Privacy

TL;DR

We don't ask for your name, email, or login. We log your IP address temporarily so people can't spam the site. We never show it publicly. We don't run ad trackers. That's it.

What we collect when you submit

• The salary data you type. Company, role, years of experience, base, total comp, work type, optional comments. This is published on the site as you entered it, with your identity stripped.
• Your IP address.Stored on the server in a column that is never returned to any public API, never rendered in HTML, and never shared with third parties. We use it for two things: enforcing the "max 3 entries per IP per 24 hours" rate limit, and catching duplicate submissions of the same salary tuple.
• A Cloudflare Turnstile token.Used once to verify you're not a bot, then discarded. Cloudflare's privacy policy applies to that one network call — they say they don't use it to profile you.

What we don't collect

• Your name, email, phone, or LinkedIn.
• Your employer's verification of your employment.
• Browser fingerprints, device IDs, or any cross-site identifiers.
• Third-party analytics cookies. No Google Analytics, no Meta Pixel, no Mixpanel.
• Payment info. Nothing on this site costs money.

Who sees your IP

Our server code and our database, and nobody else. It's not in any public API response. It's not in the sitemap. It's not in the OG image. A third-party scraping this site cannot see it. If we ever add server analytics (e.g. Vercel Analytics) we will update this page first.

How long we keep it

Salary submissions are kept indefinitely — they're the whole point of the site. The associated IP address is kept as long as the submission is kept, scoped only to the dedupe / rate-limit tables it was written to. We don't currently auto-purge old IPs; if you'd like yours removed, see the takedown section below.

Anonymity, honestly

"Anonymous" on the public internet is a spectrum, not a binary. We've done the technical work to make individual submissions non-attributable in our public surface area — IP column private, no account system to correlate sessions, no fingerprinting.

What we can'tpromise: if you write something in the optional Comments field that personally identifies you ("I'm the only Staff PM at Company X with 13 years of experience"), we can't protect you from your own words. Keep comments generic.

If you're submitting a rare combination of company + role + level, remember that small samples are identifying. We show "not enough data" for companies with < 3 entries partly for this reason.

Flags and moderation

Any visitor can flag an entry or insight. We log the flag and the submitter's IP for anti-abuse reasons. Three flags auto-hide the target; a human reviews it on the admin dashboard. Flag data is never public.

Takedowns and deletion requests

If you posted something you want removed, or you're named in someone else's comment and want it edited or removed, tell us. We'll act within one business day. Include the entry URL so we know exactly what to remove.

We also honor requests to purge your IP from our dedupe table — contact us with rough timing ("I submitted around 15 April") and we'll handle it.

Where the data lives

The site runs on Vercel. The database is Supabase (Postgres). Bot protection is Cloudflare Turnstile. Data validation uses an LLM provider. Each of those providers has its own privacy policy and security posture — we chose each for sensible defaults, but we're not a party to promises their policies make.

Changes to this page

When we change what we collect or how we use it, we update this page and bump the date at the top. If the change is material — e.g. adding analytics — we'll also mention it on the homepage for a week.