SoloSilo

1. Who Is the Data Controller?

SoloSilo is the data controller for personal data collected through the Service. If you have any questions about how we handle your data, you can contact our privacy team at [email protected].

2. What Data We Collect

We collect the following categories of personal data:

Category	Examples	Purpose
Account data	Name, email address, profile picture	Account creation and authentication
Business data	Client details, project names, invoices, tasks, time entries	Providing the core Service features
Usage data	Pages visited, features used, session duration	Improving the Service and analytics
Technical data	IP address, browser type, device identifiers, cookies	Security, fraud prevention, and performance
Payment data	Billing address, last 4 digits of card (via Stripe)	Processing subscriptions and payments
Communications	Support emails, feedback submissions	Responding to enquiries and improving the Service

We do not collect sensitive personal data (such as health information or political opinions) and we do not collect data from children under the age of 18.

3. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases to process your personal data:

Contract performance — processing necessary to provide the Service you have signed up for (e.g., storing your projects and invoices).
Legitimate interests — processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, where those interests are not overridden by your rights.
Legal obligation — processing required to comply with applicable laws (e.g., retaining financial records).
Consent — where you have given explicit consent, such as for non-essential cookies or marketing communications. You may withdraw consent at any time.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service. When you first visit SoloSilo, we will ask for your consent before placing any non-essential cookies.

Category	Description	Consent required?
Strictly necessary	Authentication tokens, session management, security	No — essential to operate the Service
Functional	User preferences (theme, language, sidebar state)	Yes
Analytics	Anonymised usage statistics to improve the Service	Yes

You can manage or withdraw your cookie consent at any time by clicking the "Cookie Settings" link in the footer of any page.

5. How We Share Your Data

We do not sell your personal data. We share data only with trusted third-party service providers who process it on our behalf, under strict data processing agreements:

Stripe — payment processing. Data is subject to Stripe's Privacy Policy.
Cloud infrastructure providers — hosting and database services.
Email delivery providers — transactional and notification emails.
Analytics providers — anonymised usage analytics (only with your consent).

We may also disclose your data if required to do so by law, court order, or governmental authority, or to protect the rights, property, or safety of SoloSilo, our users, or others.

6. International Data Transfers

Some of our service providers may process data outside the UK or EEA. Where this occurs, we ensure that appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs), to protect your data to a standard equivalent to UK GDPR.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymise your personal data within 90 days, except where we are required to retain it for legal or regulatory purposes (such as financial records, which are retained for up to 7 years under UK law).

8. Your Rights Under UK GDPR

Under UK GDPR, you have the following rights regarding your personal data:

Right of access — request a copy of the personal data we hold about you.
Right to rectification — request correction of inaccurate or incomplete data.
Right to erasure — request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
Right to restriction — request that we restrict processing of your data in certain circumstances.
Right to data portability — receive your data in a structured, machine-readable format.
Right to object — object to processing based on legitimate interests or for direct marketing.
Rights related to automated decision-making — we do not make solely automated decisions with legal or significant effects on you.

To exercise any of these rights, please contact us at [email protected]. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These measures include encryption in transit (TLS), access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via an in-app notice and update the effective date at the top of this page. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at [email protected].