Last updated: October 12, 2025
At Solace, privacy is fundamental to everything we do. We only collect what's necessary to deliver your personalized morning briefing. This policy explains what information we access, how we handle it, and how you maintain complete control.
We access only what's needed to create your morning briefing. Here's what the app uses:
• What: Subject lines, sender names, and email summaries
• Why: To give you a quick snapshot of important emails
• Source: Gmail or your connected email service via secure OAuth
• Stored? No. Information is retrieved on-demand and not retained or shared.
• What: Recent direct messages
• Why: To surface important messages you may have missed
• Source: Slack via OAuth authentication
• Stored? No. Messages are processed temporarily and immediately discarded.
• What: Your scheduled meetings and events for today
• Why: To help you plan and prepare for the day ahead
• Source: Google Calendar via secure API
• Stored? No. Calendar data is only accessed when generating your briefing.
• What: Current location, home and work addresses
• Why: To calculate travel time and provide local weather conditions
• Stored? Location is used only during briefing generation. Addresses are encrypted on your device.
• What: News headlines matching your interests
• Why: To keep you updated on topics that matter to you
• Source: News APIs filtered by your topic preferences
• Stored? No. News content is retrieved fresh each time.
Solace's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
• We only use your Google data to provide features in the Solace app
• We do not use your Gmail or Calendar data for advertising
• We do not sell or share your Google data with third parties
• We do not allow humans to read your data except with your explicit permission for support purposes
While we use AI to generate personalized summaries of your briefing content, we:
• Only use AI for personalization specific to your briefings
• Do not use your Google data to train general AI models
• Do not share your data with AI service providers beyond what's necessary to generate your briefing
• Process your data in compliance with Google's Limited Use requirements
To generate your briefing, we share your data with these services:
• ChatGPT (OpenAI) - Processes calendar and email data to generate summaries
• ElevenLabs - Converts text summaries to audio speech
• Cloudinary - Mixes audio with background music
These services process your data only to provide the briefing feature and do not store your data permanently. We have agreements in place to ensure these services comply with Google's Limited Use requirements.
Solace team members do not access your Google Calendar or Gmail data under normal circumstances. We may access your data only in these limited situations:
• You explicitly request support that requires viewing your data
• Required for security purposes (e.g., investigating abuse)
• Required by law or legal process
In all cases, we will request your explicit permission before accessing your data.
Solace implements multiple layers of security to protect your Gmail and Calendar data:
• All data transmission uses TLS 1.3 encryption
• Communication with Google APIs uses HTTPS with certificate validation
• API requests secured with OAuth 2.0 bearer tokens
• OAuth tokens encrypted using AES-256 before database storage
• Database connections use SSL/TLS encryption
• Infrastructure hosted on Supabase with industry-standard encryption
• OAuth tokens stored with user-specific access controls
• Server-side validation prevents cross-user data access
• JWT authentication required for all API requests
• Team members cannot access your data without explicit permission
• OAuth tokens stored only as long as needed for briefings
• Email and calendar content fetched on-demand, immediately discarded after processing
• You can revoke access anytime through Google Account settings or the app
• Upon account deletion, all OAuth tokens are immediately removed
• We request only minimum necessary scopes: email, profile, read-only Gmail and Calendar
• No write access to your Gmail or Calendar
• Only data necessary for briefings is processed
• AI processing (Wordware) and text-to-speech (ElevenLabs) services process data in memory only
• Third-party services do not permanently store your Google data
• Data processing agreements ensure compliance with Google's Limited Use requirements
• Regular security audits of codebase and infrastructure
• Automated monitoring for unauthorized access attempts
• Immediate notification system for suspicious activity
• Request data deletion anytime by contacting zachderhake@gmail.com
• View what data we access through the app's integrations page
• Revoke access instantly through Google Account settings
• Data deletion completed within 7 days of request
We use PostHog to understand how the app is used and fix issues — not to track your personal behavior.
• App screen views and navigation patterns
• Feature interactions and button taps
• Crash reports and performance metrics
• Device model, OS version, and language preferences
• IP addresses (automatically anonymized)
• Advertising identifiers or tracking pixels
• Activity outside the Solace app
You can read more about PostHog's privacy practices here.
❌ We never track your activity outside of Solace
❌ We never sell or rent your personal information
❌ We never use your emails, messages, or location for advertising
Your data, your choice. Here's what you can do:
• Disconnect Gmail, Slack, or Calendar access anytime from the app settings
• Manage location permissions through your device settings
• Request data deletion by contacting us - we'll respond within 7 days
Need help or want to delete your data? Get in touch:
We typically respond within 24-48 hours.
This app adheres to:
• GDPR (European Union)
• CCPA (California)
• Standard mobile app privacy practices