Privacy Policy

Last updated: February 12, 2026

1. Introduction

SoloCRM (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our client relationship management platform. This policy complies with the Protection of Personal Information Act (POPIA) of South Africa and other applicable data protection regulations.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (encrypted using bcrypt)
  • Business name
  • Subscription tier (Free or Pro)

2.2 Business Data

You may voluntarily provide the following information to use our services:

  • Customer details (names, email addresses, contact information)
  • Job information (descriptions, scheduled dates, pricing)
  • Invoices and quotes
  • Tasks and activities
  • Banking information (for display on invoices)
  • VAT registration status and tax rates
  • File attachments and signatures

2.3 Automatically Collected Information

When you use our service, we automatically collect:

  • IP address and browser type
  • Session data and cookies
  • Usage statistics (page views, feature usage)
  • Error logs and performance metrics

3. How We Use Your Information

We use your personal information for the following purposes:

  • Service Delivery: To provide and maintain our CRM platform, including client management, invoicing, and job scheduling features
  • Account Management: To create and manage your account, process payments, and provide customer support
  • Communication: To send important service notifications, daily digest emails, and optional marketing communications
  • Security: To detect and prevent fraud, unauthorized access, and other malicious activities
  • Improvement: To analyze usage patterns and improve our services
  • Legal Compliance: To comply with applicable laws and regulations

4. Legal Basis for Processing

Under POPIA, we process your personal information based on the following legal grounds:

  • Consent: You provide consent when you create an account, accept these terms, and voluntarily enter data into the platform. You may withdraw consent at any time by deleting your account.
  • Contractual Necessity: Processing is necessary to perform our contract with you — providing the SoloCRM service, managing your subscription, and processing payments.
  • Legitimate Interest: We process certain data (such as usage analytics and error logs) to maintain, improve, and secure the platform. These interests do not override your fundamental privacy rights.
  • Legal Obligation: We may process data to comply with applicable laws, such as tax regulations, court orders, or requests from regulatory authorities.

5. Your Role as Data Controller and Our Role as Data Processor

When you use SoloCRM, it's important to understand the roles under data protection law:

  • You are the “Data Controller” (or “Responsible Party” under POPIA) for the business data you upload and manage within the Service. This includes your customers' personal information, job details, and any other data you enter. As the controller, you are responsible for ensuring you have a legal basis to collect and process that data and for upholding your customers' rights.
  • SoloCRM is the “Data Processor” (or “Operator” under POPIA) for that business data. We process this data on your behalf and according to your instructions to provide the Service. We will not use your business data for any purpose other than providing, securing, and improving the platform as outlined in this policy and our Terms of Service.

For your own account information (your email, name, etc.), SoloCRM is the Data Controller.

6. Data Storage and Security

6.1 Data Storage

Your data is stored using Supabase (PostgreSQL database) with servers located in the United States. All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3.

6.2 Security Measures

We implement industry-standard security measures to protect your data:

  • Row Level Security (RLS): Database-level isolation ensures users can only access their own data
  • Encrypted Passwords: All passwords are hashed using bcrypt
  • Secure Authentication: Session management with automatic token refresh
  • Server-Side Validation: All user input is validated server-side to prevent injection attacks
  • Storage Security: File uploads are restricted to authenticated users and scoped to their own folders
  • Rate Limiting: Email sending and storage limits prevent abuse

6.3 Data Isolation

Your business data is completely isolated from other users. Our Row Level Security policies ensure that:

  • You can only view, edit, or delete your own customers, jobs, invoices, and quotes
  • File attachments and signatures are stored in user-specific folders
  • No user can access another user's data, even through API calls

7. Data Sharing and Disclosure

We do not sell, rent, or share your personal information with third parties except in the following circumstances:

  • Service Providers: We use trusted third-party services to operate our platform:
    • Supabase (database and authentication)
    • Vercel (hosting)
    • Brevo (email delivery)
    • Paystack (payment processing)
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In the event of a merger, acquisition, or sale of assets
  • Your Consent: When you explicitly authorize us to share your information

8. Your Rights Under POPIA

Under the Protection of Personal Information Act (POPIA), you have the following rights:

  • Access: You can view and export all your personal data at any time through your account settings
  • Correction: You can update or correct your information through the Settings page
  • Deletion: You can request account deletion, which will permanently remove all your data within 30 days
  • Objection: You can opt out of marketing communications at any time
  • Data Portability: You can export your data in CSV format
  • Restriction: You can request restriction of processing by deactivating your account

To exercise any of these rights, please contact us at privacy@mytechsolutions.co.za

Right to Lodge a Complaint

If you believe your personal information has been processed in violation of POPIA, you have the right to lodge a complaint with the South African Information Regulator:

9. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. Specific retention periods are as follows:

  • Account data (email, business name, settings): Retained while your account is active; deleted within 30 days of account deletion
  • Business data (customers, jobs, invoices, quotes): Retained while your account is active; deleted within 30 days of account deletion
  • Deleted items (trashed records): Moved to trash for 30 days, then automatically and permanently purged
  • File attachments and signatures: Deleted when the associated record is permanently deleted or account is deleted
  • Payment and billing records: Retained for 5 years after the transaction date as required by South African tax law (Tax Administration Act)
  • Server logs and error logs: Retained for up to 90 days for debugging and security purposes, then automatically deleted
  • Usage analytics: Retained in aggregated, anonymised form indefinitely; individual usage data deleted within 12 months

Upon account deletion, all personal data is permanently removed within 30 days, except where retention is required by law (e.g., tax and financial records).

10. Cookies and Tracking

We use essential cookies to maintain your session and provide authentication. These cookies are necessary for the service to function and cannot be disabled. We do not use advertising or tracking cookies from third parties.

11. Children's Privacy

SoloCRM is intended for business use by adults. We do not knowingly collect personal information from children under 18 years of age. If we discover that a child under 18 has provided us with personal information, we will delete it immediately.

12. International Data Transfers

Your data may be transferred to and processed in countries outside of South Africa, including the United States (where our database servers are located). In accordance with POPIA Section 72, we ensure that such transfers only occur where:

  • The recipient country has adequate data protection laws, or
  • The recipient is bound by contractual obligations providing an adequate level of protection (our third-party providers — Supabase, Vercel, Brevo, and Paystack — maintain data processing agreements with appropriate safeguards), or
  • You have provided consent to the transfer by accepting these terms and using the Service, or
  • The transfer is necessary for the performance of the contract between you and us

13. Automated Decision-Making

SoloCRM does not use automated decision-making or profiling that produces legal effects or similarly significant effects on you. Features such as the “follow-up needed” indicator are simple time-based calculations (e.g., flagging clients not contacted within 7 days) and do not constitute profiling. No decisions are made about you or your clients by automated means.

14. Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

  • Notify the Information Regulator as soon as reasonably possible after becoming aware of the breach, as required by POPIA Section 22
  • Notify affected users by email as soon as reasonably possible, providing details of the breach, the type of information affected, and the measures we are taking to address it
  • Take immediate remedial action to contain the breach, investigate its cause, and prevent future occurrences
  • Document the breach including its nature, the categories of data affected, the approximate number of users affected, and the steps taken in response

We maintain incident response procedures and will provide recommendations on steps you can take to protect yourself (such as changing your password) in any breach notification.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Updating the “Last updated” date at the top of this page
  • Sending an email notification to your registered email address
  • Displaying a prominent notice in the application

Your continued use of SoloCRM after any changes constitutes your acceptance of the updated Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

MyTech Solutions

Information Officer: Alberto van Zyl

Email: privacy@mytechsolutions.co.za

Support: support@mytechsolutions.co.za

South Africa

17. POPIA Compliance Statement

SoloCRM is committed to full compliance with the Protection of Personal Information Act (POPIA) of South Africa. We have implemented appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of your personal information. All data processing activities are conducted lawfully, transparently, and in accordance with POPIA principles. Our Information Officer can be contacted at privacy@mytechsolutions.co.za for any POPIA-related enquiries. You may also lodge complaints with the Information Regulator at inforegulator.org.za.

← Back to Home