Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, company name, and billing information. If you invite team members, we collect their names and email addresses as well.

Client Data

When you use SoloAgency to manage marketing for your clients, you may provide us with client business information, brand guidelines, target audience data, tone-of-voice preferences, and other marketing materials. This data is stored within your account and used exclusively to deliver the Service to you.

AI-Generated Content

We store the content our AI generates on your behalf, including blog posts, social media posts, SEO content, email campaigns, and reports. This content is associated with your account and the relevant client workspace.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, content generated, actions taken, browser type, IP address, device information, and timestamps.

Integration Data

When you connect third-party accounts (such as social media platforms, Google Business Profile, or website hosting providers), we receive and store the access tokens and data necessary to operate those integrations on your behalf. We access only the data and permissions you explicitly authorize.

Cookies and Tracking

We use essential cookies to maintain your session and preferences. We use analytics cookies to understand how the Service is used and improve the experience. You can manage cookie preferences in your browser settings. We do not sell cookie data or use it for third-party advertising.

2. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Service
Generate AI-powered marketing content based on your client data and preferences
Process billing and manage your subscription
Send transactional emails (account confirmations, billing receipts, security alerts)
Provide customer support
Analyze usage patterns to improve the Service (in aggregate, never on a per-client basis)
Detect and prevent fraud, abuse, and security threats
Comply with legal obligations

AI Processing

Our use of AI to process your data deserves special attention:

Per-client learning only. When our AI learns brand voice, tone, and style preferences, that learning is scoped strictly to the individual client workspace. Brand voice models for Client A are never used to generate content for Client B.
No cross-client training. We do not aggregate data across different clients or accounts to train or fine-tune AI models.
No general model training. Your content, client data, and generated outputs are never used to train general-purpose AI models. Your data is your data.
AI sub-processors. We use third-party AI providers (such as OpenAI and Anthropic) to power content generation. These providers are contractually prohibited from using your data to train their models, retaining your data beyond the processing window, or sharing your data with third parties. All data sent to AI sub-processors is transmitted over encrypted channels and subject to our Data Processing Agreements.

We do not sell your personal information or client data. We share information only in the following circumstances:

Sub-Processors

We use trusted third-party services to operate the platform (see Sub-Processor List below). Each sub-processor is bound by data processing agreements and is limited to using data only as necessary to provide their service to us.

Connected Platforms

When you use integrations (e.g., publishing to social media, deploying a website, managing Google Business Profile), we share the relevant content and data with those platforms at your direction and according to their own terms of service.

White-Label Data Flow

If you use our white-label features on the Scale plan, your end clients interact with the Service under your branding. Data collected from your end clients is stored within your account and subject to this Privacy Policy. You are responsible for providing your own privacy policy to your end clients that accurately describes how their data is handled.

Legal Requirements

We may disclose information if required by law, regulation, legal process, or government request. We will notify you of such requests where legally permitted.

4. Data Retention

Active accounts: We retain your data for as long as your account is active and as needed to provide the Service.
Deleted accounts: When you delete your account, we begin permanent deletion of your data within 30 days. Some data may be retained in encrypted backups for up to 90 days before being permanently removed.
Trial data: If you do not convert from a free trial to a paid plan, we retain your data for 60 days after the trial ends, then permanently delete it. We'll email you before deletion.
Billing records: We retain billing and transaction records for 7 years as required by tax and financial regulations.

5. Data Deletion and Portability

Data Export

You can export your data at any time from the Settings page in the application. Export is available on all plans and includes your client data, generated content, analytics, and account information in standard formats (JSON, CSV).

Data Deletion

You can delete individual client workspaces or your entire account from the Settings page. Deletion requests are processed within 30 days. Once deleted, data cannot be recovered.

Right to Be Forgotten

You may request complete deletion of all data associated with your account by emailing privacy@soloagency.io. We will process your request within 30 days and confirm deletion in writing.

6. Your Rights

For EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have the right to:

Access the personal data we hold about you
Rectify inaccurate personal data
Request erasure of your personal data
Restrict or object to processing of your personal data
Data portability — receive your data in a structured, machine-readable format
Lodge a complaint with your local data protection authority

For California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

Know what personal information we collect, use, and disclose
Request deletion of your personal information
Opt out of the sale or sharing of your personal information (we do not sell your data)
Non-discrimination for exercising your privacy rights
Correct inaccurate personal information
Limit use and disclosure of sensitive personal information

For All Users

Regardless of your location, you can:

Access, update, or delete your account information at any time through the application
Export your data in standard formats
Opt out of non-essential communications
Contact us at privacy@soloagency.io with any privacy-related request

7. International Data Transfers

SoloAgency is based in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. For users in the EU/EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate data protection for international transfers. A copy of our SCCs is available upon request.

8. Security Measures

We implement industry-standard security measures to protect your data:

Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
SOC 2 Compliance: Our infrastructure and practices are SOC 2 Type II compliant, with annual third-party audits.
Multi-tenant isolation: Client data is logically isolated at the database level. Each client workspace is segregated to prevent cross-client data access.
OAuth token security: Third-party integration tokens are encrypted at rest and scoped to the minimum permissions required. Tokens are automatically rotated where supported.
Access controls: Internal access to customer data is restricted to authorized personnel on a need-to-know basis, with audit logging.
Vulnerability management: We conduct regular security assessments, penetration testing, and maintain a responsible disclosure program.

9. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us at privacy@soloagency.io.

10. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email at least 30 days before the changes take effect and post a notice within the application. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact

For questions about this Privacy Policy or to exercise your privacy rights, contact us at:

Email: privacy@soloagency.io
SoloAgency Inc.

We aim to respond to all privacy-related inquiries within 10 business days.

12. Sub-Processor List

The following third-party sub-processors may process data on our behalf:

Sub-Processor	Purpose	Data Processed	Location
Amazon Web Services (AWS)	Cloud infrastructure and hosting	All service data	United States
Stripe	Payment processing	Billing and payment data	United States
OpenAI	AI content generation	Prompts and client context (no PII)	United States
Anthropic	AI content generation	Prompts and client context (no PII)	United States
Postmark	Transactional email	Email addresses, email content	United States
PostHog	Product analytics	Usage data, anonymized events	United States / EU
Intercom	Customer support	Name, email, support conversations	United States

We maintain an up-to-date list of sub-processors. You can subscribe to changes by emailing privacy@soloagency.io. We will notify you at least 30 days before adding a new sub-processor.