We collect 4 types of data through your use of Solar Accounts:

• Your personal information including your name and contact details
• Your credit card information and billing information
• Accounting data you directly enter into our software - this includes invoice and payment information and customer and supplier details and emails sent using Solar Accounts
• Meta-data which is derived from your use of the software - this includes details about when you log in and log out, what buttons and menu options you click, and your operating system and screen size

We collect personal data in two ways:

• We collect your personal, billing and accounting information when you directly type this information into the Solar Accounts software or website
• We collect meta-data as you interact with the Solar Accounts software or website. For example, we record your IP address every time you log in and log out.

We do not collect any personal data from third-parties.

We use your data in ways that you would expect for an online accounting software service provider:

• We collect your accounting information in order to provide an accounting software service including display of financial reports, importing bank statements and emailing of invoices and customer statements.
• We use your name and contact details to provide customer service for your account - this includes answering your technical support questions, resetting your password and notifying you about suspicious activity on your account.
• We use your billing details to charge our monthly subscription fee
• We analyse your meta-data in order to maintain the security and improve the quality of the Solar Accounts service. For example, we may analyse meta-data about login attempts from your account to identify suspicious activity. We may analyse the time taken for our server to process each save request to identify whether we can improve the speed and responsiveness of our software.
• If you agree, we may contact you to offer assistance, get feedback on your experience with our software or offer you special pricing. We obtain this consent by asking for it when you set up or upgrade your Solar Accounts account. You can revoke this consent at any time by contacting Solar Accounts customer support.
• When you post a message in our online forum we use your name and message to display on our website. We may also use your email address to reply to your message.

• For using your name and billing information to charge our monthly fee: This processing is required as part of the contract for services we are supplying, so our lawful basis for this processing is ‘Contract’.
• For using your contact details to offer assistance, get feedback on your experience with our software or offer you special pricing: We obtain this consent by asking for it when you set up or upgrade your Solar Accounts account. You can revoke this consent at any time by contacting Solar Accounts customer support. The lawful basis for this use of your data is therefore ‘Consent’.
• For all other processing of data: Our data processing is expected when providing an accounting software service and minimises the use of personal data. Our lawful basis for this processing is therefore ‘Legitimate Interests’.

In order to provide an efficient service we share some personal data with third-party companies as follows:

• In order to charge our monthly fee we share your billing and credit card information with Stripe, Inc [https://stripe.com/].
• In order to send emails efficiently we share the content of each email you send with SendGrid, Inc [https://sendgrid.com/].
• In order to efficiently run our servers and and backup your data we store all your data with Amazon Web Services, Inc [https://aws.amazon.com/] and Tarsnap Backup. Inc [https://www.tarsnap.com/].
• When you share your accounting data by generating a sharing code and giving it to another user, that user has access to the accounting data you shared and your name.
• When you post a message on our online forum or when you submit a ‘contact us’ message through our website which is not marked ‘private’ the message and your name is displayed publicly on our website.

• To view your accounting data, just log in and open your business as normal. This data can be exported to CSV format by clicking menu File > Export To > Solar Accounts CSV File.
• To view the personal information and meta-data we hold that is associated with your account, log in and click menu File > Close > Options > GDPR Compliance > Download Metadata.
• To view billing information for your account, click menu File > Billing.

• To delete accounting data for a business log in and click menu File > Close. Then select the business and click ‘Remove’. Note that the data will not be deleted if another user has access to it.
• To delete your account and all personally-identifiable meta-data, email Solar Accounts customer support to request cancellation of your account.

• If you are subscribed to Solar Accounts we keep your accounting data and personal information for as long as we are able to charge your credit/debit card for monthly subscription payments
• If you are subscribed to Solar Accounts but we are not able to charge your credit/card then we will cancel your account and delete your personal and accounting data from our database after 6 months from the last payment. Your data will remain in our backup system for a further 6 months.
• If you register for a 30-day trial of Solar Accounts but do not subscribe to Solar Accounts, we will delete your account data from our database 6 months after your trial period expires. Your data will remain in our backup system for a further 6 months.
• When you delete a business record, the associated accounting data will be deleted from our database within 30 days. The data will remain in our backup system for a further 6 months.
• When you request that your account be cancelled, your personal details and accounting data will be deleted from our database within 30 days. The data will remain in our backup system for a further 6 months.
• We delete meta-data associated with your account 1 year after we delete your accounting data.
• Messages you post on our online forum will remain available on our website indefinitely.
• Your billing history will remain in our system for 6 years.

When we delete your personal data from our database, human error or software bugs mean there is a small chance that we delete the wrong data. This mistake may not be discovered for several months - to avoid permanent loss of data in such cases we keep a backup of all data for 6 months.

We use industry-standard encryption protocols to ensure your data is secure:

• Data sent between the Solar Accounts client and server is protected by a 128-bit TLS connection with modern cipher suite
• Access to data stored on our server via SSH requires a 2048 RSA cryptographic keyfile and passphrase which is only available to Solar Accounts engineers
• Access to data stored in our backup system requires a Tarsnap cryptographic keyfile and passphrase which is only available to Solar Accounts engineers
• Workflow processes and internal audit logs ensure Solar Accounts staff access your personal data only when necessary

We store your data in our main Amazon Web Services servers located in the Republic of Ireland and our Tarsnap servers located in the United States. Note that data located in the United States is fully encrypted with a Tarsnap cryptographic key which is only available to Solar Accounts staff in the UK.

If we discover a breach of personal data our policy is to inform the UK Information Commissioner's Office within 72 hours of becoming aware of the breach. We will also notify affected users within 5 days.

Under General Data Protection Regulation (GDPR) rules you have a number of rights related to your personal data:

• You have the right to be informed about the collection and use of your personal data - this privacy policy provides such information.
• You have the right to access personal data - see the section “How Can I Access Personal Data You Hold About Me” above
• If there are errors or omissions in the personal data we hold, you can have this information corrected.
• You can object to the way we process your data.
• You have the right to have your personal data erased - see “How Can I Delete My Personal Data?” above.
• You have the right to restrict the way we process some personal data.
• You have the right to export your data in portable format. In Solar Accounts this data is provided as a number of CSV files.
• If you would like to exercise any of these rights please contact Solar Accounts customer support for more information.

We may update this privacy policy from time to time. We will then notify you of changes to this policy when you next use the Solar Accounts software or website. You will need to agree to the new privacy policy in order to continue using the Solar Accounts software or website.