At a glance
- The
sapctlCLI is local-first. It does not phone home, send telemetry, or upload SAP data to us by default. - Our website uses privacy-preserving analytics with no cross-site identifiers and no third-party ad cookies.
- Our cloud services (Team, Business, Enterprise) process customer data strictly as a processor under a signed DPA.
- We are GDPR, UK GDPR, CCPA/CPRA, LGPD, and PIPEDA aligned. Standard Contractual Clauses are used for international transfers.
Who we are
sapctl Labs Ltd. (“sapctl”, “we”, “us”) is the controller for personal data collected via the sapctl website, GitHub project, and managed cloud services. Registered office: 22 Featherstone Street, London EC1Y 8RT, United Kingdom. Companies House no. 16243389. Our Data Protection Officer can be reached at dpo@sapctl.dev.
What we collect
From visitors to this website
- Page-level visit metadata (URL path, referrer, country, anonymised user agent) via a self-hosted, cookie-free analytics endpoint.
- IP address (truncated to /24 IPv4 or /48 IPv6 before storage) for rate-limiting and security telemetry only.
- Form submissions (name, work email, company, message) when you contact us or request a demo.
From CLI users
- No anonymous telemetry is collected by default. If you opt in with
sapctl telemetry on, we receive sub-command names invoked, duration, error class, OS, and CLI version. We never receive flag values, arguments, command output, or SAP data. - If you sign in to the optional Trust Portal, we collect: email, organisation, hashed password (Argon2id), MFA seed metadata, sign-in IP/UA, and an audit log of sensitive actions.
From paying customers
- Billing contact name, work email, billing address, tax ID, and payment-method metadata (last 4 digits, brand, expiry — we never store full card numbers; payment processing is delegated to Stripe).
- Tenant configuration: organisation name, allowed SAP tenants, role assignments, project metadata.
Why we collect it
| Purpose | Data | Legal basis |
|---|---|---|
| Operate the website and CLI | Visit metadata, opt-in telemetry | Legitimate interest · Consent |
| Respond to enquiries | Contact-form data | Legitimate interest · Pre-contract |
| Deliver paid services | Account, billing, tenant config | Contract |
| Security & abuse prevention | Truncated IPs, audit logs | Legitimate interest · Legal obligation |
| Comply with tax/accounting law | Billing records | Legal obligation |
Legal basis (GDPR)
Where the GDPR or UK GDPR applies we rely on one of: (a) your consent (telemetry, marketing email); (b) the necessity of performing a contract with you (paid services); (c) compliance with a legal obligation (tax, security incident reporting); or (d) our legitimate interests in running and securing the service, balanced against your rights.
What the CLI sends
By default the CLI communicates only with the SAP tenants you authenticate against and with localhost. The matrix below describes every outbound destination and how to disable it:
| Destination | Default | Disable |
|---|---|---|
| Your SAP tenant(s) | On | n/a — required for CLI to function |
| SAP-published OpenAPI catalogues | On (cached) | --offline or SAPCTL_OFFLINE=1 |
| Update checker (GitHub releases) | On | sapctl config set update.check false |
| Anonymous usage telemetry | Off | Opt-in via sapctl telemetry on |
| Crash reports | Off | Opt-in per invocation with --report-crashes |
Cookies & analytics
This website uses two strictly-necessary cookies: sapctl-theme (your light/dark preference, first-party, 1 year) and sapctl-csrf (CSRF token on form pages, session). We do not use third-party advertising cookies, marketing pixels, or cross-site trackers. See the cookie policy for the full register.
Sharing & sub-processors
We do not sell personal data and we do not share it for advertising. We use a small number of carefully selected sub-processors — see the sub-processor list. We will not add or change a sub-processor without 30 days’ notice; subscribe to the sub-processor feed for updates.
International transfers
Our infrastructure is hosted in the EU (Frankfurt, Dublin) by default and in the US (us-east-1, us-west-2) for customers who opt in. Where personal data is transferred outside the EEA/UK we rely on the European Commission’s Standard Contractual Clauses (2021/914) and, where applicable, the UK’s International Data Transfer Addendum, supplemented by encryption-in-transit (TLS 1.3) and encryption-at-rest (AES-256-GCM).
Retention
- Website analytics: 12 months, then aggregated.
- Account data: lifetime of the account + 30 days.
- Audit logs: 13 months, hash-chained and tamper-evident.
- Billing records: 7 years (statutory retention under UK Companies Act 2006 s.388).
Your rights
You have the right to: access, rectification, erasure, restriction of processing, data portability, and objection. Where we rely on consent you may withdraw it at any time. EEA/UK residents may complain to a supervisory authority (in the UK: the Information Commissioner’s Office, ico.org.uk). California residents have the rights described in the CCPA/CPRA, including the right to know, delete, correct, and opt-out of “sharing”. We do not sell personal information.
To exercise any right, email privacy@sapctl.dev from the address on your account. We respond within 30 days.
Security
See our security policy and the Trust Portal for certifications, SBOMs, and pen-test summaries.
Children
sapctl is a developer tool and is not directed to children under 16. We do not knowingly collect personal data from children.
Changes to this policy
We will post any material change here at least 30 days before it takes effect and notify account holders by email. A version history is maintained on our policy repository.
Contact
Data Protection Officer · dpo@sapctl.dev
Privacy enquiries · privacy@sapctl.dev
EU representative (Art. 27 GDPR) · eu-rep@sapctl.dev, c/o Prighter, Schwarzenbergplatz 4, 1030 Wien, Austria.