Solara
Privacy Policy

Last Updated: May 11, 2025

Welcome to Solara ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered social intelligence coaching service.

Solara is an AI-driven platform that provides personalized advice to improve communication, influence, and relationship-building skills. Our service is available through our website and mobile applications.

This Privacy Policy applies to all information collected through our services, as well as any related services, sales, marketing, or events (collectively, the "Services").

• Account Information: When you register, we collect your name, email address, and password. If you use third-party authentication (like Google), we receive information from that service.
• Profile Information: Information you choose to add to your profile, such as a profile picture, biographical information, or preferences.
• Conversation Content: The content of your conversations with our AI coach, including questions, responses, and any personal experiences you share.
• Sensitive Personal Data: Some information shared in AI conversations may reveal or imply sensitive personal data (such as emotional state, interpersonal conflicts, or health-related concerns). While we do not ask for or intentionally process sensitive data, we rely on your consent to process this information when voluntarily provided by you. Please avoid sharing information you consider sensitive or confidential unless necessary for your use of the Services.
• Subscription and Payment Information: When you subscribe, we collect billing information including name, address, payment method details, and transaction history through our payment processor, Stripe.
• Survey or Feedback Responses: Information you provide when responding to surveys, submitting feedback, or contacting our support team.
• Age Information: If applicable, your age or date of birth to determine appropriate consent requirements.

• Usage Data: Information about how you interact with our Services, including features you use, time spent on the platform, and interaction patterns.
• Device Information: Information about your device, including device type, operating system, browser type, IP address, and mobile device identifiers.
• Log Data: Server logs, error reports, and performance data.
• Location Information: General location information inferred from your IP address.

• Authentication Services: If you sign in using third-party services like Google, we receive information in accordance with the authorization procedures of those services.
• Analytics Partners: We may receive aggregated information from analytics providers to help us improve our Services.

• Deliver AI Coaching: Process your conversation inputs to generate personalized AI responses and advice.
• Account Management: Create and maintain your account, process transactions, and send service notifications.
• Customer Support: Address your questions, concerns, or support requests.
• Technical Maintenance: Ensure proper functioning of our Services, identify and fix technical issues.
• Service Enhancement: Analyze usage patterns to improve features and develop new ones.
• Personalization: Tailor your experience based on your preferences and past interactions.
• Training and Quality Improvement: With your consent, we may use anonymized conversation data to improve our AI system's responses and capabilities. You may opt out of allowing your anonymized conversation data to be used for AI training and improvement by updating your privacy settings in your account or emailing us at privacy@solara.com.
• Service Updates: Send notifications about changes to our Services, terms, or policies.
• Marketing Communications: With your consent, send you information about new features, promotions, or related services.
• Feedback Requests: Request feedback on your experience with our Services.
• Legal Compliance: Comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
• Fraud Prevention: Detect, investigate, and prevent fraudulent transactions and other illegal activities.
• Security: Protect the rights, property, or safety of our users, our company, or the public.

• Performance of Contract: Processing necessary to provide you with the Services you request and to fulfill our obligations under the Terms of Service.
• Legitimate Interests: Processing necessary for our legitimate interests or those of third parties, provided those interests are not overridden by your rights and interests. These legitimate interests include:
  • Operating and improving our Services
  • Protecting against fraud and security threats
  • Understanding how users interact with our Services
• Consent: Processing based on your specific consent, such as for marketing communications or for processing certain types of sensitive information.
• Explicit Consent: Where sensitive data is processed, we do so on the basis of explicit consent under Article 9(2)(a) of the GDPR.
• Legal Obligation: Processing necessary to comply with our legal obligations.

• Firebase (Google): We use Firebase for authentication and Firestore for database services. Firebase processes your account information and stores conversation data. Firebase's privacy policy.
• Google Cloud Run: We use Google Cloud Run to host our services. Google's privacy policy.
• OpenAI: We use OpenAI's API to power our AI coach. Your conversation inputs are sent to OpenAI for processing to generate responses. OpenAI's privacy policy. Your conversation inputs are temporarily retained by OpenAI for up to 30 days for abuse monitoring. Solara does not control this retention period and encourages users not to share sensitive personal information. OpenAI does not use API inputs to train their models by default.
• Stripe: We use Stripe for payment processing. When you make a purchase, your payment information is sent directly to Stripe and is subject to their privacy policy: Stripe's privacy policy. We store only limited payment information (such as the last four digits of your card number) and subscription status.

• Business Transfers: If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
• Protection of Rights: We may disclose your information to protect the rights, property, or safety of our company, our users, or others.

• Encryption: We use encryption in transit (HTTPS/TLS) and at rest to protect your data.
• Access Controls: We restrict access to personal information to authorized employees, contractors, and service providers who need to know that information to operate, develop, or improve our Services.
• Authentication Security: We implement multi-factor authentication for administrative access to systems containing personal data.
• Regular Security Assessments: We conduct regular security assessments and update our security practices as needed.
• Data Minimization: We collect only the personal information necessary to provide our Services.
• Monitoring: We maintain security monitoring systems to detect and address potential security incidents.

Rights for All Users

• Access: You can request a copy of the personal information we hold about you.
• Correction: You can request that we correct inaccurate or incomplete information.
• Deletion: You can request that we delete your personal information in certain circumstances.
• Opt-out of Marketing: You can opt out of receiving marketing communications from us at any time.

Additional Rights for EEA, UK, and Swiss Residents (GDPR)

• Data Portability: You can request a copy of your personal information in a structured, commonly used, and machine-readable format.
• Restriction of Processing: You can request that we restrict the processing of your personal information under certain conditions.
• Objection to Processing: You can object to our processing of your personal information based on our legitimate interests.
• Withdraw Consent: You can withdraw consent at any time where we are relying on consent to process your personal information.
• Supervisory Authority: You have the right to lodge a complaint with a supervisory authority in your country of residence, work, or where an alleged infringement has occurred.

Additional Rights for California Residents (CCPA/CPRA)

• Right to Know: You can request details about the categories of personal information we collect, the sources of that information, our purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You can request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You can request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information as defined by California law. If this changes in the future, we will update this policy and provide a method to opt out.
• Non-Discrimination: You will not be discriminated against for exercising any of your CCPA rights.

How to Exercise Your Rights

• In-App Controls: Some rights can be exercised directly through your account settings.
• Email Request: Contact us at privacy@solara.com with your specific request.
• Web Form: Visit our privacy request page at www.solara.com/privacy-request.

Retention Periods

• Account Information: We retain your account information for as long as your account is active. If you delete your account, we will delete or anonymize your account information within 30 days, except where we need to retain certain information for legitimate business or legal purposes.
• Conversation History: Your conversation history is stored for as long as your account is active, allowing you to reference past interactions. You can delete specific conversations or all conversation history through your account settings at any time.
• Payment Information: We retain payment transaction records for tax and accounting purposes for up to 7 years, as required by applicable law. However, we only retain limited payment details (not full credit card information).
• Usage Data: Aggregated and anonymized usage data may be retained indefinitely for analytical purposes.

Inactive Accounts

• If your account has been inactive for an extended period (typically 2 years), we may contact you to confirm if you wish to maintain your account. If you do not respond, we may delete or anonymize your account in accordance with our data retention policy.

Age Restrictions and Parental Consent

• Under 13: Children under the age of 13 may only use our Services with verifiable parental consent. If we learn that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information.
• Ages 13-17: Minors between 13 and 17 years of age may use our Services with parental or guardian consent, as required by applicable law.
• Verification Method: We obtain verifiable parental consent via email confirmation from the parent/guardian plus identity verification through either (1) a small credit card verification charge (refunded immediately), (2) a digitally signed consent form, or (3) verification through government-issued ID. If parental consent is not verified within 14 days, the child's data is deleted from our systems.

Parental Rights and Controls

• Review Information: The right to review the personal information collected from their child.
• Request Deletion: The right to request deletion of personal information collected from their child.
• Consent Revocation: The right to refuse further collection or use of their child's personal information.

Information We Collect from Children

• Account Information: Username, age or birth date, and parent/guardian contact information.
• Conversation Content: Conversations with our AI coach.
• Usage Information: How the child interacts with our Services.

How We Use Children's Information

• Provide and maintain our Services: Process AI conversations and deliver responses.
• Communicate with Parents: Send notifications to parents regarding their child's account.
• Security and Protection: Protect the security and integrity of our Services.

Cross-Border Transfer Mechanisms

• Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses for data transfers to third countries that have not received an adequacy decision.
• EU-US Data Privacy Framework (DPF): Where applicable, we rely on the EU-US Data Privacy Framework for transfers to the United States.
• UK Extension to SCCs: For transfers from the UK, we implement the UK International Data Transfer Agreement or the UK Addendum to the EU SCCs.

Data Protection in Third Countries

• We carefully select service providers with strong privacy and security practices.
• We implement additional technical safeguards, such as encryption, for data in transit and at rest.
• We limit the personal information transferred to only what is necessary.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we do, we will update the "Last Updated" date at the top of this Privacy Policy.

• Displaying a prominent notice on our website or within our app
• Sending an email to the address associated with your account
• Requiring you to acknowledge the updated Privacy Policy before continuing to use our Services

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

• Email: privacy@solara.com
• Postal Address:
  1577 Dooralong Rd
  2259
  Lemon Tree, NSW
  Australia

• All responses from our AI coach are generated by artificial intelligence and machine learning systems.
• AI-generated content may sometimes contain inaccuracies, misinterpretations, or inappropriate responses despite our safeguards.
• The advice provided is for informational and educational purposes only and should not be considered as professional psychological, medical, legal, or financial advice.
• Solara is not liable for any decisions made or actions taken based on AI-generated content. Users are solely responsible for interpreting and applying the content provided.
• If you are experiencing mental health challenges, please consult a licensed professional.

We maintain a timestamped record of when users accept this Privacy Policy and our Terms of Service. For users under 18, we also log verifiable parental or guardian consent. You may request a copy of your consent record by contacting privacy@solara.com.

Australia

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Australian users have the right to access their personal information, request correction of inaccurate information, and make complaints about our handling of their personal information.

Canada

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and relevant provincial laws. Canadian users have the right to access their personal information, request correction of inaccurate information, and withdraw consent for certain types of processing.

California Notice at Collection

For California residents, at the point of collection, we inform you of the categories of personal information to be collected and the purposes for which the categories of personal information will be used. This notice is provided at or before the point of collection, such as during the sign-up process.