The short version: We collect the data needed to provide and improve Soillse. We never sell your personal data. We never sell your cognitive data. Your performance data is used only to power your experience and Sage coaching. You can export or delete your data at any time.
Soillse ("we", "us", "our") operates the cognitive training platform at soillse.com and associated applications. For questions about this Privacy Policy, contact us at privacy@soillse.com.
This policy applies to all users of Soillse, including visitors to soillse.com, registered users, and subscribers. It covers data collected through the website, web application, and any associated services.
Account Data
Cognitive Performance Data — the core of the Soillse experience
Check-in and Lifestyle Data
Behavioural and Usage Data
Technical Data
Payment Data
Payment processing is handled by Stripe. We do not store full card numbers. We receive and store: subscription status, billing date, and anonymised payment metadata from Stripe. Stripe's privacy policy applies to payment data.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Providing the Soillse service | All account and performance data | Contract performance |
| Sage AI coaching personalisation | Performance data, check-in data, session history | Contract performance |
| Cognitive Digital Twin construction | All performance and check-in data | Contract performance |
| Spaced repetition scheduling | Session history, domain scores | Contract performance |
| Account security and fraud prevention | Account data, IP address, device data | Legitimate interests |
| Billing and subscription management | Account data, payment metadata | Contract performance |
| Platform improvement and research | Anonymised, aggregated performance data | Legitimate interests |
| Legal compliance | As required by law | Legal obligation |
| Marketing communications (with consent) | Email address | Consent |
Research use of your data: We may use anonymised and aggregated cognitive performance data (stripped of all personal identifiers) for internal research to improve the platform, train AI models, and potentially publish aggregate findings. We will never publish data that could identify you individually. We will always anonymise before any research use. We will never sell your cognitive data to third parties for research or any other purpose.
We share data with third parties only as necessary to provide the service:
| Third Party | Purpose | Data Shared |
|---|---|---|
| Supabase | Database and authentication infrastructure | All platform data (encrypted at rest) |
| Anthropic (Claude API) | Sage AI coaching generation | Anonymised performance context (no name or email) |
| Stripe | Payment processing | Email address, billing details |
| Resend | Transactional email delivery | Email address, email content |
| Netlify | Web hosting and CDN | Technical access logs only |
We do not use advertising networks, analytics brokers, or data aggregators. We do not integrate Facebook Pixel, Google Analytics, or similar tracking technologies.
If Soillse is acquired or merged with another entity, your data may be transferred as part of that transaction. We will notify you by email at least 30 days before any such transfer and provide options including account deletion.
Your data is stored on Supabase's infrastructure, hosted on AWS. Data is encrypted at rest and in transit using industry-standard encryption (AES-256 at rest, TLS 1.2+ in transit).
Access to your personal data within Soillse is controlled by Row Level Security (RLS) policies — only your own authenticated session can access your data. Employees can access aggregated anonymised data for support purposes; individual user data access requires documented justification.
We maintain audit logs of access to sensitive data. We conduct regular security reviews.
Despite our security measures, no internet transmission or storage system is 100% secure. If you believe your account has been compromised, contact security@soillse.com immediately.
We retain your data for as long as your account is active. If you delete your account:
Depending on your jurisdiction, you have the following rights regarding your personal data:
To exercise any of these rights, contact privacy@soillse.com. We will respond within 30 days. Data export is also available directly from your account settings.
If you are in the EU/EEA and believe we have not adequately addressed your privacy rights, you have the right to lodge a complaint with your local data protection authority.
If you are in Canada, you may contact the Office of the Privacy Commissioner of Canada.
If you are in California, you have additional rights under the CCPA including the right to know, the right to delete, and the right to opt out of sale. We do not sell personal information.
We treat your cognitive performance data with the highest level of protection we offer. This data tells us things about your mental state and cognitive health that you may not share with others. We take that trust seriously.
We will never:
If you provide check-in data including emotional or stress information, we treat this as sensitive personal data. It is used only to power your Sage coaching and readiness scores. It is never shared with third parties in identifiable form.
Soillse uses AI in two ways: the Sage coaching system (powered by Anthropic's Claude) and internal analytics for the Cognitive Digital Twin.
Sage coaching: When you complete a session, your anonymised performance context is sent to Anthropic's API to generate coaching text. Your name and email are never sent to Anthropic. Only performance metrics and patterns are included. Anthropic processes this data per their privacy policy and does not use it to train their models (under our enterprise terms).
Cognitive Digital Twin: The digital twin is built entirely from your own data using statistical analysis within our database. No personal data leaves Soillse's infrastructure for this purpose.
No consequential automated decisions: No automated decision with legal or similarly significant effect (employment, credit, insurance) is made about you based on Soillse data.
Soillse is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has created an account, contact privacy@soillse.com and we will delete the account promptly.
Soillse's infrastructure is primarily hosted in the United States (Supabase on AWS). If you are located in the EU, EEA, or UK, your data is transferred to the US. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the transfer mechanism for EU personal data.
If you are in Canada, your data may be processed in the United States. We maintain contractual protections with all US-based processors.
Soillse uses minimal cookies. We use session cookies necessary for authentication and platform function. We do not use advertising cookies, tracking pixels, or cross-site tracking technologies. We do not use Google Analytics, Facebook Pixel, or similar tools.
The session cookie used for authentication is strictly necessary for the platform to function and cannot be disabled without losing access to your account.
We may update this Privacy Policy from time to time. We will notify you of material changes by email and by prominent notice within the platform at least 14 days before changes take effect. The "effective date" at the top of this page will be updated accordingly.
If the changes materially affect how we use your data, we will request fresh consent where required by law.
For all privacy requests and questions:
Privacy: privacy@soillse.com
Security: security@soillse.com
Support: support@soillse.com
Legal: legal@soillse.com
We aim to respond to all privacy requests within 30 days. For urgent data security concerns, we aim to respond within 72 hours.