Privacy Policy

1. Introduction

This Privacy Policy explains how SoloCRMS ("we", "us", or "our") collects, uses, discloses, and protects your personal information when you use our website at solocrms.com and our customer relationship management platform (collectively, the "Service").

SoloCRMS is operated by Nicki Bates (ABN 70 166 498 744). By accessing or using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

When you register for an account, use our features, or contact us, you may provide:

• Account information: name, email address, and password
• Business information: business name, services offered, and operating hours
• Client information: client names, email addresses, phone numbers, and physical addresses
• Job and booking information: appointment dates, times, durations, and service details
• Invoice and payment information: invoice amounts, line items, tax details, and payment records
• Payment details: bank account or payment processing information you choose to display on invoices

2.2 Information Collected Automatically

When you access the Service, we may automatically collect:

• Device information: IP address, browser type and version, operating system, and device type
• Usage data: pages visited, features used, time spent on pages, and referring URLs
• Cookies: essential session cookies for authentication (see Section 9)

2.3 Information from Third-Party Integrations

If you connect third-party services, we may receive additional information:

• Google Calendar: calendar event data when you enable sync
• Google Maps: address and location data when using address autocomplete

3. How We Collect Data

We collect information through the following methods:

• Registration and account setup: when you create an account and configure your business profile
• Service usage: when you add clients, create jobs, send invoices, or manage bookings
• Public booking forms: when your clients submit booking requests through your public booking page
• Third-party integrations: when you connect services such as Google Calendar
• Cookies and similar technologies: essential cookies placed during authentication

4. Purpose of Collection

We use the information we collect to:

• Provide, operate, and maintain the Service, including client management, scheduling, invoicing, and online booking
• Process transactions and send related information such as booking confirmations and invoice emails
• Authenticate your identity and maintain account security
• Communicate with you about service updates, security alerts, and support enquiries
• Improve and develop the Service based on usage patterns and feedback
• Comply with legal obligations and enforce our terms of service

5. Data Sharing and Third Parties

We do not sell your personal information. We share data only with the following third-party service providers who are necessary to operate the Service:

• Vercel — website hosting and content delivery. Data may be processed in the United States and other regions.
• Supabase — database hosting and user authentication. Data is stored on Amazon Web Services (AWS) infrastructure.
• Resend — transactional email delivery for booking confirmations, invoice emails, and notifications.
• Stripe — payment processing. Stripe collects and processes payment information directly under their own privacy policy. We do not store credit card numbers.
• Google — Google Maps API for address autocomplete and Google Calendar API for calendar synchronisation.

We may also disclose your information if required by law, regulation, legal process, or enforceable governmental request.

6. International Data Transfers

SoloCRMS is operated from Australia. However, our infrastructure providers (Vercel, Supabase, Resend, Stripe) process and store data in the United States and other regions globally.

When your data is transferred outside of Australia, we rely on our providers' security measures and contractual obligations to protect your information. These providers maintain industry-standard security certifications including SOC 2 compliance and data encryption.

7. Data Retention

• Active accounts: we retain your data for as long as your account is active and the Service is being used.
• Deleted accounts: when you delete your account, we will delete or anonymise your personal data within 30 days. Backup copies may be retained for up to 90 days before being permanently purged.
• Legal requirements: we may retain certain data for longer periods where required by law (e.g., financial records for tax purposes).

8. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

• Encryption of data in transit using TLS (Transport Layer Security)
• Encryption of data at rest in our database infrastructure
• Row Level Security (RLS) policies ensuring users can only access their own data
• Secure password hashing — we never store passwords in plain text
• Regular security monitoring and updates

While we strive to protect your personal information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Cookies

SoloCRMS uses only essential cookies required for the Service to function. These include:

• Authentication session cookies: to keep you signed in and maintain your session

We do not use advertising, tracking, or analytics cookies. We do not use cookies to build profiles or serve targeted advertising.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: request a copy of the personal data we hold about you
• Correction: request correction of inaccurate or incomplete personal data
• Deletion: request deletion of your personal data, subject to legal retention requirements
• Data export: request a copy of your data in a portable format
• Withdraw consent: withdraw consent for data processing where consent is the basis
• Lodge a complaint: lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or your local data protection authority

To exercise any of these rights, please contact us using the details in Section 13 below.

11. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you by email or by placing a prominent notice on the Service.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

• Email: privacy@solocrms.com
• Operator: Nicki Bates (ABN 70 166 498 744)

We will respond to your enquiry within 30 days.