Privacy Policy

Solowrks is a tool for solo consultants to track time, mileage, expenses, and invoicing. We store the minimum data needed to run the app: your Google account identity, business settings, and references to data you keep in your own Google Drive and Sheets.

• Google account info — email, name, and profile photo from Google OAuth, used to identify you and personalize the app.
• Business settings — the values you enter during onboarding (business name, address, phone, invoice prefix, default rates) and any updates in Settings.
• OAuth tokens — short-lived access tokens and refresh tokens we use to access Google services on your behalf. Stored encrypted at rest in Upstash Redis.
• Activity timestamps — sign-in count and last-active timestamp, used to keep the app responsive and to support you if you contact us.
• Per-user business data — clients, projects, time entries, mileage, expenses, jobs, invoices, and payments. Stored in our database (Neon Postgres) and mirrored into your own Google Sheet so you always have a copy you control.

• We don't track your browsing on other sites.
• We don't sell or share your data with advertisers — we have no ads.
• We don't access Google Drive files we didn't create — Solowrks uses thedrive.filescope, which is per-file, not full Drive access.

Solowrks's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• Google Sheets — we read and write the spreadsheet Solowrks creates for you (not any other spreadsheets in your Drive).
• Google Drive — we read and write only files Solowrks created (via the drive.file scope), such as your data spreadsheet, receipt uploads, and the README.
• Gmail — we use thegmail.sendscope only to send invoices from your account when you click "Send invoice." We never read your email.
• We do not transfer Google user data to third parties for serving advertising, credit-worthiness, or any other purpose unrelated to providing the service.
• We do not allow humans to read this data unless we have your specific consent, it is necessary for security reasons, or it is required to comply with the law.

When you upload a receipt, Solowrks sends the image (or PDF) to Anthropic's Claude API to extract the date, amount, vendor, and category. The image is processed and returned to your form fields — Anthropic does not retain the data for training. You can choose not to upload receipts; expense entry works without it.

• Neon Postgres (US-East) — primary application database for your business data and user record.
• Upstash Redis — short-lived caches and OAuth tokens.
• Your Google Drive and Sheet — the user-visible mirror of your data and any receipts you upload.
• Anthropic API — receipts pass through here for scanning, but are not stored or retained for training.
• Vercel hosts the application; logs may include anonymized request metadata for up to 30 days.

• Access — at any time, view your data in the app or in your Google Sheet.
• Export — download all your data as a JSON file from Settings → Account → Export my data.
• Deletion — permanently delete your account and all data we hold from Settings → Account → Delete my account. Your Google Drive folder is left intact (you control it).
• Revoke access— at any time, revoke Solowrks's access to your Google account at myaccount.google.com/permissions.

All traffic is encrypted in transit (HTTPS). OAuth tokens are stored at rest using Upstash's encrypted storage. Database credentials and API keys are managed via Vercel's encrypted environment variables. We follow industry best practices but no system is perfectly secure — if you discover a vulnerability, please contact us.

Solowrks is not intended for users under 16 years of age. We do not knowingly collect information from children.

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be communicated via email to active users.

Questions, requests, or concerns? Email privacy@solowrks.com.