Privacy

Privacy Policy

Last updated: December 26, 2025 | Effective: December 26, 2025

Your data is encrypted
AES-256 at rest, TLS 1.3 in transit
GDPR & CCPA compliant
Full regulatory compliance
You own your data
Export or delete anytime

Our Commitment to Privacy

At Solinth, we believe privacy is a fundamental right. We collect only what's necessary to provide our services, protect it with industry-leading security, and never sell your data to third parties. This policy explains how we collect, use, and protect your information.

Contents

  1. 1. Information We Collect
  2. 2. How We Use Your Information
  3. 3. Data Storage & Security
  4. 4. Third-Party Integrations
  5. 5. Data Sharing
  6. 6. Your Rights (GDPR/CCPA)
  7. 7. Cookies & Tracking
  8. 8. Data Retention
  9. 9. International Transfers
  10. 10. Children's Privacy
  11. 11. Changes to This Policy
  12. 12. Contact Us

1. Information We Collect

Information you provide directly:

  • Account information: Name, email address, company name, job title
  • Payment information: Processed securely via Stripe (we never store full card numbers)
  • Business data: Data you upload, import, or connect through integrations
  • Communications: Support tickets, emails, and feedback you send us
  • API data: Events sent via our Custom Metrics API

Information collected automatically:

  • Usage data: Pages visited, features used, actions taken (via PostHog)
  • Device information: Browser type, operating system, screen resolution
  • Network information: IP address (anonymized for EU users), approximate location
  • Error data: Crash reports and error logs (via Sentry)
  • Cookies: See our Cookie Policy

Information from third-party integrations:

  • OAuth connections: When you connect services like Stripe, HubSpot, or Google, we receive access tokens and the data you authorize
  • Webhook data: Real-time events from connected services (payments, orders, etc.)
  • Imported data: Spreadsheets, CSV files, and other data you upload

2. How We Use Your Information

We use your information to:

  • Provide our services: Display dashboards, generate analytics, process correlations
  • Process payments: Charge subscriptions, issue invoices, prevent fraud
  • Improve our product: Analyze usage patterns, identify bugs, develop new features
  • Communicate with you: Send service updates, respond to support requests
  • Ensure security: Detect abuse, prevent unauthorized access, maintain audit logs
  • Comply with law: Meet legal obligations, respond to lawful requests

We never:

  • Sell your data to advertisers or data brokers
  • Use your business data to train AI models
  • Share your data with third parties for their marketing
  • Access your data without a legitimate business purpose

3. Data Storage & Security

We implement industry-leading security measures:

  • Encryption at rest: AES-256 encryption for all stored data
  • Encryption in transit: TLS 1.3 for all data transmission
  • Infrastructure: Hosted on SOC 2 Type II compliant providers (Vercel, Railway, Supabase)
  • Access controls: Role-based access, principle of least privilege
  • Audit logging: Comprehensive logs of all data access and modifications
  • Backups: Automated daily backups with point-in-time recovery
  • Monitoring: 24/7 security monitoring and alerting
SOC 2
Type II Compliant
GDPR
Compliant
CCPA
Compliant
99.9%
Uptime SLA

4. Third-Party Integrations

When you connect third-party services, we access only the data you authorize:

CategoryExamplesData Accessed
PaymentsStripe, PayPal, SquareTransactions, invoices, customers
CRMHubSpot, SalesforceContacts, deals, companies
AccountingQuickBooks, XeroInvoices, expenses, reports
SocialInstagram, TikTokPosts, metrics, insights
AnalyticsGoogle AnalyticsSessions, conversions, traffic

OAuth tokens are stored encrypted and can be revoked at any time from Settings → Integrations.

5. Data Sharing

We share your data only in these limited circumstances:

  • Service providers: Trusted partners who help us operate:
    • Stripe (payments)
    • Vercel (hosting)
    • Supabase (database)
    • Railway (infrastructure)
    • PostHog (analytics)
    • Sentry (error tracking)
    • Resend (email)
  • Legal requirements: When required by law or to protect rights and safety
  • Business transfers: In the event of a merger or acquisition (with notice)
  • With your consent: When you explicitly authorize sharing

All service providers are contractually obligated to protect your data and use it only as directed by us. See our Data Processing Agreement for details.

6. Your Rights (GDPR/CCPA)

Depending on your location, you have the following rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you

Right to Rectification

Correct inaccurate or incomplete personal data

Right to Erasure

Request deletion of your data ("right to be forgotten")

Right to Portability

Export your data in a machine-readable format

Right to Object

Opt-out of certain data processing activities

Right to Restrict

Limit how we process your personal data

How to exercise your rights:

  • Self-service: Settings → Privacy → Data Management
  • Email: privacy@solinth.com
  • Response time: Within 30 days (GDPR) / 45 days (CCPA)

California residents: You have additional rights under CCPA including the right to know what personal information is collected, sold, or disclosed, and the right to opt-out of the sale of personal information. We do not sell personal information.

7. Cookies & Tracking

We use cookies and similar technologies for:

  • Essential cookies: Authentication, security, preferences
  • Analytics cookies: Understanding usage patterns (PostHog)
  • Error tracking: Identifying and fixing bugs (Sentry)

You can manage your cookie preferences at any time using our cookie consent banner or by visiting Cookie Settings.

For detailed information about each cookie we use, see our Cookie Policy.

8. Data Retention

We retain your data for as long as necessary to provide our services:

Data TypeRetention Period
Account dataUntil account deletion + 30 days
Analytics events2 years (configurable)
Audit logs7 years (compliance)
Support tickets3 years after resolution
Payment records7 years (tax compliance)
Error logs90 days

After account deletion, we retain anonymized aggregate data for analytics purposes.

9. International Data Transfers

We're based in the United States but serve customers globally. When we transfer data internationally, we ensure appropriate safeguards:

  • EU-US Data Privacy Framework: We comply with the EU-US DPF for transfers from the EU
  • Standard Contractual Clauses: We use EU-approved SCCs with all sub-processors
  • Supplementary measures: Additional technical and organizational safeguards

For EU customers requiring data residency, contact us about our EU data center options.

10. Children's Privacy

Solinth is a business tool not intended for children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@solinth.com.

11. Changes to This Policy

We may update this policy from time to time. For significant changes:

  • We'll notify you via email at least 30 days in advance
  • We'll display a prominent notice in the app
  • We'll update the "Last updated" date at the top
  • For material changes affecting your rights, we may require re-consent

Continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or to exercise your rights:

Privacy Team

privacy@solinth.com

Data Protection Officer

dpo@solinth.com

Mailing Address

Solinth, Inc.
Attn: Privacy Team
100 Market Street, Suite 300
San Francisco, CA 94105
United States

For GDPR inquiries from EU residents, you may also contact your local data protection authority.