SoleTax

SoleTax privacy policy

Effective date: 4 July 2026 · Last updated: 4 July 2026

1. Who we are

SoleTax is made by Soletax Ltd, a company registered in England and Wales (company number 17318329, registered office 66 Paul Street, London, EC2A 4NA). Soletax Ltd is the data controller for the personal data described in this policy.

Contact us about anything in this policy at support@soletax.io.

SoleTax is an app for UK sole traders. It captures receipts, records business mileage, tracks jobs and invoices, and keeps a running estimate of the tax you owe, so your records are ready for Making Tax Digital.

2. The data we hold

Your account. Your email address, your first name, what you do for work, and your sign-in identity (email, or your Apple or Google account if you sign in with those). If you sign in with Apple or Google we receive only your email and name; we never see your password.

Your business records. This is the heart of the app, and it is yours: receipt photos and the details read from them (merchant, amount, date, category), jobs, quotes and invoices (including your customers' names and contact details where you add them), voice notes and job documents, other income, and your tax setup answers (for example which nation you pay tax in, and whether you have other income). Your business details for invoicing (name, address, bank details, logo) are stored so your invoices can carry them.

Trips. If you turn on automatic mileage, your phone detects driving and records trips. Route detection runs on your phone. What syncs to our servers is the trip record: start and end time, distance, start and end points with their addresses, and whether you marked it business or personal. The detailed GPS path of a trip stays on your device. You can pause tracking any time in Mileage, and the app keeps a 7-day diagnostic log on your device that is only ever sent to us if you choose to share it.

Usage analytics (only if you say yes). With your consent, we collect anonymous usage events: which screens are used, which onboarding steps are completed, and actions like "a trip was classified" or "an export ran". These events are not linked to your account: they carry a random per-install identifier, never your name, email or user ID, and never the content of your records. Until you decide, events are held only on your device; if you say no, they are deleted without ever leaving it. Change your mind any time in Account, under "Share anonymous usage".

Support conversations. If you use Ask SoleTax, your messages and the assistant's replies are stored so the conversation works and so we can fix problems. If you report a bug or a missed trip, the report includes diagnostic context (app version, device model, iOS version, the screens you visited, and a snapshot of relevant app state) so we can reproduce it.

Crash and error data. If the app crashes or something fails, a crash report is sent with technical details (device model, OS version, what the app was doing). Crash reports are configured not to include your IP address or personal identifiers.

Payments. Subscriptions are bought through Apple. We never see your card details. We receive subscription status (trial, active, expired) so the app knows what you can access.

3. What we use it for

4. Our lawful bases (UK GDPR)

Your tax records are yours. Keeping them for HMRC is your legal obligation, not ours. SoleTax is a tool that helps you meet it.

5. Where your data lives

Your records are stored with Supabase in the EU (Ireland, eu-west-1). Crash reports are processed in the EU (Germany) and usage analytics in the EU. Some of our providers process data in the United States; where they do, transfers are covered by the UK's International Data Transfer Agreement or Addendum (IDTA) and each provider's data processing agreement.

6. Who processes data for us

We share your data only with the providers below, only so the app can work. We never sell your data.

ProviderWhat they do for usWhere
SupabaseDatabase, sign-in, file storage (receipts, documents)EU (Ireland)
AnthropicReads receipt images and voice-note text to extract detailsUS
AppleSign in with Apple; subscriptions and paymentsGlobal
GoogleSign in with Google (only if you use it)Global
RevenueCatManages subscription statusUS
SentryCrash and error reportingEU (Germany)
ResendSends account emails (sign-in codes) and internal alertsUS
MixpanelAnonymous usage analytics, only with your consentEU

7. How long we keep things

8. Your rights

You have the usual UK GDPR rights: access, correction, erasure, restriction, portability, and objection. The app gives you the two big ones directly:

For anything else, email support@soletax.io. If you're unhappy with how we handle your data, you can complain to the Information Commissioner's Office (ico.org.uk), but we'd appreciate the chance to sort it first.

9. Security

Data is encrypted in transit. Access to your records requires your signed-in identity; our storage enforces per-user isolation (row-level security). Keys for the AI extraction service are held server-side, never in the app. We keep what we can on your device: route paths, notification schedules, and pre-consent analytics never leave your phone.

10. Children

SoleTax is for people running a business and is not intended for anyone under 18.

11. Changes

If this policy changes in a way that matters, the app will tell you and this page will show the new date. We will never quietly widen what we collect.