookies and related information is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), the Personal Data Processing Law of the Republic of Latvia, the requirements of Directive 2002/58/EC (the ePrivacy Directive) and the Latvian Electronic Communications Law.

  • GDPR Article 6(1)(a) — consent: applies to optional cookies (for example, the functional “Remember me” cookie) and to the records of the consent notice.
  • GDPR Article 6(1)(b) — performance of a contract: applies to authenticated user sessions necessary to provide the contractual SaaS service.
  • GDPR Article 6(1)(f) — legitimate interests: applies to strictly necessary cookies (session, CSRF protection) and to basic security and fraud prevention measures. The legitimate interests are to ensure the technical operation of the Website and the security of user data.

In accordance with the ePrivacy Directive and the Electronic Communications Law, strictly necessary cookies that are essential for the provision of the service are not subject to the consent requirement.

7. How you can manage cookies

The user may at any time manage, restrict or delete cookies by changing the browser's settings. Cookie management instructions are available in the support sections of the most popular browsers:

  • Google Chrome: Settings → Privacy and security → Cookies and other site data.
  • Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data.
  • Microsoft Edge: Settings → Cookies and site permissions.
  • Apple Safari: Preferences → Privacy → Manage Website Data.

Important: if strictly necessary cookies (the CSRF token) are blocked, the Website will not be able to function correctly — the user will not be able to sign in, submit forms or use the core functionality of Saldo.link.

8. Your rights under the GDPR

Under the GDPR, as a data subject you have the following rights with regard to your personal data:

  • Right of access — to receive confirmation as to whether your data is being processed and to request access to that data.
  • Right to rectification — to request the correction of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) — to request the deletion of data where there is no longer a legal basis for its processing.
  • Right to restriction of processing — in certain cases, to request that processing be restricted.
  • Right to object to data processing based on legitimate interests.
  • Right to data portability — to receive your data in a structured, commonly used and machine-readable format.
  • Right to withdraw consent at any time, where processing is based on consent.

To exercise these rights, please contact us using the contact information provided in Section 11.

9. Data retention

Saldo.link applies the principle of data minimisation — it processes only as much data as is necessary to achieve the specific purpose, and keeps it only for as long as is justified:

  • Session data (CSRF token) — stored only until the end of the session or after 60 minutes of inactivity; the data is then automatically deleted.
  • “Remember me” cookie — stored for up to 1 hour.
  • Connection records (IP address, country code, consent mark in the Connections table) — stored on the basis of legitimate interests and the obligation to demonstrate consent; normally no longer than 12 months, unless legal acts or security considerations require a longer retention period.

After the retention period has expired, the data is deleted or anonymised.

10. Changes to the policy

We reserve the right to update this cookie policy at any time to reflect changes in the operation of the Website, technologies or applicable legislation. The current version of the policy is always available on this page, and the date of its last update is indicated in Section 1.

In the event of substantial changes, an additional notice may be displayed on the Website. We encourage users to review this policy periodically in order to be informed of any changes.

11. Contacts

If you have any questions, requests or complaints about cookies or the processing of personal data at Saldo.link, please contact us:

We will endeavour to respond to your request without undue delay and in any event no later than within one month of receiving the request, as set out in Article 12 of the GDPR.