Privacy Policy

What SoloWrks is

SoloWrks (“we”, “our”, “the app”) is a web application that helps solo consultants and freelancers track time, mileage, expenses, jobs, and invoices. Your business data is stored in a Google Spreadsheet in your own Google Drive account — we do not operate a separate database for your business data.

Information we collect

Google account info: When you sign in with Google, we receive your name, email address, and profile picture. This is used to identify your account.

OAuth tokens: We store an encrypted access token and refresh token so the app can read and write your Google Spreadsheet and send invoices via Gmail on your behalf. These tokens are stored in a secure, encrypted Redis database (Upstash) and are never shared with third parties.

Account settings: Your business name, address, phone number, invoice prefix, and default rates are stored in our Redis database to personalize your experience.

Business data: All your clients, projects, time entries, mileage, expenses, jobs, invoices, and payments are stored in a Google Spreadsheet in your Google Drive. We read and write this data on your behalf but do not copy or store it outside of your Google account and short-lived (30-second) caches.

How we use your information

• To authenticate you and maintain your session
• To read and write your business data in Google Sheets
• To send invoices via Gmail on your behalf (only when you explicitly tap “Send”)
• To generate PDF invoices with your business information
• To create a Google Spreadsheet in your Drive during account setup

Google API scopes we request

• Google Sheets (spreadsheets) — to read and write your business data
• Gmail (gmail.send) — to send invoices from your email address
• Google Drive (drive.file) — to create your spreadsheet during setup (we can only access files we create, not your other Drive files)

Data sharing

We do not sell, rent, or share your personal information or business data with any third party. Period.

The only external services that process your data are:

• Google — your data lives in your Google account (Sheets, Gmail, Drive)
• Upstash — stores your account settings and authentication tokens (encrypted at rest and in transit)
• Vercel — hosts the application (no persistent data storage)

Data retention

Your business data lives in your Google Drive and is subject to Google’s retention policies. We do not independently retain copies of your business data.

Account settings and authentication tokens are retained in Redis as long as your account is active. If you stop using the app, tokens expire naturally when unused for 6 months (per Google’s OAuth policy).

Public invoice pages

When you create an invoice, a shareable link is generated with a cryptographically random token. Anyone with this link can view the invoice details (client name, line items, amounts). These pages are not indexed by search engines. Share links expire after one year.

Your rights

• Access: Your data is in your Google Sheet — you have full access at all times
• Deletion: Revoke the app’s access at myaccount.google.com/permissions and your tokens are immediately invalidated. Your Google Sheet remains in your Drive.
• Portability: Your data is already in Google Sheets — export it anytime

Security

All connections use HTTPS/TLS. Authentication tokens are stored in encrypted Redis (Upstash, AES-256 at rest). We enforce HSTS, X-Frame-Options, and Content Security headers. The application does not store passwords — authentication is handled entirely by Google OAuth.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the app. Continued use after changes constitutes acceptance.

Contact

Questions about this policy? Email privacy@solowrks.com.