Solas is a mobile accounting app designed specifically for UK freelancers and sole traders. It helps you track expenses, scan receipts, connect bank accounts, and prepare your Self Assessment tax return.

Yes, Solas uses bank-level 256-bit encryption to protect your data. We connect to your bank accounts through FCA-regulated Open Banking providers, and we are fully GDPR compliant.

Can Solas submit my tax return to HMRC?

Solas helps you prepare your Self Assessment tax return and can submit VAT returns directly to HMRC. For Self Assessment, you can export your prepared return to submit through HMRC's portal.

Is Solas available on iPhone?

Yes, Solas is available on the App Store for iPhone. Download the app to get started.

Privacy Policy

1. Introduction

Solas ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

Solas is operated by Solas Services Ltd, a company registered in England and Wales (Company No. 16994762), with registered office at 128 City Road, London, United Kingdom, EC1V 2NX.

We are the data controller responsible for your personal data. We are in the process of registering with the Information Commissioner's Office (ICO). Our registration number will be published here once complete.

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We may collect personal information that you voluntarily provide when using our Service, including:

Name and email address
Business name, entity type, and address
UTR (Unique Taxpayer Reference) number
National Insurance Number (NINO)
VAT registration number (if applicable)
Bank account information (through secure Open Banking)

2.2 Financial Data

To provide our services, we collect and process:

Bank transaction data (accessed via Open Banking with your consent)
Receipt images and extracted data (vendor, amount, date, category), including receipts forwarded by email
Income and expense records
VAT-related information
Invoice and customer records (name, email, address, and tax identifiers of your clients)
Vehicle and mileage records

2.3 Conversation Data

When you use our AI-powered chat assistant, we store:

The text of your messages and the assistant's responses
Queries the assistant makes against your financial data on your behalf

2.4 Automatically Collected Information

When you use our Service, we may automatically collect:

Device information (type, operating system, user agent)
Usage data (features used, interaction patterns)
Log data (access times, IP addresses, crash reports)

3. Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. The legal bases we rely on for each type of processing are:

Account information (name, email): Contract — necessary to provide the Service to you
Financial data (transactions, receipts): Contract — core service functionality to help you manage your finances
Tax data (UTR, NINO, VAT numbers): Contract and Legal obligation — necessary to provide tax services and comply with HMRC requirements
AI processing (receipt analysis, chat assistant): Contract — integral to the automated accounting features of the Service
Device and usage data: Legitimate interests — to maintain security, prevent fraud, and improve our Service
Marketing communications: Consent — we will only send marketing where you have given explicit consent

Where we rely on legitimate interests, we have conducted a balancing test to ensure our interests do not override your rights and freedoms.

4. How We Use Your Information

We use the collected information to:

Provide and maintain our Service
Process and categorise your financial transactions
Generate tax reports and Self Assessment documentation
Submit VAT returns to HMRC on your behalf
Provide AI-powered accounting assistance
Improve and personalise your experience
Communicate with you about updates and support queries
Ensure security and prevent fraud
Comply with legal obligations

5. AI and Automated Processing

Our Service uses artificial intelligence to provide core accounting features. This section explains how AI processes your data.

5.1 Receipt Scanning and Categorisation

When you upload or email a receipt, the image is sent to a third-party AI provider for optical character recognition (OCR). The AI extracts structured data such as the merchant name, amounts, tax, line items, and payment method. The image and extracted data are then used to categorise the expense and determine the applicable VAT rate.

5.2 Chat Assistant

Our AI chat assistant can answer questions about your finances and UK tax. To do so, it may:

Query your financial data (transactions, receipts, invoices, tax records) using read-only access scoped to your account
Search our UK tax knowledge base of official guidance and legislation
Search the web for current tax information

Your name, business name, entity type, and current tax year are provided as context to the AI to personalise responses. Chat conversations are stored on our servers (see Section 9 — Retention).

5.3 Human Oversight

AI-powered features assist with categorisation and suggestions, but significant financial decisions — such as submitting tax returns — remain under your control. No automated decision produces legal or similarly significant effects without your review and confirmation.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

HMRC: When you authorise us to submit VAT returns, income tax updates, or other tax documentation
Open Banking providers: To securely access your bank transaction data via FCA-regulated services
AI processing providers: Receipt images, chat messages, and related context are sent to a third-party AI provider for OCR, categorisation, and conversational assistance. All processing occurs within the UK and European Economic Area
Cloud infrastructure providers: We use third-party providers for database hosting, authentication, file storage, and email delivery. All infrastructure is located within the UK and European Economic Area
Legal requirements: When required by law or to protect our rights

All third-party processors are bound by data processing agreements and are required to process your data only on our instructions and in accordance with UK GDPR. You may request the categories of processors we use by contacting us.

7. International Data Transfers

All personal data is stored and processed within the United Kingdom and European Economic Area (EEA). We have selected infrastructure and service providers that operate exclusively within UK and EU regions.

Data transfers between the UK and EU are permitted under the UK GDPR adequacy framework. We do not transfer personal data outside of the UK and EEA.

8. Data Security

We implement robust security measures to protect your data:

256-bit encryption for data in transit and at rest
Secure authentication and access controls
Row-level security ensuring users can only access their own data
Open Banking connections through FCA-regulated providers

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected. Specific retention periods are:

Active account data: Duration of your account plus 90 days after deletion request, during which you may restore your account
Financial and tax records: 6 years after the end of the relevant tax year (as required by HMRC)
Chat conversations: Duration of your account plus 90 days after deletion request
Marketing preferences: Until you withdraw consent
Device and usage data: 12 months from collection

When you request account deletion, your data is made inaccessible immediately and permanently deleted after the 90-day grace period. We may retain data longer where required by law, to resolve disputes, or to enforce our agreements. When data is no longer needed, it is securely deleted or anonymised.

10. Your Rights (UK GDPR)

Under UK GDPR, you have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your data (subject to legal retention requirements)
Portability: Receive your data in a portable format
Restriction: Limit how we process your data
Objection: Object to certain processing activities
Withdraw consent: Revoke previously given consent
Automated decision-making: Not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. See Section 5.3 for details on how our AI features operate.

To exercise these rights, please contact us at support@solas.services. We will respond to your request within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated. Visit www.ico.org.uk or contact the ICO at 0303 123 1113.

11. Cookies and Tracking

Our mobile app does not use cookies. Our website uses only essential cookies that are strictly necessary for the website to function. In accordance with the Privacy and Electronic Communications Regulations (PECR), these essential cookies do not require consent.

Cookies We Use

Session cookies: Temporary cookies that enable core site functionality and are deleted when you close your browser
Security cookies: Help protect against cross-site request forgery and maintain secure sessions

We do not use third-party advertising, analytics, or tracking cookies. We do not track you across other websites.

12. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: support@solas.services
Address: Solas Services Ltd, 128 City Road, London, EC1V 2NX