Legal

Privacy Policy

Effective Date: May 20, 2026 · Version 1.0

The short version: We collect the data needed to provide and improve Soillse. We never sell your personal data. We never sell your cognitive data. Your performance data is used only to power your experience and Sage coaching. You can export or delete your data at any time.

01

Who We Are

Soillse ("we", "us", "our") operates the cognitive training platform at soillse.com and associated applications. For questions about this Privacy Policy, contact us at privacy@soillse.com.

This policy applies to all users of Soillse, including visitors to soillse.com, registered users, and subscribers. It covers data collected through the website, web application, and any associated services.


02

What Data We Collect

Account Data

Cognitive Performance Data — the core of the Soillse experience

Check-in and Lifestyle Data

Behavioural and Usage Data

Technical Data

Payment Data

Payment processing is handled by Stripe. We do not store full card numbers. We receive and store: subscription status, billing date, and anonymised payment metadata from Stripe. Stripe's privacy policy applies to payment data.


03

How We Use Your Data

PurposeData UsedLegal Basis
Providing the Soillse serviceAll account and performance dataContract performance
Sage AI coaching personalisationPerformance data, check-in data, session historyContract performance
Cognitive Digital Twin constructionAll performance and check-in dataContract performance
Spaced repetition schedulingSession history, domain scoresContract performance
Account security and fraud preventionAccount data, IP address, device dataLegitimate interests
Billing and subscription managementAccount data, payment metadataContract performance
Platform improvement and researchAnonymised, aggregated performance dataLegitimate interests
Legal complianceAs required by lawLegal obligation
Marketing communications (with consent)Email addressConsent

Research use of your data: We may use anonymised and aggregated cognitive performance data (stripped of all personal identifiers) for internal research to improve the platform, train AI models, and potentially publish aggregate findings. We will never publish data that could identify you individually. We will always anonymise before any research use. We will never sell your cognitive data to third parties for research or any other purpose.


04

Data We Do Not Collect or Use


05

Data Sharing and Third Parties

We share data with third parties only as necessary to provide the service:

Third PartyPurposeData Shared
SupabaseDatabase and authentication infrastructureAll platform data (encrypted at rest)
Anthropic (Claude API)Sage AI coaching generationAnonymised performance context (no name or email)
StripePayment processingEmail address, billing details
ResendTransactional email deliveryEmail address, email content
NetlifyWeb hosting and CDNTechnical access logs only

We do not use advertising networks, analytics brokers, or data aggregators. We do not integrate Facebook Pixel, Google Analytics, or similar tracking technologies.

If Soillse is acquired or merged with another entity, your data may be transferred as part of that transaction. We will notify you by email at least 30 days before any such transfer and provide options including account deletion.


06

Data Storage and Security

Your data is stored on Supabase's infrastructure, hosted on AWS. Data is encrypted at rest and in transit using industry-standard encryption (AES-256 at rest, TLS 1.2+ in transit).

Access to your personal data within Soillse is controlled by Row Level Security (RLS) policies — only your own authenticated session can access your data. Employees can access aggregated anonymised data for support purposes; individual user data access requires documented justification.

We maintain audit logs of access to sensitive data. We conduct regular security reviews.

Despite our security measures, no internet transmission or storage system is 100% secure. If you believe your account has been compromised, contact security@soillse.com immediately.


07

Data Retention

We retain your data for as long as your account is active. If you delete your account:


08

Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

👁️
Right of Access
Request a copy of all personal data we hold about you
✏️
Right of Rectification
Correct inaccurate or incomplete personal data
🗑️
Right of Erasure
Request deletion of your personal data (GDPR Article 17)
📦
Right of Portability
Export your data in a machine-readable format
🚫
Right to Object
Object to processing based on legitimate interests
⏸️
Right to Restriction
Request we restrict processing of your data
🤖
Automated Decisions
Request human review of automated decisions affecting you
📧
Withdraw Consent
Withdraw marketing consent at any time

To exercise any of these rights, contact privacy@soillse.com. We will respond within 30 days. Data export is also available directly from your account settings.

If you are in the EU/EEA and believe we have not adequately addressed your privacy rights, you have the right to lodge a complaint with your local data protection authority.

If you are in Canada, you may contact the Office of the Privacy Commissioner of Canada.

If you are in California, you have additional rights under the CCPA including the right to know, the right to delete, and the right to opt out of sale. We do not sell personal information.


09

Cognitive and Health Data — Special Protections

We treat your cognitive performance data with the highest level of protection we offer. This data tells us things about your mental state and cognitive health that you may not share with others. We take that trust seriously.

We will never:

If you provide check-in data including emotional or stress information, we treat this as sensitive personal data. It is used only to power your Sage coaching and readiness scores. It is never shared with third parties in identifiable form.


10

AI and Automated Processing

Soillse uses AI in two ways: the Sage coaching system (powered by Anthropic's Claude) and internal analytics for the Cognitive Digital Twin.

Sage coaching: When you complete a session, your anonymised performance context is sent to Anthropic's API to generate coaching text. Your name and email are never sent to Anthropic. Only performance metrics and patterns are included. Anthropic processes this data per their privacy policy and does not use it to train their models (under our enterprise terms).

Cognitive Digital Twin: The digital twin is built entirely from your own data using statistical analysis within our database. No personal data leaves Soillse's infrastructure for this purpose.

No consequential automated decisions: No automated decision with legal or similarly significant effect (employment, credit, insurance) is made about you based on Soillse data.


11

Children's Privacy

Soillse is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has created an account, contact privacy@soillse.com and we will delete the account promptly.


12

International Data Transfers

Soillse's infrastructure is primarily hosted in the United States (Supabase on AWS). If you are located in the EU, EEA, or UK, your data is transferred to the US. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the transfer mechanism for EU personal data.

If you are in Canada, your data may be processed in the United States. We maintain contractual protections with all US-based processors.


13

Cookies and Tracking

Soillse uses minimal cookies. We use session cookies necessary for authentication and platform function. We do not use advertising cookies, tracking pixels, or cross-site tracking technologies. We do not use Google Analytics, Facebook Pixel, or similar tools.

The session cookie used for authentication is strictly necessary for the platform to function and cannot be disabled without losing access to your account.


14

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by prominent notice within the platform at least 14 days before changes take effect. The "effective date" at the top of this page will be updated accordingly.

If the changes materially affect how we use your data, we will request fresh consent where required by law.


Privacy Contact

For all privacy requests and questions:

Privacy: privacy@soillse.com
Security: security@soillse.com
Support: support@soillse.com
Legal: legal@soillse.com

We aim to respond to all privacy requests within 30 days. For urgent data security concerns, we aim to respond within 72 hours.