Privacy Policy

Last updated: June 30, 2026

SoloFlow is committed to protecting your privacy and the privacy of your clients' data. This policy explains what we collect, how we use it, and your rights.

What We Collect

Account Information

When you create an account, we collect your email address and password. If you complete your profile, we also store your firm name, attorney name, bar number, and state.

Practice Data

Data you enter while using SoloFlow, including clients, matters, time entries, invoices, trust transactions, and related notes. This data belongs to you.

Payment Information

Subscription payments are processed by Stripe. Your credit card details are collected and processed directly by Stripe and are never stored on SoloFlow servers. We retain only the Stripe customer ID, subscription status, and transaction timestamps needed to manage your account.

Usage Data

Basic usage logs for security and service improvement, such as login timestamps and feature usage patterns. We do not track your browsing activity outside of SoloFlow.

How We Use Your Data

  • Service delivery — providing time tracking, invoicing, trust accounting, and related features.
  • Payment processing — managing your subscription through Stripe.
  • Communication — sending invoices to your clients on your behalf, and transactional emails (password resets, subscription confirmations).
  • Security — detecting and preventing fraud, abuse, and unauthorized access.
  • Improvement — understanding usage patterns to improve the product.

What We Do Not Do

  • We do not sell your personal data or your clients' data.
  • We do not use your data for advertising or marketing profiling.
  • We do not share your client data with third parties for their own purposes.
  • We do not use your practice data to train AI models.

Data Security

Your data is stored in Supabase with the following protections:

  • Row-Level Security (RLS) — database policies ensure each user can only access their own data.
  • Encryption in transit — all connections use TLS/HTTPS.
  • API key encryption — channel API keys are encrypted with AES-256-GCM using Electron's safeStorage.
  • Stripe PCI DSS Level 1 — payment processing meets the highest industry security standard.

No system is perfectly secure. We continuously review and improve our security practices.

Third-Party Services

We use the following third-party services that may process your data:

  • Supabase — database hosting and authentication.
  • Stripe — payment processing (subscription billing and client invoice payments).
  • Resend — transactional email delivery (invoice emails sent on your behalf).
  • Vercel — application hosting.

Each provider processes only the minimum data necessary and is bound by their own privacy policies and data processing agreements.

Data Retention and Deletion

We retain your data for as long as your account is active. Upon account deletion or request:

  • Your practice data (clients, matters, time entries, invoices, trust transactions) is permanently deleted.
  • Your account and profile information is removed.
  • Stripe retains payment records as required by financial regulations.

To request data deletion, email support@soloflow.work.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of your personal data.
  • Correction — request correction of inaccurate data.
  • Deletion — request deletion of your data.
  • Export — receive your data in a portable format.
  • Restriction — request that we limit processing of your data.
  • Objection — object to certain types of processing.

To exercise any of these rights, email support@soloflow.work. We respond within 30 days.

CCPA (California Residents)

California residents have additional rights under the California Consumer Privacy Act. We do not sell personal information. You may request disclosure of what data we collect and request its deletion by contacting us.

GDPR (European Residents)

If you are located in the European Economic Area, our legal bases for processing are: contract performance (service delivery), consent (optional features), and legitimate interests (security and improvement). You may withdraw consent at any time and lodge a complaint with your local supervisory authority.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notice. Continued use of SoloFlow after changes constitutes acceptance.

Contact

For privacy-related questions or requests, email support@soloflow.work.