Privacy Policy

Last updated: June 6, 2026

We respect your privacy. This Privacy Policy applies to the SoloMap extension, the official website (solomap.app), and related services operated by SZLK LTD (registered in London, UK, under Company No. 16843016). Please read the terms below carefully:

1. Core Local-First Data Architecture

SoloMap is built around a local-first principles. Your data is your own:

• Your project roadmap, step state, AI agent execution logs (Journal), intents, and judgments are stored entirely inside the .solopreneur folder within your local project workspace.
• We do not operate a centralized cloud database to store or sync your roadmaps. We never scan, collect, or transmit your proprietary source code, folder structures, or technical documentation.
• You retain full ownership and control of your workspace data. You can delete it entirely at any time by deleting the local folder or uninstalling the extension.

2. Information We Collect and Processing Purposes

We collect only the narrowest set of data necessary to provide and secure our services under legal bases:

• Account & Entitlement Management: When upgrading to SoloMap Pro, we verify your subscription via OIDC using SZLK Passport. We only retrieve your unique user ID and email to associate and validate your entitlement. We never access or store your primary passwords.
• Payment and Billing Information: All payment transactions are securely handled by Stripe under PCI-DSS compliance standards. We do not access, process, or store your credit card numbers, billing addresses, or financial credentials.
• Diagnostic Data: Diagnostic information or usage logs are only transmitted if you explicitly choose to click "Send Feedback" to submit a GitHub issue.

3. Data Security and Retention

• Transit Encryption: All traffic to and from our website uses standard TLS protocols to secure your connection.
• Retention Period: Local workspace data resides indefinitely on your hard drive until you erase it. We only persist account metadata (email and user ID) on our licensing servers to facilitate subscription status checks until you request account deletion.
• Third-Party Processors: Our core web operations run on Cloudflare Workers and Stripe, which adhere to strict global security frameworks and privacy laws.

4. GDPR, CCPA and Global Rights Compliance

We honor your data rights under major global frameworks, including GDPR, CCPA, and PIPL:

• Right to Access & Portability: You may ask for a copy of the license entitlements and records tied to your account in a structured, machine-readable format.
• Right of Erasure: You have the right to request the permanent deletion of your SZLK Passport account and linked subscription records.
• Right to Rectify: You can update your payment email or details directly in the Stripe Billing Portal or by contacting support.

5. Cookies and Web Technologies

We do not use any tracking or advertising cookies. The only cookies we store are valid up to 1 year:

• lang_pref: To remember your localized language preference (English/Chinese) and ensure seamless redirection.
• SZLK Passport session parameters: Temporary cookies required for OIDC authentication.

6. Updates and Contact

We may update this Privacy Policy to reflect changes in our software or legal requirements. For inquiries or data right requests, please contact us (SZLK LTD, London, UK) via our GitHub issues page.