Skip to content
SFADDON
SFADDONLegal

Privacy Policy

Last updated: May 2026 · SFADDON India LLP

1. About This Policy

This Privacy Policy describes how SFADDON India LLP ("SFADDON", "we", "us") collects, uses, and protects information when you use SFADDON, our enterprise software platform for SAP SuccessFactors.

We are committed to protecting the privacy of your organisation and your employees. This policy explains exactly what data we access, what we store, and what we do not.

2. Our Approach to Data

SFADDON is designed around a principle of minimal data retention. When SFADDON processes data from your SAP SuccessFactors tenant:

  • We connect to your instance via the SAP SuccessFactors API using credentials you provide
  • We process only the data required to deliver the service's functionality
  • We retain only the results needed to operate SFADDON — and discard transient source data after processing

We do not store employee names, personal identifiers, compensation data, performance ratings, or any other personally identifiable information (PII) from your SAP SuccessFactors tenant beyond what is strictly required to deliver the service. Source data retrieved during processing that is not required for the service is processed in memory and discarded immediately after evaluation.

3. Information We Collect

3.1 Account Information

When your organisation is onboarded to SFADDON, we collect the name, work email address, and an encrypted password for each user account. This information is necessary to provide secure access to the platform.

3.2 Connection Credentials

To connect to your SAP SuccessFactors instance, we store your SF instance URL and API credentials. All credentials are encrypted using AES-256-GCM before storage. We never store credentials in plaintext and they are only decrypted in memory at the time of processing.

3.3 Service Data

To operate the service, we store the records and results required by SFADDON's functionality, together with summaries and metadata that enable reporting, historical comparison, and audit. We retain only what the service requires, not raw source records that are not needed.

3.4 Usage Information

We collect basic usage information such as login timestamps, pages visited, and features used. This helps us improve the platform experience. This data is never linked to individual employees in your SAP SuccessFactors tenant.

4. How We Use Your Information

We use the information we collect to:

  • Provide and operate the SFADDON service for your SAP SuccessFactors landscape
  • Generate reports and deliver scheduled summaries
  • Send notifications about service activity, status changes, and detected issues
  • Analyse trends and provide AI-powered insights where applicable
  • Communicate service updates, maintenance notices, and security alerts
  • Improve our platform features, algorithms, and reliability

We do not sell, rent, or share your data with third parties for advertising or marketing purposes.

5. Data Security

We implement multiple layers of security to protect your data:

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256-GCM)
  • Authentication: JWT-based dual-token authentication with httpOnly secure cookies
  • Multi-factor authentication: TOTP-based MFA enforced for all user accounts
  • Rate limiting: API rate limiting to prevent abuse and brute-force attacks
  • Access control: Role-based access control
  • Audit logging: Complete audit trail of all user actions for compliance

Our infrastructure is hosted on platforms with independent security certifications: Vercel (SOC 2 Type II), Neon (SOC 2), and Upstash (SOC 2). SFADDON is committed to pursuing its own SOC 2 certification as the platform scales.

6. Data Retention

Account data is retained for the duration of your active subscription. Service data and history are retained based on your subscription plan, as described in your plan terms.

Upon termination of your subscription, all associated data — including account information, service data, and encrypted credentials — is permanently deleted within 30 days.

7. Regulatory Compliance

SFADDON is designed with privacy by default, aligned with:

  • GDPR (EU): We support data subject rights including access, rectification, erasure, and data portability for users in the European Economic Area
  • DPDPA 2023 (India): As an India-registered entity, SFADDON processes personal data in accordance with the Digital Personal Data Protection Act, 2023

Our minimal data retention approach means we limit the categories of personal data that typically trigger complex compliance obligations. The data we retain (account details and service data) is straightforward to manage, export, and delete.

8. Third-Party Services

SFADDON uses the following infrastructure providers to deliver the service:

  • Vercel — Application hosting and serverless execution
  • Neon — PostgreSQL database
  • Upstash — Redis caching and rate limiting
  • Resend — Transactional email delivery
  • Anthropic — AI-powered analysis (where applicable)

These providers process data solely to deliver SFADDON services. We do not share your data with any third party for purposes unrelated to service delivery.

9. Data Breach Notification

In the event of a confirmed data breach affecting your account information or service data, SFADDON will notify affected organisations within 72 hours of confirmation. Notification will include the nature of the breach, the data potentially affected, and the steps we are taking in response.

10. Your Rights

You have the right to:

  • Request access to the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and all associated data
  • Export your service data
  • Withdraw consent for optional communications

To exercise any of these rights, contact us at support@sfaddon.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to your registered address at least 15 days before they take effect. The date at the top of this policy indicates when it was last updated.

12. Contact

For privacy-related questions or to exercise your data rights:

SFADDON India LLP
Pune, Maharashtra, India
Email: support@sfaddon.com
Website: sfaddon.com

Terms of ServicePrivacy PolicyDPAAcceptable UseCookiesSubprocessors
© 2026 SFADDON India LLP. All rights reserved. · sfaddon.com