How does Salary Confidential protect my identity and data?

Privacy is an onion: we limit the data we collect; we gate access to the data we collect; we defend the data we collect

Design philosophy

Salary Confidential is built on a privacy-first architecture. We collect the minimum amount of information required to deliver accurate results and prevent fraud.
Everything in our product design follows a single principle: you remain anonymous, but your data remains useful.

From a technical perspective, we assume our platform could be at risk from bots, scrapers, and attacks. Our minimalist approach to data collection helps limit our surface area, and we use various defensive approaches to deter technical abuse.

What we don’t collect

We never collect or store personally identifiable information from Respondents such as name, address, or login credentials.

Requesters share their identity voluntarily and publicly (via LinkedIn verification and professional email). Respondents, by contrast, are completely private actors — their participation leaves only the data they explicitly choose to share, and nothing more.

What we do collect

We store:

• The data you explicitly submit in your Survey response.
• A timestamp and IP address (for fraud and audit defense).
• Limited technical logs to monitor performance and prevent abuse.

This technical metadata is never exposed to Requesters and are never used for analytics or advertising. In fact, it's never published in any of our APIs and there are no pathways to hit our database directly from external resources

Our invitation tokens are designed for privacy

We've built invitation tokens as a way to control who gets to respond to a survey (Only participants invited by the requester) but did so using cryptographic technology designed to prevent a requester from ever establishing whether or who used which invitation token

The Salary Confidential platform also does not know who is using which token: No one can snoop if we don't collect information that can be snooped on We explain our approach in two FAQ items: The general version and the technical version

Security measures

• We use strict database access policies -- our database can never be hit directly by any applications other than our own -- and internal audit logs to prevent unauthorized viewing.

• Our public API is a strictly limited subset of our database, exposing only the minimal fields required to render surveys and reports.

• When we expose more sensitive data, these live in a separate API surface that require authentication and a check of ownership that the person requesting the information is the authenticated owner.

• Our infrastructure is hosted on Cloudflare, and makes full use of its various tools to filter malicious traffic through Web Application Firewall (WAF), Bot Fight Mode, and AI Crawl Control.

• Email addresses (for Requesters) are held-back from survey form pages unless specifically requested by clicking a button to reveal: this request comes in through a custom system where we use a silent captcha to ensure a human made the request. (If you're a technical person: all requests are coming server-side)

Human access

No human at Salary Confidential manually reviews response content except in two rare cases:

1. When a Respondent contacts support to request deletion or correction.
2. When an audit investigation is necessary to confirm platform integrity.

Otherwise, all response handling is automated.