Privacy Policy — Celatum

                Key principle: Celatum is a local-first desktop application. Your documents are processed entirely on your device. We never receive, access, or store the content of your documents.
            

1. Controller

The data controller for this application is:

Salvioni Digital Solutions
Switzerland
Website: salvionisolutions.ch
Contact: info@celatum.ch

2. What This Application Does

Celatum detects and redacts personally identifiable information (PII) in text and documents. All processing — text extraction, PII detection via a local ONNX machine-learning model, anonymization, pseudonymization, and translation — happens exclusively on your device. No document content is transmitted over the network.

3. Data We Process

3.1 Data that never leaves your device

Data	Purpose	Storage
Documents you open	PII detection and redaction	In memory only; released after processing or on session wipe
Detected PII entities	Displayed for review before redaction	In memory; zeroed via secure wipe on reset, tab switch, file close, or app shutdown
Pseudonymized templates (.piia)	Saved by you for later re-population	On your disk, in the directory you choose
User glossary	Custom translation terms	`~/.celatum/glossary.csv`
Application preferences	Theme, language, settings	Browser localStorage within the app
Audit log	Tamper-evident record of security events (no PII content)	`~/.celatum/audit.log`
Error log	Debugging information (no PII content)	`~/.celatum/errors.log`
Temporary files	Intermediate processing during template operations	OS temp directory; cleaned up immediately and on next app startup

3.2 Data transmitted to our server

Data	Purpose	Legal basis
License key	Activate and validate your license	Performance of contract (GDPR Art. 6(1)(b) / nFADP Art. 31(2)(a))
Hashed device identifier	Bind the license to your device (SHA-256 hash of MAC address, hostname, and OS — the raw values are never transmitted)	Performance of contract
Device name	Display in your license management dashboard	Performance of contract
Version check request	Check if a newer version is available (no personal data in the payload)	Legitimate interest (GDPR Art. 6(1)(f) / nFADP Art. 31(1))

All network communication uses TLS 1.2 or higher. Connections are restricted to an allow-list of hosts (celatum.ch). No other outbound connections are permitted.

3.3 Data we do NOT collect

Document content, text, or detected PII — never transmitted
Usage analytics or telemetry — all third-party telemetry (HuggingFace Hub, MLflow, Weights & Biases, Comet) is disabled at startup
Crash reports — not sent automatically; error logs remain on your device
IP addresses — not logged by the license server beyond standard web-server access logs (retained for 30 days for abuse prevention)

4. Machine-Learning Model

The GLiNER ONNX model runs locally via the ONNX Runtime library. After the initial download, the model operates fully offline. No input data, tokens, or inference results are sent externally. The application disables all upstream telemetry at startup.

5. Memory Security

The application implements defense-in-depth measures to minimize the time PII resides in memory:

Extracted text and detected entities are zeroed via secure memory wiping whenever the session is reset, a tab is switched, a file is closed, or the app shuts down.
A forced garbage collection cycle runs after each wipe to accelerate memory reclamation.
The most recent detection results are cached only to enable secure wiping; they are overwritten on each new detection.

Known limitation: Go strings are immutable values managed by a garbage collector. While the application zeroes the backing memory of heap-allocated strings, the Go runtime may retain copies during garbage collection compaction cycles. This is a language-level constraint and is documented as such. The measures taken satisfy the “reasonable technical measures” standard under both GDPR Art. 32 and nFADP Art. 8.

6. Data Retention

Documents: Never stored by the application. Exist in memory only during active processing.
License data: Stored locally in an AES-256-GCM encrypted envelope bound to your device. Deleted when you remove ~/.celatum/.
Audit and error logs: Stored locally. You may delete them at any time by removing the files in ~/.celatum/.
Server-side license records: Retained for the duration of your license plus 90 days, then deleted.

7. Your Rights

Under the GDPR (EU/EEA residents)

You have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data. You may also withdraw consent at any time and lodge a complaint with your supervisory authority.

Under the nFADP (Switzerland)

You have the right to information (Art. 25), rectification (Art. 32(1)), erasure or destruction (Art. 32(2)(c)), and data portability (Art. 28). You may lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC).

To exercise any of these rights, contact info@celatum.ch. We will respond within 30 days.

For data stored locally on your device, you are in full control: delete ~/.celatum/ to remove all application data, or use the “Reset to defaults” button in Settings to reset the glossary.

8. Data Transfers

The license server is hosted in Switzerland. License activation and validation requests are transmitted exclusively to servers located in Switzerland. No personal data is transferred to countries outside of Switzerland or the EU/EEA.

9. Security Measures

All network traffic encrypted with TLS 1.2+
Network allow-list restricts outbound connections to the license server only
License data encrypted at rest with AES-256-GCM, key derived from device-specific material
All local files created with restrictive permissions (0600/0700)
Append-only, tamper-evident audit log
Secure memory zeroing after each processing session
Stale temporary files purged on every app startup
Third-party telemetry disabled at process level

10. Children

This application is a professional tool not directed at children under 16. We do not knowingly process personal data of children.

11. Changes to This Policy

We may update this policy to reflect changes in the application or applicable law. The “Last updated” date at the top indicates the most recent revision. Material changes will be communicated via the application’s update notification.

12. Contact

Salvioni Digital Solutions
Email: info@celatum.ch
Website: salvionisolutions.ch