BackSoloKit

Privacy Policy

Last Updated: February 25, 2026

1. Introduction

SoloKit ("we," "us," or "our") operates the website located at solokit.store (the "Site"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit our Site, create an account, purchase digital products, subscribe to our newsletter, or otherwise interact with our services (collectively, the "Services").

By accessing or using the Site, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Site. This Privacy Policy should be read together with our Terms of Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account information: When you create an account, we collect your email address and password (hashed and stored securely). If you sign in via Google OAuth, we receive your email address and basic profile information from Google. We do not receive or store your Google password.
  • Payment information: When you make a purchase, payment details (credit/debit card number, billing address, and related information) are collected and processed directly by our payment processor, Stripe, Inc. We do not store, process, or have access to your full credit card number on our servers. We receive only a transaction confirmation, payment intent ID, and the email address associated with the payment.
  • Communications: If you contact us via email, we collect your email address and the content of your message.
  • Newsletter subscription: If you subscribe to our newsletter, we collect your email address. Newsletter subscription is optional and separate from account registration.
  • Guest checkout: If you make a purchase without creating an account, we collect the email address you provide at checkout for order confirmation and download link delivery.

2.2 Information Collected Automatically

  • Usage data: We collect information about how you access and use the Site, including your IP address, browser type and version, operating system, device type, referring URLs, pages viewed, links clicked, and the dates and times of your visits.
  • Analytics data: We use Vercel Web Analytics and Vercel Speed Insights to collect anonymized performance and usage metrics. These tools collect page views, web vitals (loading performance, interactivity, visual stability), and general visitor information. Vercel Analytics is privacy-focused and does not use cookies for tracking.
  • Error tracking: We use Sentry to monitor and diagnose technical errors. When an error occurs, Sentry may collect device information, browser metadata, URL context, and anonymized usage data related to the error. This data is used solely for debugging and improving Site reliability.
  • Cookies and local storage: We use essential cookies to maintain your session, authentication state, and language preferences. We also use browser local storage to persist your shopping cart contents between visits. See Section 10 for full details on cookies and similar technologies.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account
  • Process transactions, deliver digital products via download links, and send purchase confirmation emails
  • Generate and manage secure, time-limited download tokens for your purchases
  • Provide customer support and respond to your inquiries
  • Send transactional emails (order confirmations, download links, password resets, and account notifications)
  • Send marketing communications and newsletters (only if you have explicitly opted in; you may unsubscribe at any time)
  • Monitor, diagnose, and fix technical issues, errors, and security vulnerabilities
  • Detect, prevent, and address fraud, abuse, or other illegal activity, including fraudulent chargebacks
  • Validate and enforce discount code usage limits (including per-customer single-use enforcement)
  • Analyze usage patterns and performance metrics to improve the Site, our Products, and the overall user experience
  • Comply with legal obligations, including tax and accounting requirements

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases as required by the General Data Protection Regulation (GDPR):

  • Performance of a contract: Processing necessary to fulfill your purchases, deliver digital products, manage your account, and provide the Services you have requested.
  • Legitimate interests: Processing for fraud prevention, security, error monitoring, analytics, and improving our Services, where these interests are not overridden by your data protection rights.
  • Consent: Processing based on your explicit consent, such as subscribing to our newsletter or opting into marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Legal obligation: Processing necessary to comply with applicable laws and regulations, including tax reporting and fraud prevention requirements.

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information only with the following categories of service providers, and only to the extent necessary to operate and improve our Services:

  • Stripe, Inc.: Payment processing and fraud detection. Stripe processes your payment information directly and is certified PCI DSS Level 1 compliant. Stripe's privacy policy: stripe.com/privacy.
  • Supabase, Inc.: Database hosting, authentication, and file storage. Your account data, order history, and purchase records are stored in Supabase-hosted PostgreSQL databases with row-level security enabled. Supabase's privacy policy: supabase.com/privacy.
  • Resend: Transactional and marketing email delivery. Your email address and order information are shared with Resend to send purchase confirmations, download links, and newsletter emails.
  • Sentry: Error monitoring and diagnostics. Sentry receives anonymized error data, device metadata, and browser information when technical errors occur.
  • Vercel, Inc.: Website hosting, content delivery, analytics, and performance monitoring. Vercel hosts the Site and processes requests through its global CDN. Vercel Web Analytics and Speed Insights collect anonymized performance data.
  • Legal compliance: We may disclose your information if required to do so by law, subpoena, court order, or governmental request, or in the good-faith belief that such action is necessary to comply with legal process, protect our rights or property, investigate fraud, protect the safety of our users or the public, or defend against legal claims.
  • Business transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will notify you via email or a prominent notice on the Site before your information becomes subject to a different privacy policy.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Services. We also retain information as necessary to:

  • Comply with our legal obligations (e.g., tax and accounting records, which may be retained for up to 7 years)
  • Resolve disputes and enforce our agreements
  • Prevent fraud and abuse (e.g., maintaining records of accounts terminated for violations)
  • Maintain order history and download token records for customer support purposes

If you request deletion of your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or necessary for the legitimate purposes described above. Order records may be retained in anonymized form for accounting purposes.

7. Data Security

We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of all data in transit using TLS/SSL (HTTPS)
  • Row-level security (RLS) policies on all database tables, ensuring users can only access their own data
  • Secure, cryptographically generated, time-limited download tokens for digital product delivery (72-hour expiration, 5 download maximum)
  • No storage of full payment card details on our servers — all payment processing is handled entirely by Stripe
  • Secure password hashing via Supabase Auth (bcrypt)
  • Role-based access control for administrative functions
  • Rate limiting on API endpoints to prevent abuse
  • Stripe webhook signature verification to prevent unauthorized webhook events

However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials.

8. Your Rights (GDPR / EEA / UK)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights regarding your personal information under the GDPR:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal retention requirements.
  • Right to restriction: Request that we restrict processing of your data in certain circumstances.
  • Right to data portability: Request a copy of your personal data in a structured, commonly used, machine-readable format.
  • Right to object: Object to processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, please contact us at contact@solokit.store. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

9. Your Rights (CCPA / California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to delete: You have the right to request deletion of your personal information, subject to certain exceptions (e.g., completing a transaction, legal compliance, security).
  • Right to correct: You have the right to request correction of inaccurate personal information.
  • Right to opt out of sale/sharing: We do not sell or share your personal information for cross-context behavioral advertising. Therefore, there is no need to opt out.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your rights, contact us at contact@solokit.store. We will verify your identity and respond within 45 days.

Categories of personal information collected in the last 12 months:

  • Identifiers (email address, IP address, account credentials)
  • Commercial information (purchase history, products purchased, transaction amounts)
  • Internet or electronic network activity (browsing history on the Site, pages viewed, interactions with the Site)

10. Cookies and Similar Technologies

We use the following categories of cookies and similar browser storage technologies:

10.1 Strictly Necessary Cookies

Required for the Site to function properly. These cannot be disabled.

  • Authentication cookies (Supabase): Maintain your login session and authentication state.
  • Language preference cookie (NEXT_LOCALE): Stores your selected language preference (English or Spanish) so the Site displays in your preferred language on subsequent visits.

10.2 Functional Storage (Local Storage)

  • Shopping cart (localStorage): Your cart contents are stored in your browser's local storage so that items persist between page visits and browser sessions. This data never leaves your browser unless you proceed to checkout.
  • Admin preferences (localStorage): For administrative users, UI preferences such as sandbox mode toggle state are stored locally.

10.3 Analytics

  • Vercel Web Analytics: Collects anonymized page view data and visitor metrics. Vercel Analytics is privacy-focused and does not use cookies for visitor tracking or identification.
  • Vercel Speed Insights: Collects anonymized web performance metrics (Core Web Vitals) to help us optimize Site loading speed and responsiveness. Does not use cookies.

We do not use advertising cookies, third-party tracking cookies, or cross-site tracking technologies.

11. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no uniform standard for interpreting DNT signals, the Site does not currently respond to DNT signals. However, we do not engage in cross-site tracking of our users, and our analytics tools (Vercel Analytics, Vercel Speed Insights) are privacy-focused and do not track individual users across websites.

12. International Data Transfers

Our service providers may process your data in countries other than your own, including the United States. Where personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Service providers that participate in recognized data protection frameworks
  • Contractual commitments that provide equivalent data protection

13. Children's Privacy

The Site and Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take prompt steps to delete that information. If you believe we have collected information from a child under 16, please contact us immediately at contact@solokit.store.

14. Third-Party Links

The Site may contain links to third-party websites or services (e.g., Stripe checkout, Google OAuth). We are not responsible for the privacy practices, content, or security of these third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies only to information collected through our Site and Services.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. If we make material changes, we will notify you by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email.

Your continued use of the Site after any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically to stay informed about how we protect your information.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, your personal data, or our data practices, please contact us at:

SoloKit
Email: contact@solokit.store

We will make every effort to respond to your inquiry within 30 days.