SoleTax privacy policy
1. Who we are
SoleTax is made by Soletax Ltd, a company registered in England and Wales (company number 17318329, registered office 66 Paul Street, London, EC2A 4NA). Soletax Ltd is the data controller for the personal data described in this policy.
Contact us about anything in this policy at support@soletax.io.
SoleTax is an app for UK sole traders. It captures receipts, records business mileage, tracks jobs and invoices, and keeps a running estimate of the tax you owe, so your records are ready for Making Tax Digital.
2. The data we hold
Your account. Your email address, your first name, what you do for work, and your sign-in identity (email, or your Apple or Google account if you sign in with those). If you sign in with Apple or Google we receive only your email and name; we never see your password.
Your business records. This is the heart of the app, and it is yours: receipt photos and the details read from them (merchant, amount, date, category), jobs, quotes and invoices (including your customers' names and contact details where you add them), voice notes and job documents, other income, and your tax setup answers (for example which nation you pay tax in, and whether you have other income). Your business details for invoicing (name, address, bank details, logo) are stored so your invoices can carry them.
Trips. If you turn on automatic mileage, your phone detects driving and records trips. Route detection runs on your phone. What syncs to our servers is the trip record: start and end time, distance, start and end points with their addresses, and whether you marked it business or personal. The detailed GPS path of a trip stays on your device. You can pause tracking any time in Mileage, and the app keeps a 7-day diagnostic log on your device that is only ever sent to us if you choose to share it.
Usage analytics (only if you say yes). With your consent, we collect anonymous usage events: which screens are used, which onboarding steps are completed, and actions like "a trip was classified" or "an export ran". These events are not linked to your account: they carry a random per-install identifier, never your name, email or user ID, and never the content of your records. Until you decide, events are held only on your device; if you say no, they are deleted without ever leaving it. Change your mind any time in Account, under "Share anonymous usage".
Support conversations. If you use Ask SoleTax, your messages and the assistant's replies are stored so the conversation works and so we can fix problems. If you report a bug or a missed trip, the report includes diagnostic context (app version, device model, iOS version, the screens you visited, and a snapshot of relevant app state) so we can reproduce it.
Crash and error data. If the app crashes or something fails, a crash report is sent with technical details (device model, OS version, what the app was doing). Crash reports are configured not to include your IP address or personal identifiers.
Payments. Subscriptions are bought through Apple. We never see your card details. We receive subscription status (trial, active, expired) so the app knows what you can access.
3. What we use it for
- To run the service: store your records, read your receipts, detect your trips, build your tax estimate, produce your export, send your invoices.
- To read receipts and voice notes: the image or transcribed text is sent through our server to Anthropic's Claude model, which extracts the details (merchant, amount, date, category). Anthropic does not use this data to train its models.
- To help you: answer your Ask SoleTax questions and investigate problems you report.
- To keep the service working: crash reporting, security, preventing abuse (for example rate limits on receipt reading).
- To improve the app: anonymous usage analytics, only with your consent.
- To message you: reminders you set up (like the daily catch-up) are local notifications from the app on your device; account emails (like sign-in codes) come from us. We do not send marketing email.
4. Our lawful bases (UK GDPR)
- Contract: running SoleTax for you: your account, records, trips, estimates, exports, support.
- Consent: location access for automatic mileage (asked through iOS), and anonymous usage analytics (asked in the app, opt-in). You can withdraw either at any time.
- Legitimate interests: keeping the service secure and working: crash reporting, abuse prevention, diagnostics you send us.
Your tax records are yours. Keeping them for HMRC is your legal obligation, not ours. SoleTax is a tool that helps you meet it.
5. Where your data lives
Your records are stored with Supabase in the EU (Ireland, eu-west-1). Crash reports are processed in the EU (Germany) and usage analytics in the EU. Some of our providers process data in the United States; where they do, transfers are covered by the UK's International Data Transfer Agreement or Addendum (IDTA) and each provider's data processing agreement.
6. Who processes data for us
We share your data only with the providers below, only so the app can work. We never sell your data.
| Provider | What they do for us | Where |
|---|---|---|
| Supabase | Database, sign-in, file storage (receipts, documents) | EU (Ireland) |
| Anthropic | Reads receipt images and voice-note text to extract details | US |
| Apple | Sign in with Apple; subscriptions and payments | Global |
| Sign in with Google (only if you use it) | Global | |
| RevenueCat | Manages subscription status | US |
| Sentry | Crash and error reporting | EU (Germany) |
| Resend | Sends account emails (sign-in codes) and internal alerts | US |
| Mixpanel | Anonymous usage analytics, only with your consent | EU |
7. How long we keep things
- Your records: for as long as you have an account. HMRC expects self-employed people to keep business records for at least 5 years after the 31 January submission deadline of the tax year they belong to, so don't delete your account (or export first) if you still need them.
- If you delete your account: everything goes, permanently. Your records, files, support conversations and sign-in identity are erased from our servers, and the app offers you an export first. Local data on your device is wiped at the same time.
- Support reports: kept while we work on them and for a reasonable period afterwards so we can spot repeat problems.
- Crash reports: kept on Sentry's standard rolling retention.
- Analytics: anonymous events are retained in Mixpanel; because they are not linked to you, they cannot be looked up by account. Turning analytics off stops new events.
- The on-device tracking log: rolls over after 7 days, on your phone.
8. Your rights
You have the usual UK GDPR rights: access, correction, erasure, restriction, portability, and objection. The app gives you the two big ones directly:
- Export: Account, then "Export my data", gives you a spreadsheet of your records any time, including after your subscription ends.
- Erasure: Account, then "Delete my account", erases everything, server-side and on the device.
For anything else, email support@soletax.io. If you're unhappy with how we handle your data, you can complain to the Information Commissioner's Office (ico.org.uk), but we'd appreciate the chance to sort it first.
9. Security
Data is encrypted in transit. Access to your records requires your signed-in identity; our storage enforces per-user isolation (row-level security). Keys for the AI extraction service are held server-side, never in the app. We keep what we can on your device: route paths, notification schedules, and pre-consent analytics never leave your phone.
10. Children
SoleTax is for people running a business and is not intended for anyone under 18.
11. Changes
If this policy changes in a way that matters, the app will tell you and this page will show the new date. We will never quietly widen what we collect.