Privacy Policy

1. Introduction

SoloSolutionsAI ("we," "our," or "us") operates a multi-vertical client intake automation platform serving solo practitioners and small businesses across multiple professions and industries. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform at app.solosolutionsai.com and associated services (collectively, the "Service").

This policy applies to all users of the Service, including professionals who create accounts ("Professionals") and their clients who submit information through intake conversations ("Clients").

2. Information We Collect

2.1 Professional Account Information

When a professional creates an account, we collect: full name, email address, business name, office city and state, phone number, profession/vertical, service areas or specialties, and optional business logo. Professionals may also configure: AI assistant name, client greeting, disclaimers (English and Spanish), intake questions, and scheduling preferences.

2.2 Client Intake Information

Information submitted by clients through AI-powered chat conversations or phone intake includes: full name, email address, phone number (optional — clients may decline), city and state, primary concern or reason for inquiry, desired outcome, contact preference, and responses to business-specific intake questions configured by the professional.

2.3 Conversation Transcripts

Full transcripts of intake conversations (both chat and phone) are stored and made available to the professional through their admin portal. Transcripts include all messages exchanged between the client and the AI assistant during the intake session.

2.4 Uploaded Documents

When a client uploads documents at the request of their professional, we collect the document files, file names, file types, and file sizes. Documents may include records, correspondence, identification, or other materials relevant to the client's matter. Providing documents is entirely voluntary.

2.5 Usage and Technical Data

We collect standard technical information including: IP address, browser type, device type, pages visited, time spent, referring URLs, and similar analytics data through Google Analytics 4. This data is used to improve the Service and is not linked to individual client intake records.

3. Information We Refuse to Collect

SoloSolutionsAI employs active data boundary enforcement. Our system is architecturally designed to detect and block the following categories of sensitive information in real time during intake conversations:

• Social Security Numbers (SSN) — detected and redacted automatically
• Credit card numbers — detected and redacted automatically
• Bank account and routing numbers — detected and redacted automatically
• Government-issued ID numbers — detected and blocked

If a client volunteers any of this information during an intake conversation, the system detects the pattern, redacts the data from the transcript, does not store it, and gracefully redirects the conversation. This protection operates at the infrastructure level, not the policy level — meaning the system is structurally incapable of retaining this data, regardless of user input.

4. How We Use Your Information

We use collected information to:

• Provide, operate, and maintain the Service
• Process client intake submissions and deliver them to the appropriate professional
• Generate AI-powered intake summaries, context notes, and intelligence briefs
• Analyze uploaded documents using AI to produce structured summaries for the professional
• Send email notifications about new intake submissions to professionals and confirmation emails to clients
• Generate AI-powered marketing content (blog posts, social media copy) at the professional's request
• Sync intake data to third-party services (HubSpot, Zapier, webhooks) when configured by the professional
• Provide appointment scheduling functionality via Calendly integration
• Monitor platform health and performance via internal analytics
• Improve and personalize the Service
• Respond to support requests

5. Third-Party Integrations and Data Sharing

SoloSolutionsAI integrates with third-party services. Data is shared with these services only when explicitly configured by the professional. We do not sell, rent, or share client data with third parties for their own marketing purposes.

5.1 HubSpot CRM

When a professional connects their HubSpot account via OAuth, completed intake data (client name, email, phone, location, primary concern, desired outcome, contact preference, and AI context summary) is automatically sent to HubSpot to create or update a contact record. Data flows one way: from SoloSolutionsAI to HubSpot. The professional's HubSpot account is governed by HubSpot's own privacy policy and terms.

5.2 Webhooks (Zapier, Make, Custom Endpoints)

Professionals may configure webhook URLs that receive intake data when a client completes an intake. The data payload includes: client name, email, phone, location, primary concern, desired outcome, contact preference, intake source, and vertical. Webhook payloads are signed with HMAC-SHA256 when a signing secret is configured. The professional is solely responsible for the security and privacy practices of their webhook endpoints and connected services.

5.3 Calendly

When a professional connects Calendly, we store OAuth tokens to facilitate appointment invite emails. We do not access or store Calendly appointment data beyond the scheduling URL and event type.

5.4 AI Processing Services

We use Anthropic (Claude) for AI-powered intake conversations, context summaries, intelligence briefs, document analysis, and blog post generation. Our AI provider does not retain, store, or use your data to train AI models. Data is processed in real time and discarded by the provider after the response is generated.

5.5 Email Services

Transactional emails (intake notifications, client confirmations, document requests) are sent via Resend. Email content is transmitted securely and is not stored by the email provider beyond delivery.

5.6 Analytics

We use Google Analytics 4 to collect anonymized usage data on our marketing websites and platform. Analytics data is not linked to individual client intake records.

6. Data Security

We implement robust technical and organizational security measures to protect your information:

• All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption
• Database access is governed by Row Level Security (RLS) policies — professionals can only access their own data
• Client document storage uses private, encrypted buckets with access-controlled policies
• No employee, contractor, or representative of SoloSolutionsAI views, reads, or reviews client intake data or uploaded documents — all processing is fully automated
• API rate limiting is enforced to prevent abuse
• CORS policies restrict access to authorized domains only
• Integration tokens (HubSpot, Calendly) are encrypted and stored securely

7. Data Retention

Professional accounts: Account information is retained for as long as your account is active. You may request account deletion at any time.

Client intake records: Intake submissions, conversation transcripts, and AI-generated summaries are retained unless the professional or client requests deletion. Professionals can manage and delete intake records from their admin portal.

Uploaded documents: Client-uploaded documents and their AI-generated summaries are automatically deleted from our systems 30 days after upload. SoloSolutionsAI is designed as a pass-through service, not a permanent document repository. Professionals are responsible for downloading and retaining any documents they need within this window.

Integration data: OAuth tokens for connected services (HubSpot, Calendly) are retained until the professional disconnects the integration. Data that has been synced to third-party services is governed by those services' retention policies.

Right to deletion: Clients may request immediate deletion of their data, including intake records and uploaded documents, at any time by contacting privacy@solosolutionsai.com. Upon receiving a valid request, we will delete the relevant data from our systems. Note: data already synced to third-party services (HubSpot, webhooks) must be deleted by the professional from those services directly.

8. Profession-Specific Considerations

SoloSolutionsAI serves professionals across multiple regulated and unregulated industries. The following considerations apply:

8.1 Legal Professionals

SoloSolutionsAI is a software tool only. Use of the Service does not create an attorney-client relationship. Attorneys are responsible for ensuring their use of the platform complies with applicable rules of professional conduct, ethics rules, and client confidentiality requirements in their jurisdiction. Data retention requirements vary by state bar — attorneys should download and retain intake records according to their jurisdictional requirements.

8.2 Mental Health Professionals

The Service is designed for initial client onboarding and lead capture — not for clinical documentation, treatment planning, or session notes. The AI intake conversation does not constitute a therapeutic session. Therapists and counselors are responsible for ensuring their use of the platform complies with applicable licensing board requirements and client confidentiality obligations. The Service is not intended to be HIPAA-compliant and should not be used to collect protected health information (PHI) as defined by HIPAA.

8.3 Social Workers

Social workers using the Service should ensure compliance with the NASW Code of Ethics regarding client confidentiality and informed consent. The Service supports initial intake and inquiry capture — it is not a case management system.

8.4 Healthcare Professionals

The Service captures initial client information for onboarding purposes. It is not an electronic health records (EHR) system and should not be used to store medical records, diagnoses, or treatment plans. AI-generated intelligence briefs are informational tools and do not constitute medical advice.

8.5 Financial Professionals

Accountants and insurance professionals are responsible for ensuring compliance with applicable financial privacy regulations. Our data boundary enforcement actively blocks collection of financial account numbers, Social Security Numbers, and other sensitive financial identifiers during intake.

8.6 All Professions

Regardless of profession, all professionals using SoloSolutionsAI are solely responsible for ensuring their use of the platform complies with applicable laws, regulations, professional standards, and ethical codes in their jurisdiction. SoloSolutionsAI provides a technology platform — it does not provide legal, medical, financial, or professional advice of any kind.

9. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing of your information for certain purposes
• Restriction: Request that we limit how we use your information
• Withdrawal of consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@solosolutionsai.com. We will respond within 30 days.

10. US State Privacy Laws

We comply with applicable US state privacy laws, including:

• California (CCPA/CPRA): California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information.
• Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA): Residents of these states have similar rights to access, correction, deletion, and portability of their personal information.

We do not sell, share for cross-context behavioral advertising, or use personal information for profiling in furtherance of decisions that produce legal or similarly significant effects.

11. International Users and Data Transfers

SoloSolutionsAI is operated by SPD Digital Consulting LLC, based in the United States. All data is currently stored and processed in the United States (AWS US-East-1 region via Supabase).

11.1 United Kingdom

For users in the United Kingdom, personal data is transferred to the United States under the UK-US Data Bridge framework, which provides adequate safeguards for the transfer of personal data from the UK to certified US organizations. We process personal data based on: (a) contractual necessity — to provide the Service you have requested; (b) legitimate interests — to operate, maintain, and improve our platform; or (c) your explicit consent.

Your rights under UK GDPR include: access, rectification, erasure, restriction of processing, data portability, objection to processing, and the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11.2 European Economic Area

For users in the EEA, personal data is transferred to the United States under the EU-US Data Privacy Framework. You have the right to lodge a complaint with your local data protection authority. The same lawful bases and data subject rights described in Section 11.1 apply.

11.3 Data Residency

All data is currently stored in the United States. We are evaluating regional data residency options (including UK-based storage) for future availability. If you have specific data residency requirements, please contact us at privacy@solosolutionsai.com.

By using the Service, you acknowledge and consent to the transfer and processing of your information in the United States in accordance with this Privacy Policy and applicable data transfer frameworks.

12. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@solosolutionsai.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered professionals of material changes by email and by posting the updated policy on this page with a revised "Last Updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about our data practices, please contact us at:

Email: privacy@solosolutionsai.com

SoloSolutionsAI Dunedin, Florida, United States