Privacy Policy
Last updated May 2026
Organization Data Ownership
AI SoloHR stores HR workflow data exclusively for the organization that owns the active workspace. This may include employee names, business contact details, detailed case timeline notes, PDF documents, AI draft briefs, audit history logs, and secure integration metadata. Customers maintain full responsibility for uploading only information they are authorized to process under local and state laws.
Authorized Data Processors
Depending on which features are active, our secure application utilizes industry-standard subprocessors to deliver isolated storage, robust security, and automated transaction services. Each subprocessor is selected for its commitment to enterpris-grade compliance.
- Clerk — Secure user authentication and session management
- Neon — Fully isolated Postgres cloud database
- Cloudflare R2 — S3-compatible private document cloud with signed short-lived URLs
- Stripe — Safe subscription and payment processing
- Brevo — Secure transactional and administrative emails
- Google Vertex AI — High-security AI translation and human-reviewed draft generation
Google User Data & Calendar Integration
AI SoloHR's integration with Google Calendar accesses, uses, stores, and shares Google user data in strict accordance with the Google API Services User Data Policy, including its Limited Use requirements.
- Data Accessed: When you authorize Google Calendar integration, our application requests access to read, write, and modify your Google Calendar events. We only retrieve and interact with the event metadata specifically created for coordinating your HR case tasks.
- Data Usage: The accessed Google data is used exclusively to sync your AI SoloHR task deadlines, FMLA follow-ups, and ADA interactive process schedules directly to your organization's Google Calendar. This helps prevent missed statutory compliance timelines. We do not use this data for any other purposes, such as profiling, advertising, or marketing.
- Data Sharing: We do not share Google user data with third-party advertising networks, data brokers, or AI model training platforms. Data is only processed internally to maintain the synchronization between your workspace and your Google Calendar.
- Data Storage & Protection: Google OAuth tokens (access tokens and refresh tokens) are securely encrypted at rest in our Neon PostgreSQL database. Transmission is secured via Transport Layer Security (TLS) and Clerk-managed session guardrails.
- Data Retention & Deletion: Google authorization tokens and sync metadata are retained only as long as the integration remains active. If you disable the Google Calendar integration in settings or request account deletion, all Google OAuth tokens and associated sync data will be immediately and permanently purged from our database. You can also request data deletion by contacting our privacy team.
Your Rights & Access Requests
Under various U.S. state data-privacy laws (including CCPA / CPRA), employees and administrators have the right to request access, correction, export, deletion, or opt-out assistance regarding any information stored in our cloud database. For official requests, administrators should navigate to our dedicated Data Request interface.
Policy Updates & Contact Information
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the 'Last updated' date. If you have questions about this policy or our data protection practices, please contact our administrative support team.