Privacy Policy
Last updated: July 2026
Soloft ("we", "us") provides a business-management app for solopreneurs at soloft.io. This policy explains what data we collect, why, and how you can control it.
1. What we collect
Account information — email, password (handled by our authentication provider, Supabase; we never see your plaintext password), full name, business name, phone, logo, timezone, and currency.
Business data you enter — clients/contacts, invoices, projects, tasks, expenses, notes, proposals, and product/portfolio records you create while using Soloft.
Booking data — when someone books a meeting through your booking page, we store their name, email, and any notes or answers they provide.
2. Google Calendar access
If you connect Google Calendar in Settings, Soloft requests two scopes: calendar.readonly and calendar.events.
We use this access only to:
- Check your existing calendar for busy time, so we don't offer booking slots that clash with something already on your calendar.
- Create a calendar event (with a Google Meet link, if enabled) when someone books a meeting with you.
- Delete that calendar event if the booking is later cancelled.
We do not read the contents, attendees, or descriptions of your other existing calendar events beyond their free/busy status. You can disconnect Google Calendar at any time from Settings, which stops all future access.
3. Other integrations (optional)
Zoom — if connected, used only to create and delete Zoom meetings for your bookings.
Stripe — used to process invoice payments. Card details are handled entirely by Stripe; we never see or store full card numbers.
Resend — our email provider, used to send booking confirmations, invoice reminders, and emails you configure.
4. AI features
Features like AI email drafts, proposal generation, and morning briefings send relevant text (your prompt, plus summary counts like "3 tasks pending") to Google's Gemini API, with OpenRouter (which may route to third-party model providers) used as a fallback if Gemini is unavailable. We do not send your full client database or invoice history — only the specific context needed for the feature you triggered.
5. Where your data lives
All app data is stored in a Postgres database operated by Supabase. Access is restricted to your account and any team members you explicitly invite to your workspace, enforced by database-level row security — not just app logic.
6. What we don't do
We do not sell your data. We do not share it with advertisers. We do not use your business or client data to train AI models.
7. Your rights
You can export or delete your data, or disconnect any integration, at any time from Settings. To request full account deletion, contact us at the email below.
8. Contact
Questions about this policy: founder@tenderlab.studio