Anstella

Security & privacy

Last updated: 20/06/2026

This page is maintained by Anstella and answers common questions about security and privacy in the service. It is not an independent certification or audit — it describes what is enabled in the application today.

Access & authentication

Anstella is a public tool and requires no sign-in to calculate employer cost or market salary. When you choose to email a calculation to yourself, you must actively consent to us storing your email. Administrative endpoints (e.g. the salary cache prewarm) are protected by a server-only secret and are not reachable from the browser.

Platform & hosting

The service runs on Lovable Cloud. Backend, database and edge functions run in the EU. Traffic is encrypted with TLS in transit and the database is encrypted at rest by the platform provider. Anstella is responsible for the application code and configuration; Lovable is responsible for the underlying platform.

Data we collect

We only store what you submit through the forms: email address, the selected form (cost or market salary), a limited set of calculation details (e.g. monthly salary, selected occupation), and your consent with timestamp. Input is validated and size-bounded on the server before it is persisted.

Database access

The database uses role-based access with row-level security (RLS) enabled on tables containing user data. Only server-side code with the service role can write leads; client-side reads of that table are not allowed.

Subprocessors & data sources

  • Lovable Cloud (hosting, database, edge functions) – EU.
  • Statistics Sweden (SCB) – public PxWeb API for salary statistics. No personal data is sent to SCB.

Cookies & analytics

We use a cookie consent banner. Functional cookies required to run the service are set by default. Other cookies (e.g. analytics or advertising) are only set after you actively opt in.

Retention & deletion

Collected leads are retained until you request deletion. Request deletion or a data export via the contact form or through our privacy policy.

Reporting & security contact

Think you found a vulnerability or security issue? Reach us via the contact form and we will get back to you. Please include a description and steps to reproduce.

What this page does not claim

This page is not a certificate or audit report. We make no claims of SOC 2, ISO 27001, GDPR compliance or other formal frameworks without separate documentation. Reach out if you need materials for a DPA or vendor review.