Privacy Policy

Solara ("Solara", "we", "us", "our") is a UK-based provider of AI powered telephone answering and business communication services. For the purposes of UK data protection law, Solara is the data controller in respect of the personal data of our customers and website visitors. Where we process personal data on behalf of our customers (e.g., the personal data of their callers), we act as a data processor. If you have any questions about this Privacy Policy or our data practices, please contact us at: Email: [email protected] Website: www.solora.co.uk

We collect and process the following categories of personal data: Customer account data: • Name, email address, telephone number, and business name • Billing address and payment information (processed securely via our payment provider; we do not store full card details) • Account login credentials Service usage data: • Call recordings and transcripts generated through our Services • Appointment and calendar data where calendar integration is enabled • SMS messages sent or received through our Services • Call metadata (date, time, duration, caller number) Website visitor data: • IP address and browser information • Pages visited and time spent on our website • Cookies and similar tracking technologies (see our Cookie Policy below) Communications data: • Emails and messages you send to us • Support requests and enquiries

We use your personal data for the following purposes: Providing the Services (Contractual necessity): • Setting up and managing your Solara account • Answering calls and processing appointments on your behalf • Delivering call transcripts, recordings, and summaries to you • Processing payments and managing your subscription Improving our Services (Legitimate interests): • Analysing usage patterns to improve the quality and reliability of our Services • Training and improving our AI models (using anonymised or aggregated data only) • Detecting and preventing fraud, abuse, or security incidents Legal compliance: • Complying with applicable laws and regulations • Responding to lawful requests from regulatory authorities Marketing (Consent or Legitimate interests): • Sending you information about new features, updates, or offers (you may opt out at any time) • Contacting you about your account or subscription

We process your personal data on the following lawful bases under UK GDPR: • Contract: Processing necessary to perform our contract with you (e.g., providing the Services, processing payments) • Legitimate interests: Processing necessary for our legitimate business interests, where these are not overridden by your rights (e.g., improving our Services, fraud prevention) • Legal obligation: Processing necessary to comply with a legal obligation • Consent: Where you have given us your explicit consent (e.g., for marketing communications) You have the right to withdraw consent at any time where we rely on consent as our lawful basis. This will not affect the lawfulness of processing carried out before withdrawal.

Our Services involve the recording and transcription of telephone calls. This means that personal data of your callers (including their voice, telephone number, and the content of their call) will be processed by Solara on your behalf. As the business subscribing to our Services, you are the data controller in respect of your callers' personal data. You are responsible for: • Ensuring you have a lawful basis for recording and processing callers' calls • Informing callers that their calls may be recorded and processed by an AI system • Complying with all applicable laws regarding call recording, including the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 We recommend that you include a call recording notice in your standard telephone greeting, such as: "Calls to this number may be recorded for quality and training purposes." Call recordings and transcripts are stored securely and retained for a period of 90 days by default, after which they are automatically deleted. You may request earlier deletion at any time.

We do not sell your personal data to third parties. We may share your personal data with: Service providers: We use trusted third-party providers to help us deliver our Services, including cloud infrastructure providers, payment processors, and communication platform providers. All such providers are subject to appropriate data processing agreements. Calendar and CRM integrations: Where you have enabled integrations with third-party services (e.g., Google Calendar, HubSpot), data will be shared with those services in accordance with their own privacy policies. Legal requirements: We may disclose personal data where required to do so by law, or in response to a valid request from a law enforcement or regulatory authority. Business transfers: In the event of a merger, acquisition, or sale of all or part of our business, personal data may be transferred to the acquiring entity, subject to appropriate safeguards.

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, and in accordance with our legal obligations. • Customer account data: Retained for the duration of your subscription and for 7 years thereafter for accounting and legal compliance purposes • Call recordings and transcripts: Retained for 90 days by default, then automatically deleted • Payment records: Retained for 7 years in accordance with HMRC requirements • Marketing data: Retained until you opt out or withdraw consent You may request deletion of your personal data at any time, subject to our legal obligations to retain certain records.

Under UK GDPR, you have the following rights in respect of your personal data: • Right of access: You have the right to request a copy of the personal data we hold about you • Right to rectification: You have the right to request correction of inaccurate or incomplete personal data • Right to erasure: You have the right to request deletion of your personal data in certain circumstances • Right to restriction: You have the right to request that we restrict processing of your personal data in certain circumstances • Right to data portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format • Right to object: You have the right to object to processing based on legitimate interests or for direct marketing purposes • Rights related to automated decision-making: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. We may need to verify your identity before processing your request. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk.

Our website uses cookies and similar technologies to improve your browsing experience and to analyse how our website is used. We use the following types of cookies: • Strictly necessary cookies: Required for the website to function properly. These cannot be disabled. • Analytics cookies: Help us understand how visitors interact with our website. We use anonymised analytics data only. • Preference cookies: Remember your settings and preferences. You can control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include: • Encryption of data in transit and at rest • Access controls and authentication requirements • Regular security assessments and penetration testing • Staff training on data protection and security In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach, and will notify you without undue delay where required.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. The date of the most recent update is shown at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us at: Solara Email: [email protected] Website: www.solora.co.uk You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): Website: www.ico.org.uk Telephone: 0303 123 1113 This Privacy Policy was last updated in April 2026.