Privacy Policy

Last updated: 14 July 2026

1. Who we are

SoloSuite ("SoloSuite", "we", "us") provides quoting, invoicing, CRM, project, scheduling, and inbox tools for sole traders, consultants, and small teams ("Account owners") at solosuiteapp.com. This policy covers data we collect from Account owners and their team members, including data accessed through connected third-party accounts such as Google Calendar and Gmail. Account owners are separately responsible for their own privacy obligations to their clients (the people they quote, invoice, and book meetings with).

2. Data we collect

  • Account and profile data: name, email, business details, logo, and branding you provide.
  • Content you create: quotes, invoices, clients, projects, notes, documents, and planning boards.
  • Payment and billing data: Stripe account identifiers and subscription status. We never see or store full card numbers — Stripe handles that directly.
  • Audio and transcripts, if you use voice notes (processed via AssemblyAI).
  • Usage data: device, browser, and log data collected automatically for security and reliability.
  • Google Calendar data and Gmail data, described in detail in Section 3, if you choose to connect a Google account.

3. How we use Google user data

SoloSuite offers optional integrations with Google Calendar and Gmail. These only activate if you explicitly click "Connect" and complete Google's OAuth consent flow. You can disconnect either integration at any time from Settings. SoloSuite's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3.1 Google Calendar

If you connect Google Calendar, we access and use the following, and no more:

  • Read access (calendar.readonly): your list of calendars, event details (title, time, attendees, location, description), and free/busy status. We use this solely to display your schedule in the Planner and to check for scheduling conflicts before confirming a booking.
  • Event write access (calendar.events): we create, update, or cancel calendar events that originate in SoloSuite — for example, when a client books a meeting through your booking page, or when you schedule a task or meeting in-app. We do not create, delete, or manage entire calendars, and we do not modify events that were not created through SoloSuite.

Calendar event data and access tokens are encrypted at rest (AES-256) and stored in our database only for as long as the integration remains connected. If you disconnect Google Calendar, we stop syncing and delete the stored access tokens; previously created events remain on your Google Calendar as normal calendar events you own.

3.2 Gmail

If you connect a Gmail mailbox, we access and use the following, and no more:

  • Read access (gmail.readonly): message content (subject, body, attachments) from your inbox and sent mail, synced into SoloSuite's unified Inbox. We use this to display your email conversations alongside the relevant client or company record, automatically matching threads by sender email address or company domain, so you have full context in one place.
  • Send access (gmail.send): when you reply to or compose an email from SoloSuite's Inbox, the message is sent from your own connected Gmail address via the Gmail API, so it reaches your client exactly as if you had sent it directly from Gmail.

Synced message content and access tokens are encrypted at rest and stored in our database so the Inbox and CRM-matching features can function. If you disconnect a mailbox, we stop syncing and delete the stored access tokens; previously synced messages remain visible in your Inbox history but stop updating unless you reconnect.

3.3 Who can see this data

Google Calendar and Gmail data is visible only to the Account owner and, for shared team mailboxes, team members explicitly granted access by an admin. SoloSuite staff do not access your Google Calendar or Gmail content except (a) with your explicit permission for support purposes, (b) to investigate security incidents or abuse, or (c) where required by law.

If you use SoloSuite's optional AI features (drafting replies, summarising threads, suggesting meeting times) on synced email or calendar content, the relevant text is sent to our AI provider, Anthropic, solely to generate that response, and is not used by Anthropic to train its models. We never sell Google user data, use it for advertising or ad targeting, or use it to determine creditworthiness or lending eligibility.

4. How we use other data

  • To provide and operate the product (rendering quotes/invoices, sending emails, scheduling).
  • To process payments and manage subscriptions.
  • To send transactional emails (invites, receipts, booking confirmations) via our email provider.
  • To power optional AI features (document drafting, board generation, inline editing).
  • To maintain security, prevent abuse, and debug issues.

5. Sub-processors and third parties

We rely on the following third parties to operate SoloSuite. Each processes data under its own terms:

  • Supabase — authentication and database hosting.
  • Vercel — application hosting and infrastructure.
  • Stripe — payment processing (for your clients' payments to you) and SoloSuite subscription billing.
  • Google — Calendar and Gmail integrations, only if you choose to connect them. See Section 3 for exactly what data this involves.
  • Microsoft — Outlook and Microsoft 365 calendar/mailbox integrations, only if you choose to connect them.
  • Resend — transactional email delivery (account and billing emails; not your Gmail inbox or send integration).
  • Anvil — e-signature collection, if used.
  • AssemblyAI — audio transcription, if used.
  • Anthropic — AI assistant features, if used.

We do not transfer, sell, or share Google user data with any of these providers except as necessary to provide the specific SoloSuite feature you are using, and never for advertising, data-broker, or resale purposes.

6. Data retention

We retain your account data for as long as your account is active. Google Calendar and Gmail access tokens are deleted immediately when you disconnect an integration. If you delete your account, we delete or anonymise your data — including any synced calendar and email content — within a reasonable period, except where we're required to retain records (e.g. financial records) by law.

7. Your rights

You can access, correct, export, or request deletion of your data — including disconnecting Google Calendar or Gmail at any time from Settings, which immediately revokes SoloSuite's access tokens — by contacting us. You can also review or revoke SoloSuite's access directly from your Google Account permissions page. Depending on your location, you may have additional rights under applicable privacy law (e.g. the Australian Privacy Act, GDPR, or CCPA).

8. Security

We use industry-standard measures to protect your data, including encryption of sensitive data at rest (including Google Calendar and Gmail access tokens, and synced calendar/email content) and in transit (TLS). Access to connected mailbox and calendar data within SoloSuite is restricted to the Account owner and any team members explicitly granted access.

9. Contact

Questions about this policy, or about how we use Google user data specifically? Contact us at support@solosuiteapp.com.