At Solis OS ("we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services (the "Service"). Please read this policy carefully. By using the Service, you consent to the data practices described in this policy.
1. Information We Collect
1.1 Account Information
When you create an account, we collect information you provide directly, including:
- Full name and email address
- Business name, type, and contact details
- Phone number
- Password (stored in encrypted form)
- Profile photo (optional)
1.2 Business Data
As you use the Service, you may input and store business-related information, including:
- Customer records (names, contact details, visit history)
- Booking and appointment data
- Invoice and payment records
- Service and product listings
- Staff and team member information
- Messages sent through integrated channels (e.g., WhatsApp)
- Form submissions and survey responses
You are the data controller for all business data you store on our platform. We process this data on your behalf as a data processor.
1.3 Usage Data
We automatically collect certain information when you access or use the Service, including:
- Device information (browser type, operating system, device type)
- IP address and approximate geographic location
- Pages visited, features used, and actions taken within the platform
- Date and time of access, session duration
- Referring website or source
- Error logs and performance data
1.4 Payment Information
We do not directly collect or store your payment card details. All payment processing is handled by our payment provider, Paddle, which operates as the Merchant of Record. Paddle collects and processes your billing information in accordance with their own privacy policy and PCI-DSS compliance standards.
2. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Providing, operating, and maintaining the Service | Performance of contract |
| Processing your subscription and billing | Performance of contract |
| Sending transactional emails (account confirmations, password resets, billing receipts) | Performance of contract |
| Providing customer support | Performance of contract |
| Improving and optimizing the Service | Legitimate interest |
| Analyzing usage patterns and trends | Legitimate interest |
| Detecting, preventing, and addressing technical issues or fraud | Legitimate interest |
| Sending product updates and feature announcements (with opt-out) | Legitimate interest / Consent |
| Complying with legal obligations | Legal obligation |
We will never sell your personal information or business data to third parties.
3. Data Storage and Security
We implement appropriate technical and organizational security measures to protect your data, including:
- Encryption of data in transit (TLS/SSL) and at rest (AES-256)
- Regular security audits and vulnerability assessments
- Access controls and authentication mechanisms for our team
- Automated backups with geographic redundancy
- Monitoring and logging of access to systems containing personal data
While we strive to protect your data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security but will notify you and relevant authorities of any data breach in accordance with applicable law.
4. Third-Party Services
We work with the following categories of third-party service providers who may have access to your information:
4.1 Payment Processing
Paddle processes all subscription payments as our Merchant of Record. Paddle may collect your name, email, billing address, and payment details. See Paddle's Privacy Policy.
4.2 Analytics
We use analytics services to understand how users interact with our Service. These services may collect anonymized usage data such as pages viewed, session duration, and feature usage. We configure analytics tools to minimize personal data collection and respect Do Not Track signals where applicable.
4.3 Infrastructure and Hosting
Our Service is hosted on cloud infrastructure providers that maintain industry-standard security certifications. Your data may be stored in data centers located in the United States, the European Union, or other jurisdictions with adequate data protection standards.
4.4 Communication Services
When you use integrated messaging features (such as WhatsApp), messages are transmitted through the respective platform's infrastructure. These platforms have their own privacy policies governing message data.
5. Cookies and Tracking Technologies
5.1 What Cookies We Use
We use the following types of cookies:
- Essential cookies: Required for the Service to function (e.g., authentication, session management). These cannot be disabled.
- Analytics cookies: Help us understand how visitors interact with our website and platform to improve the user experience.
- Preference cookies: Remember your settings and preferences (e.g., language, display preferences).
5.2 Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling essential cookies may affect the functionality of the Service.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
6.1 Access
You have the right to request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format.
6.2 Rectification
You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
6.3 Deletion
You have the right to request deletion of your personal data. We will comply with your request unless we are required to retain the data for legal obligations or legitimate business purposes. You can delete your account and all associated data through your account settings or by contacting support.
6.4 Data Portability
You have the right to export your data from the platform in a machine-readable format. Solis OS provides built-in export tools for your business data, including customer records, bookings, and financial data.
6.5 Restriction of Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing of it.
6.6 Objection
You have the right to object to our processing of your personal data for direct marketing purposes. You can opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or adjusting your notification settings.
6.7 Withdrawal of Consent
Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
To exercise any of these rights, please contact us at support@solis-os.com. We will respond to your request within 30 days.
7. GDPR Compliance (European Users)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
- We process your data based on the legal bases outlined in Section 2 of this policy.
- We will only transfer your data outside the EEA where adequate safeguards are in place (e.g., Standard Contractual Clauses, adequacy decisions).
- You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.
8. CCPA Compliance (California Users)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:
- Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
- No Sale of Personal Information: We do not sell personal information to third parties. We have not sold personal information in the preceding 12 months.
To exercise your CCPA rights, contact us at support@solis-os.com or use the data management tools in your account settings.
9. Data Retention
We retain your personal data for as long as your account is active or as needed to provide you with the Service. Specifically:
- Active accounts: Data is retained for the duration of your subscription.
- Cancelled accounts: We retain your data for 30 days after cancellation to allow for reactivation. After 30 days, your data will be permanently deleted unless retention is required by law.
- Billing records: Financial transaction records are retained for up to 7 years to comply with tax and accounting regulations.
- Usage analytics: Anonymized usage data may be retained indefinitely for product improvement purposes.
10. Children's Privacy
The Service is not intended for use by children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting a notice on the Service or by sending an email to the address associated with your account at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions about this Privacy Policy, your data, or wish to exercise your data protection rights, please contact us:
Email: support@solis-os.com
Website: https://solis-os.com
For GDPR-related inquiries, you may also contact our Data Protection Officer at the email address above.