Sola ("we", "us", "our") is a health journaling and wellness tracking platform designed to help individuals understand their health patterns and communicate more effectively with healthcare professionals. Sola is operated from the United Kingdom.

For the purposes of UK GDPR, we are the data controller responsible for your personal data.

We collect and process the following categories of personal data:

Special category data: Health data (journal entries, conditions, symptoms) is classified as special category data under UK GDPR. We process this data based on your explicit consent, which you provide when you create your health profile and submit journal entries.

We use your personal data for the following purposes:

• Providing the service: Storing your journal entries, computing your Sola Score, and displaying your health dashboard.
• AI pattern analysis: Analysing your journal data to identify health correlations and generate personalised insights. This processing is done securely on our servers.
• Doctor visit summaries: Generating structured reports from your data that you can share with your GP.
• Family sharing: When you create a share link, providing limited health trend data to your chosen family members.
• Service improvement: Anonymised, aggregated usage statistics to improve the product experience.

We never sell your personal data to third parties. We do not use your health data for advertising purposes.

We process your personal data under the following legal bases:

• Consent (Article 6(1)(a) and Article 9(2)(a)): For processing your health data and generating AI insights. You can withdraw consent at any time.
• Contract (Article 6(1)(b)): For providing the core service features you've signed up for.
• Legitimate interests (Article 6(1)(f)): For anonymised analytics and service improvement.

Your data security is our priority:

• All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Database access is restricted to authenticated, authorised requests only.
• AI analysis is performed server-side — your raw journal data is never sent to third-party AI providers in an identifiable form.
• Family share links provide limited, read-only access and can be revoked at any time.
• We conduct regular security reviews and follow OWASP best practices.

We retain your data for as long as your account is active. If you delete your account, all personal data is permanently removed within 30 days.

Under UK GDPR, you have the following rights:

To exercise any of these rights, please contact us at [email protected]. We will respond within one month as required by UK GDPR.

Sola uses essential cookies only — specifically, a session cookie to keep you logged in. We do not use advertising cookies, tracking pixels, or third-party analytics that identify individual users.

Anonymised usage analytics (page views, feature usage) are collected to improve the service. This data cannot be linked back to individual users.

When you create a family share link, the recipient can view limited health trend data only — specifically mood, energy, sleep, and exercise trends. They cannot access:

• Your personal journal notes or reflections
• Detailed symptom descriptions
• Your full health profile or conditions
• AI-generated insights

You can revoke any share link at any time from your Family Sharing settings. Revoked links become immediately inaccessible.

Sola is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

We may update this privacy policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

If you have any questions about this privacy policy or our data practices, please contact us: