This Privacy Policy explains how Solovi ("we", "us", "our") collects, uses, and protects personal data. It applies to solovi.co.uk, its subdomains, and any service we provide to UK service businesses ("customers") and to the end-users of those businesses ("end-users").
1. Who we are
Controller: Solovi (UK sole trader)
Contact: hello@solovi.co.uk
Country: United Kingdom
2. Personal data we collect
Depending on how you use Solovi, we may collect:
- Identity data, name, business name.
- Contact data, email, phone (optional).
- Booking / appointment data, when you book or are booked through a Solovi-powered site.
- Billing / subscription metadata, Stripe processes the card; we receive only the metadata (last 4 digits, brand, expiry).
- Technical data, IP, browser, device type, request logs (kept for ~30 days for security).
- Communication history, emails and support messages you send us.
3. How we collect data
- Directly from forms (signup, onboarding, contact, booking).
- From payment + infrastructure providers used to run the service (Stripe, Resend, Hetzner, etc.).
- Automatically via cookies / analytics where consent is required and provided. See our Cookie Policy.
4. Why we use data (lawful bases under UK GDPR)
- Contract, to provide the requested service.
- Legitimate interests, to improve reliability, fight fraud, monitor uptime.
- Legal obligation, tax, accounting, statutory requests.
- Consent, marketing emails, non-essential cookies. Always withdrawable.
5. Sharing personal data
We use third-party processors to operate the service. Each has its own privacy policy and a data-processing agreement with us:
- Stripe, payment processing (Apple Pay, Google Pay, cards).
- Resend, transactional + marketing email delivery.
- Hetzner, server hosting (Helsinki, EU).
- Umami, analytics (self-hosted, no cookies, no personal data sent off-server).
- Google, Search Console + Business Profile (search indexing).
We do not sell personal data. Ever.
6. International transfers
Some providers (Stripe, Google) may process data outside the UK. Where this happens, we rely on the safeguards described in those providers' Data Processing Agreements (Standard Contractual Clauses where required).
7. Data retention
We keep personal data only as long as needed for service delivery, legal/accounting obligations (typically 7 years for billing records under UK tax law), and dispute resolution. Cancelled accounts are anonymised within 90 days unless legally retained.
8. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Erase data ("right to be forgotten") in specific circumstances.
- Restrict or object to processing.
- Data portability where applicable.
- Withdraw consent at any time where consent is the legal basis.
To exercise any right, email hello@solovi.co.uk. We respond within 30 days (usually faster).
9. Security
We use technical + organisational controls including: HTTPS everywhere, hashed credentials, encrypted secrets at rest, scoped service accounts, regular dependency updates, access logging, and incident response procedures.
10. Marketing
We only send marketing emails to people who have explicitly opted in. Every marketing email has a one-click unsubscribe link. Withdrawal of consent is processed within 24 hours.
11. Cookies
See our separate Cookie Policy.
12. Complaints
If you have a concern, contact us first, we'd rather resolve it directly. You also have the right to complain to the UK Information Commissioner's Office (ICO): ico.org.uk · 0303 123 1113.
13. Changes
We may update this policy. Material changes will be reflected by changing the "Last updated" date. Significant changes will also be communicated by email to active customers.