Back to Home

    Privacy Policy

    Last updated: January 14, 2026

    1. Introduction

    Welcome to Sollo ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application and services.

    2. Information We Collect

    2.1 Account Information

    When you create an account, we collect:

    • Email address
    • Name
    • Profile picture (if provided)
    • Organization name and details

    2.2 Google Account Data

    When you connect Google services to Sollo, we access and store certain data depending on the services you connect:

    Gmail Integration

    • Data accessed: Email address, display name, email metadata for scanning invoices
    • Data stored: Email address, connection metadata, records of emails sent through Sollo
    • Purpose: To send emails on your behalf and scan for invoices/receipts when requested

    Google Calendar Integration

    • Data accessed: Calendar names, event details (title, time, attendees, location)
    • Data stored: Calendar metadata, event summaries for display and scheduling
    • Purpose: To display your calendar events and create new events on your behalf

    Google Sheets Integration

    • Data accessed: Spreadsheet names, sheet content, file metadata
    • Data stored: Connection metadata, spreadsheet IDs for sync purposes
    • Purpose: To read from and write data to your Google Sheets

    Google Docs Integration

    • Data accessed: Document names, document content, file metadata
    • Data stored: Connection metadata, document IDs
    • Purpose: To create and edit Google Docs on your behalf

    Google Slides Integration

    • Data accessed: Presentation names, slide content, file metadata
    • Data stored: Connection metadata, presentation IDs
    • Purpose: To create and edit Google Slides presentations on your behalf

    Google Analytics Integration

    • Data accessed: Analytics account information, website traffic data, user metrics
    • Data stored: Connection metadata, analytics snapshots for reporting
    • Purpose: To display your website analytics data within Sollo

    2.3 Authentication Tokens

    We store OAuth access tokens and refresh tokens securely to maintain your connections to third-party services. These tokens are encrypted at rest and are only used to authenticate requests on your behalf.

    2.4 User-Uploaded Files

    When you upload files to Sollo (such as images, documents, or attachments), we store these files securely:

    • Storage location: Files are stored on Vercel Blob Storage, a secure cloud storage service
    • Data stored: The file content, original filename, file size, file type, and upload metadata
    • Access: Files are accessible only to authorized users within your organization
    • Retention: Files are retained until you delete them or your account is terminated
    • Allowed types: Images (JPEG, PNG, GIF, WebP), documents (PDF, Word, Excel, PowerPoint), text files, and videos. Executable files and SVGs are blocked for security.

    3. How We Use Your Information

    We use the information we collect to:

    • Provide, maintain, and improve our services
    • Execute actions on your behalf (sending emails, creating documents, etc.)
    • Display your connected data within the Sollo interface
    • Authenticate your identity and maintain session security
    • Send you important updates about your account and our services
    • Respond to your requests and provide customer support

    4. Data Storage and Security

    We implement industry-standard security measures to protect your data:

    • All data is encrypted in transit using TLS/SSL
    • Sensitive data (tokens, credentials) is encrypted at rest
    • Access to user data is restricted to authorized personnel
    • We use secure cloud infrastructure with regular security audits
    • Authentication tokens are stored securely and never exposed in API responses

    5. Data Sharing

    We do not sell, rent, or share your personal information with third parties for their marketing purposes. We may share data:

    • With service providers who assist in operating our services (listed in Section 5.1 below)
    • When required by law or to respond to legal process
    • To protect our rights, privacy, safety, or property, or that of our users
    • With your consent or at your direction

    5.1 Third-Party Service Providers (Data Processors)

    We share personal data with the following service providers to operate Sollo:

    RecipientsCategories of Data SharedReason for Sharing
    AI Service Providers
    Anthropic, PBC (Claude AI)
    OpenAI, Inc.    		User Data (messages, context)To provide AI-powered assistant features, workflow automation, and intelligent responses within Sollo.
    Database & Authentication
    Supabase, Inc.    		User Data, Account Data, Technical DataTo securely store user accounts, organization data, and application data. Handles authentication and database operations.
    Hosting & File Storage
    Vercel, Inc.    		Technical Data (request logs, IP addresses), User Uploads (files, documents, images)To host the Sollo application, handle web requests, and securely store user-uploaded files via Vercel Blob Storage.
    Payment Processor
    Stripe, Inc.    		Billing Data (payment info, transaction history)To process subscription payments, manage billing, and handle payment transactions securely.
    Caching & Queue Services
    Upstash, Inc.    		Technical Data (session data, job metadata)To provide caching for performance, manage background job queues, and handle rate limiting.
    Email Service
    Resend, Inc.    		User Data (email addresses, email content)To send transactional emails such as notifications, password resets, and system alerts.
    Real-time Services
    Pusher Ltd.    		Technical Data (presence data, event notifications)To enable real-time updates, live notifications, and presence features within the application.

    Each of these providers maintains their own privacy policy and security practices. We only share the minimum data necessary for each service to function and have data processing agreements in place where required.

    6. Data Retention and Deletion

    We retain your data for as long as your account is active or as needed to provide you services. You can request deletion of your data at any time by:

    • Disconnecting integrations from the Integrations page (removes connection data)
    • Contacting us at privacy@sollo.so to request complete account deletion

    When you disconnect a Google integration, we immediately delete the associated access tokens and connection data. Logs may be retained for up to 90 days for security and debugging purposes.

    7. Your Rights and Choices

    You have the right to:

    • Access the personal data we hold about you
    • Request correction of inaccurate data
    • Request deletion of your data
    • Disconnect any third-party integration at any time
    • Export your data in a portable format
    • Revoke access to Google services via your Google Account settings

    8. Google API Services User Data Policy

    Sollo's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

    Specifically, we:

    • Only request access to data that is necessary for the features you use
    • Never use Google user data for advertising purposes
    • Never share Google user data with third parties except as described in this policy
    • Provide clear disclosure of how data is used before requesting access

    9. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

    10. Contact Us

    If you have any questions about this Privacy Policy or our data practices, please contact us at:

    • Email: privacy@sollo.so
    • Website: https://sollo.so