Privacy Policy.
Private by design — your data stays on your device.
Last updated / Effective date: 1 July 2026
Applies to: the SoloDock iOS application (“App”) and the website at https://solodock.framer.website (the “Site”), together the “Service”.
Plain-English summary (not a substitute for the full policy): SoloDock is built to be private by design. Your invoices, clients, jobs, photos, quotes, payments and prices are stored only on your device and are never sent to us. We have no user accounts, run no central server that holds your data, use no advertising, analytics, tracking or profiling, and we never see, hold, or move your money. The only routine internet request the App makes is an anonymous, once-a-day exchange-rate lookup that contains none of your personal or business data. We can’t lose, sell, or hand over data we never collect.
1. Who we are (the data fiduciary / controller)
The Service is operated by Archit Suryawanshi, a sole proprietor based in India (“SoloDock”, “we”, “us”, “our”).
Contact (general & support): architpsuryawanshi@gmail.com
Contact (privacy, data-rights & grievances): architpsuryawanshi@gmail.com
Postal address: 6/16, Pratiknagar, Sector 2, Off. Alandi Road, Yerawada, Pune - 411006, India
Grievance Officer (India – DPDP Act 2023 & Consumer Protection (E-Commerce) Rules 2020): Archit Suryawanshi, reachable at architpsuryawanshi@gmail.com
For most of the data described below we are not a “controller” or “fiduciary” of your business records at all, because that data never reaches us (see Section 4). Where we do act as a controller/fiduciary — for example, an email you choose to send us — this policy explains how.
2. The privacy-by-design model (read this first)
SoloDock’s architecture is the most important privacy fact about it:
Local-first storage — all of your content lives in an on-device database (Apple SwiftData) on your iPhone. It is not uploaded to us.
No account, no login — we do not ask you to register. We hold no username, password, profile, or identifier for you.
No SoloDock server for your data — we operate no backend that stores, mirrors, or processes your invoices, clients, jobs, photos, or payments.
Non-custodial payments — you connect or paste your own payment link (e.g. Stripe, PayPal, Wise). Money flows directly between your client and your provider. We are never in the middle and never touch funds or card details.
No tracking — no advertising IDs, no cross-app/website tracking, no behavioural profiling, no third-party analytics or marketing SDKs in the App. We do not show ads.
You can leave with everything — you can export your data (CSV + PDF) and create a portable JSON backup at any time, for free. Deleting the App deletes the on-device data.
3. Definitions
Personal data / personal information: information relating to an identified or identifiable individual. Depending on your country this is called “personal data” (GDPR, UK GDPR, India DPDP Act, LGPD), “personal information” (CCPA/CPRA, PIPEDA, Australia, APPI), etc.
Data principal / data subject / consumer: the individual the personal data is about — for example you, or one of your clients.
Data fiduciary / controller / business: the person who decides why and how personal data is processed.
Data processor: a person who processes personal data on behalf of a controller.
Processing: any operation performed on data (collecting, storing, using, deleting, etc.).
4. Where your data lives, and which data (if any) we receive
4.1 Data that stays on your device (we never receive it)
The following is created and stored only on your iPhone and is never transmitted to SoloDock:
Your business profile: business/trading name, your name, logo, brand colour, contact details, address, tax settings (VAT/GST/sales-tax/CIS numbers and rates), invoice numbering and default terms, default currency, and any payment link you paste.
Your clients: names, points of contact, emails, phone numbers, billing addresses, currency, terms, and notes.
Your jobs/projects: titles, dates, locations, notes, and photos you attach (e.g. proof-of-work, before/after, meter readings) with captions.
Your quotes, invoices, line items, payments, deposits, recurring schedules, and tracked time entries.
Your price list and app settings (appearance, notification preferences, backup preference, etc.).
We have no ability to access, read, recover, or disclose this data. It is protected by iOS file-level encryption and your device passcode/biometrics.
4.2 Your clients’ personal data — you are the controller, not us
When you store information about your clients, you decide why and how it is used, and that data lives only on your device. In data-protection terms, you are the independent controller/fiduciary of your clients’ personal data, and SoloDock is not even a processor, because we never receive it. You are responsible for handling your clients’ data lawfully (for example, telling them how you use it and honouring their rights). See also Section 12 of the Terms of Service (also called the Terms & Conditions — the two terms mean the same document; see that document’s introduction).
4.3 Data that does leave your device — and who receives it
Only the limited categories below ever leave your device, and most go to parties you choose, not to us:
Frankfurter exchange-rate service (api.frankfurter.app, European Central Bank reference rates).
What is sent: a standard web request containing the currency codes to convert (e.g. “GBP”, “EUR”) and the normal technical metadata every internet request carries (including your device’s IP address, which any web server necessarily sees).
Why: to show approximate “today’s-rate” conversions on your dashboard and invoices when you use more than one currency.
Personal data: none — no business or personal data, no account, no identifier; at most an IP address visible to that endpoint, as with any website you load. The result is cached on your device; we make at most one request per day.
Apple (App Store, StoreKit, iCloud).
What is sent: your subscription purchase/restore is handled entirely by Apple; iCloud backup (if you enable it) uses your own Apple ID.
Why: billing, subscription management, and optional device backup.
Personal data: Apple processes this as an independent controller under its privacy policy. We receive only aggregated, anonymised sales and subscription reports — never your name, email, or payment details.
Your own payment provider (e.g. Stripe, PayPal, Wise — your link).
What is sent: nothing by us. When your client taps “Pay now,” they go directly to your provider.
Personal data: governed by your agreement with that provider and their privacy policy. SoloDock is not a party to, and never sees, those transactions.
The email / messaging app you choose (Mail, Messages, Gmail, Outlook, etc.).
What is sent: the invoice/quote PDF and message you decide to send, to deliver documents and reminders. You control what is sent and to whom; the third-party app’s own policy applies.
You voluntarily contacting us — the content of any email, message, or form you send us (see Section 4.4).
The Site at https://solodock.framer.website — the Site is hosted on Framer and uses Framer’s built-in, cookieless analytics (aggregated, anonymous visit statistics); it has no forms that collect personal data and sets no advertising cookies (see Section 9).
4.4 Data we actually hold (and it’s minimal)
The only personal data SoloDock itself may hold is what you voluntarily send us, such as:
the email address and message content when you contact support, exercise a privacy right, or report a problem;
any information you provide in a Site form (e.g. a newsletter or waitlist sign-up), if the Site has one.
We do not build profiles, we do not enrich this data, and we do not use it for advertising.
5. App permissions (and how to control them)
The App may ask for the following iOS permissions. Each is optional, used only for the stated purpose, and revocable any time in iOS Settings ▸ SoloDock (or Settings ▸ Notifications):
Camera — only to take proof-of-work photos for a job, at your request. Photos stay on your device.
Photo Library — only to attach existing photos to a job, at your request.
Notifications — to show local reminders (overdue invoices, quote expiry, an optional weekly summary, recurring-invoice drafts). These are generated on your device; there is no push server and we send you nothing.
Local network / internet — used only for the daily exchange-rate lookup (Section 4.3) and Apple’s own subscription/iCloud functions.
The App does not request location, contacts, microphone, health, or tracking permissions, and presents no App Tracking Transparency prompt because it performs no tracking.
6. Cookies, advertising identifiers and tracking
In the App: none. We use no cookies, no IDFA/advertising identifier, no SDKs for analytics, attribution, or advertising, and we do not track you across apps or websites. Global Privacy Control / “Do Not Track” signals are therefore moot in the App — there is nothing to opt out of.
On the Site: the Site is hosted on Framer and uses Framer’s built-in analytics, which is cookieless and privacy-friendly — it records only aggregated, anonymous visit statistics (such as page views, referrer, device type, and approximate region) and uses no advertising cookies, cross-site tracking, or profiling. Framer, as our hosting provider, may set a small number of strictly-necessary/functional cookies to deliver and secure the Site (see Framer’s cookie policy at framer.com/legal/cookie-policy). We run no Google Analytics, advertising pixels, or marketing trackers, and the Site has no forms that collect personal data.
7. Why we process data, and our lawful bases
Because we process so little, the mapping is short. Where a law requires a “lawful basis” (e.g. GDPR/UK GDPR Art. 6; India DPDP consent/legitimate-uses):
Running the App on your device — Purpose: to provide the Service you asked for. Lawful basis: performance of a contract with you; your consent in installing and using the App.
Daily exchange-rate lookup — Purpose: to show multi-currency conversions. Lawful basis: legitimate interests in providing a working feature, balanced against negligible privacy impact (no personal data sent).
Responding to your support/rights requests — Purpose: to help you and meet legal obligations. Lawful basis: performance of a contract; legitimate interests; compliance with a legal obligation.
Subscriptions — Purpose: to let you subscribe. Lawful basis: performance of a contract (carried out by Apple as the seller).
Site analytics / newsletter (if any) — Purpose: to operate and improve the Site / send updates you ask for. Lawful basis: consent and/or legitimate interests, as described on the Site.
You may withdraw any consent at any time; this does not affect prior lawful processing.
8. Sharing and disclosure
We do not sell your personal information, and we do not “share” it for cross-context behavioural advertising (as those terms are defined under the CCPA/CPRA and similar laws). We disclose data only:
to the recipients you direct (your payment provider, your email/SMS app) — see Section 4.3;
to Apple, for subscriptions and optional iCloud backup, as described;
to service providers strictly necessary to run the Site or respond to you (e.g. an email host), under confidentiality and data-processing obligations;
where required by law — to comply with a valid legal request, court order, or to protect rights, safety, and security (we will narrow any disclosure to what is legally required and, where lawful, tell you);
in a business transfer — if the Service is sold, merged, or transferred, any limited data we hold may transfer with it, subject to this policy (see Section 18).
We have no advertising partners and run no data brokerage.
Categories disclosed to service providers/contractors in the preceding 12 months (California disclosure). In the last 12 months we have disclosed the following categories of personal information to service providers/contractors for a business purpose, and to no one else: (a) identifiers (e.g. an email address), disclosed to our email/support host, to Apple for subscription and iCloud processing, and — for you only, never your clients — to your own chosen payment provider and messaging apps at your direction; and (b) internet/network activity metadata (e.g. an IP address incidental to any web request), disclosed only to the Frankfurter/European Central Bank exchange-rate endpoint. We have not disclosed any other category, and we have not sold or “shared” (as defined by the CCPA/CPRA) any personal information.
9. The Site
The Site at https://solodock.framer.website is an informational, single-page marketing site hosted on Framer. Analytics: it uses Framer’s built-in analytics, which is privacy-friendly and cookieless — Framer records aggregated, anonymous statistics such as page views, referrers, device type, and approximate (country/region-level) location, with no advertising cookies, no cross-site tracking, and no profiling of individuals; we use this only to understand overall traffic. Cookies: Framer, as hosting provider, may set a limited number of strictly-necessary/functional cookies to serve and secure the Site (details in Framer’s cookie policy at framer.com/legal/cookie-policy); we set no advertising or marketing cookies of our own. Forms: the Site has no contact, newsletter, waitlist, or sign-up form, so it does not collect your name, email, or other personal details. Outbound links: the Site links to our profiles on third-party platforms (e.g. social media); those services are governed by their own policies. Because we use only cookieless analytics and strictly-necessary cookies, a cookie-consent banner is generally not required; if we later add non-essential cookies or analytics, we will update this section and add a consent mechanism where the law requires one.
10. International data transfers
Your business data does not transfer internationally because it stays on your device. The limited data that does cross borders is:
the anonymous exchange-rate request (to the Frankfurter endpoint), which contains no personal or business data;
Apple’s subscription and iCloud processing, governed by Apple’s own safeguards; and
any support email you send us, which will be received in India, where we operate.
Where you are in the EEA, UK, or another region with transfer rules, any transfer of personal data to us in India is made in reliance on appropriate safeguards (such as your explicit request/consent in contacting us, the necessity of the transfer to respond to you, and/or standard contractual clauses where applicable). You may ask us for more detail at architpsuryawanshi@gmail.com.
11. Data retention
On-device data: retained until you delete it in the App, use “Delete all data,” or uninstall the App — at which point it is removed from your device. We cannot retain it because we never had it.
iCloud backup / device backup: retained per your Apple settings and Apple’s policies; you control and can delete it.
Support correspondence: kept only as long as needed to handle your request and to keep a short record for legal/audit purposes (typically up to 24 months), then deleted.
Apple sales reports: aggregated/anonymised figures, retained per Apple and for our accounting/tax obligations.
Site logs / form data (if any): retained for the limited period stated on the Site.
12. Security
Your on-device data is protected by iOS data-protection encryption and your device lock (passcode/Face ID/Touch ID). Keep your device updated and locked.
Because we operate no central database of your records, there is no SoloDock “honeypot” that could be breached to expose your business data.
The App includes resilience measures (for example, recovering rather than crashing if its on-device store is damaged), but no software is perfectly secure. You are responsible for keeping your own backups (the App provides free export and JSON backup), for securing your device, and for your own payment provider and email accounts.
13. Children’s privacy
SoloDock does not impose a minimum age and is intended for anyone running a business. However, the law treats children’s data specially, so:
The App is not directed at children, contains no advertising, tracking, profiling, or behavioural monitoring, and collects no personal data centrally from anyone — including children.
If you are under the age of majority in your country, or a “child” under applicable law (for example, under 18 under India’s DPDP Act 2023; under 16 (or the lower age set by your member state) under the GDPR; under 13 under the U.S. COPPA), you may use the App only with the involvement and consent of a parent or legal guardian, who accepts the Terms on your behalf and is responsible for supervising your use.
Because we collect no personal information from users through the App, COPPA-style “collection from a child” and DPDP children’s-processing obligations are, in practice, not triggered by our own processing. If you believe a child has provided personal data to us directly (e.g. by emailing us), contact architpsuryawanshi@gmail.com and we will delete it.
14. Automated decision-making and profiling
We carry out no automated decision-making that produces legal or similarly significant effects about you, and no profiling. The “set-aside-for-tax” figure and multi-currency conversions are simple on-device calculations and rough guides, not decisions about you (see the Terms for the relevant disclaimers).
15. Your privacy rights
Because almost all of your data lives only on your device, you can exercise most rights yourself, instantly, inside the App — view, edit, correct, export (CSV/PDF), back up (JSON), and delete your records, with no request to us needed. For the limited data we may hold (e.g. support emails), and for the rights specific to your country, the sections below apply. To make a request, contact architpsuryawanshi@gmail.com. We will verify your request appropriately and respond within the timeframe your law requires. Exercising your rights is free and you will never be penalised for it.
15.1 Everyone (baseline rights)
Subject to local law, you may request to access, correct/rectify, delete/erase, restrict or object to our processing of personal data we hold about you, withdraw consent, obtain a portable copy, and complain to a regulator.
15.2 India (Digital Personal Data Protection Act 2023; IT Act 2000 & SPDI Rules 2011)
As a Data Principal you have the right to: access a summary of your personal data and processing; correction, completion, updating and erasure; grievance redressal (contact our Grievance Officer at architpsuryawanshi@gmail.com; we acknowledge within 48 hours and aim to resolve within the statutory period); and to nominate another person to exercise your rights in the event of death or incapacity. You also have duties under the Act, including not filing false or frivolous complaints. You may escalate unresolved complaints to the Data Protection Board of India.
15.3 European Economic Area & United Kingdom (GDPR / UK GDPR)
You have the rights of access, rectification, erasure (“right to be forgotten”), restriction, data portability, objection (including to processing based on legitimate interests), and to not be subject to solely automated decisions. Where processing is based on consent, you may withdraw it at any time. You may lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner’s Office, ico.org.uk; in the EEA, your national authority). We have assessed that we are not required to appoint a Data Protection Officer or an Article 27 EU/UK representative given the minimal, non-large-scale, low-risk processing we perform; if this changes, we will update this policy and publish the contact.
15.4 California (CCPA/CPRA, as amended effective 1 January 2026) and other U.S. states
We do not sell or share personal information and have not done so in the preceding 12 months; we do not use or disclose sensitive personal information for purposes requiring a right to limit, and we do not use automated decision-making technology to make significant decisions about you. Because we do not sell or share personal information, “Do Not Sell or Share My Personal Information” and “Limit the Use of My Sensitive Personal Information” links are not required, but we will honour any Global Privacy Control or opt-out preference signal as a request not to sell/share, consistent with the current regulations (see Section 16). Subject to verification, you may request to know/access, delete, and correct personal information, and to be free from discrimination for exercising these rights. The only categories we might hold are “identifiers” and “customer-records/commercial” information you voluntarily send us (e.g. an email); see Section 8 for the categories disclosed to service providers/contractors in the preceding 12 months. California’s “Shine the Light” law: we do not share personal information with third parties for their direct marketing. This Privacy Policy is accessible from within the App itself (Settings ▸ About & Legal), not only on the Site, consistent with the 2026 regulations for mobile applications. Residents of other U.S. states with comparable laws (e.g. Virginia, Colorado, Connecticut, Texas) may exercise equivalent rights by contacting us.
15.5 Canada (PIPEDA)
You may request access to and correction of personal information we hold and may challenge our handling of it; you may complain to the Office of the Privacy Commissioner of Canada. We obtain consent appropriate to the sensitivity of the (minimal) information involved.
15.6 Australia (Privacy Act 1988 / Australian Privacy Principles)
You may request access and correction, and complain to the Office of the Australian Information Commissioner (OAIC). We handle the limited personal information we hold in line with the APPs.
15.7 Japan (APPI)
You may request disclosure, correction, addition, deletion, and cessation of use of retained personal data, and may contact the Personal Information Protection Commission (PPC). We handle personal information in accordance with the APPI.
15.8 Brazil (LGPD)
As a data subject you have rights to confirmation, access, correction, anonymisation/blocking/deletion, portability, information about sharing, and to withdraw consent, and may petition the ANPD.
15.9 Everywhere else
If your country grants data-protection or consumer-privacy rights not listed above, we will honour them to the extent they apply. Contact us and we will help.
16. Do Not Track and Global Privacy Control
The App performs no tracking, so these signals have nothing to act upon. On the Site, we will honour applicable opt-out preference signals to the extent required by law and to the extent the Site processes any personal information.
17. Data breach
Because your business records never leave your device, a compromise of our limited systems cannot expose them. For any personal data we do hold (e.g. support emails), if a breach occurs that is likely to result in a risk to you, we will notify the appropriate authority and affected individuals without undue delay and within the timeframes your law requires (for example, within 72 hours of awareness to the relevant authority under the GDPR/UK GDPR; promptly to the Data Protection Board of India and affected principals under the DPDP Act; and as required by applicable U.S. state and other laws). A loss affecting only your on-device data (e.g. a lost or wiped phone) is outside our control — please keep backups.
18. Business transfers, succession and discontinuation
If the Service is sold, merged, transferred, or wound down, any limited personal data we hold may be transferred to a successor, who must honour commitments at least as protective as this policy. If we discontinue the App, your on-device data remains yours on your device and you can continue to export it. We will give reasonable advance notice of discontinuation where practicable (see the Terms).
19. Third-party services and links
The Service links to or interoperates with third parties we do not control — Apple (App Store, iCloud), the Frankfurter/European Central Bank exchange-rate data, your chosen payment provider, and the email/SMS apps you use to send documents. Their handling of your data is governed by their policies, not ours. We encourage you to review them.
20. Changes to this policy
We may update this policy to reflect changes in the App, our practices, or the law. We will revise the “Last updated” date above and, for material changes, provide a more prominent notice (in the App or on the Site) where appropriate. Continued use after an update means you accept the revised policy, to the extent permitted by law.
21. How to contact us
Privacy, data rights & grievances: architpsuryawanshi@gmail.com
Grievance Officer (India): Archit Suryawanshi, architpsuryawanshi@gmail.com
General support: architpsuryawanshi@gmail.com
Post: Archit Suryawanshi, 6/16, Pratiknagar, Sector 2, Off. Alandi Road, Yerawada, Pune - 411006, India
We will acknowledge rights/grievance requests promptly (and within 48 hours where Indian law applies) and resolve them within the period your law requires.