Sola The Sola Marketplace

Privacy Policy

Last Updated: October 18, 2025

1. Introduction

Sola ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Date of birth (for age verification - you must be 18+)
  • Profile photo (if using Google OAuth)
  • Shop name (for creators)
  • Password (encrypted) if using email/password authentication
  • Terms of Service acceptance timestamp

2.2 Payment Information

Payment processing is handled by Stripe. We do not store your credit card information on our servers. We only store Stripe payment method identifiers (e.g., pm_xxxxx) to facilitate recurring charges for advertising costs. No actual payment card data is ever stored in our database. Stripe collects and processes payment data according to their privacy policy. For creators, we collect tax identification numbers (SSN/EIN) for IRS reporting purposes through Stripe's secure verification system.

2.3 Tax Reporting Information

For creators who meet the IRS reporting threshold in a calendar year (currently $5,000 for 2024, $2,500 for 2025), we are legally required to file Form 1099-K with the IRS. These thresholds are set by the IRS and may change annually. Some states have lower thresholds. Stripe handles these requirements automatically based on current IRS and state regulations. By default, tax forms are delivered electronically through your Stripe Express Dashboard. By creating a creator account and connecting your Stripe account, you automatically consent to receiving tax forms electronically. You may change your delivery preferences (electronic, paper mail, or both) at any time through your Stripe account settings. Requesting paper mail delivery may incur additional fees charged by Stripe.

Note: The 1099-K form reports only your gross payment volume. As a self-employed creator, you may have additional tax filing requirements (such as Schedule C for business profit/loss, Schedule SE for self-employment tax, and Form 1040-ES for quarterly estimated taxes). Sola does not provide these additional forms. For educational information about your tax obligations, visit our Tax Resources page. We recommend consulting a qualified tax professional for advice specific to your situation.

2.4 Product & Transaction Data

We collect information about your activities on the platform, including:

  • Products you browse, purchase, or upload
  • Shopping cart contents
  • Order history and download activity
  • Product reviews and ratings
  • Creator follows and email opt-ins
  • Sola Reserve download statistics and earnings data
  • Advertising campaign performance and billing events

2.5 Technical Data

We automatically collect certain information when you use our platform:

  • IP address and browser type
  • Device information and operating system
  • Usage data (pages visited, time spent, clicks)
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use your information to:

  • Provide and improve our marketplace services
  • Process transactions and send order confirmations
  • Enable communication between buyers and creators
  • Send account-related notifications and updates
  • Process monthly billing for advertising costs and notify creators of payment issues
  • Track and display Sola Reserve earnings and download statistics to creators
  • Create audit trails for billing events and financial transactions
  • Detect and prevent fraud and abuse
  • Comply with legal obligations (tax reporting, etc.)
  • Analyze platform usage to improve user experience
  • Send marketing emails (only with your consent)

4. Email Communications

4.1 Transactional Emails

We send transactional emails related to your account, orders, and platform activity. You cannot unsubscribe from these essential communications. These include:

  • Order confirmations and download links
  • Account security notifications
  • Shop suspension alerts due to unpaid advertising costs
  • Payment method issues and billing notifications
  • Sola Reserve payout notifications

4.2 Marketing Emails

If you opt in to receive marketing emails from creators, you'll receive promotional campaigns. Each email includes an unsubscribe link. You can also manage your email preferences in your account settings.

5. Information Sharing

5.1 With Creators

When you purchase a product or opt in to a creator's email list, we share your email address and name with that creator. Creators may send you promotional emails if you've opted in.

5.2 With Service Providers

We share information with trusted third-party service providers:

  • Stripe - Payment processing and tax calculations
  • Neon - Database hosting
  • Resend - Email delivery
  • Rollbar - Error monitoring

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights and safety.

6. Cookies & Tracking

We use cookies and similar technologies to:

  • Keep you logged in between sessions
  • Remember your shopping cart contents
  • Analyze site traffic and usage patterns
  • Provide security features (CSRF protection)

You can control cookies through your browser settings, but disabling them may affect platform functionality.

7. Data Security

We implement industry-standard security measures to protect your data:

  • HTTPS encryption for all data transmission
  • Encrypted password storage using bcrypt
  • Field-level PII encryption: Sensitive personal information (email addresses, names, dates of birth) is encrypted at rest using AES-256-GCM encryption with unique encryption keys
  • Secure session management with session fixation prevention
  • Payment processing through PCI-compliant Stripe (we never store payment card information)
  • CSRF protection on all state-changing operations
  • Rate limiting on authentication and API endpoints
  • Regular security audits and monitoring

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

8. Your Rights

8.1 Access & Correction

You can access and update your account information through your account settings at any time.

8.2 Data Export

You can request a copy of your personal data through the "Export Data" feature in your account settings.

8.3 Account Deletion

You can delete your account at any time through your account settings. When you delete your account:

  • All personal information (name, email, profile data) is permanently deleted
  • Your products, reviews, and social activity are removed
  • Transaction records are anonymized (your personal information is replaced with a random identifier) but retained for 10 years to comply with tax and financial regulations
  • Anonymized transaction records contain only order dates, amounts, product IDs, and tax information - no data that identifies you personally

8.4 Marketing Opt-Out

You can unsubscribe from marketing emails by clicking the unsubscribe link in any promotional email or managing your preferences in account settings.

9. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Our retention periods are:

  • Active Accounts: We keep your personal data as long as your account remains active
  • Deleted Accounts: Personal information is immediately and permanently deleted
  • Anonymized Transaction Records: Retained for 10 years after the transaction date to comply with:
    • IRS tax record requirements (7 years minimum)
    • International tax authority requirements (varies by jurisdiction)
    • Financial audit and fraud prevention obligations
  • What's in Anonymized Records: Order date, product ID, price, tax amount, country code - but NO names, emails, or other personal identifiers

After 10 years, anonymized transaction records are automatically purged from our systems.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

11. Children's Privacy

Our platform is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page and updating the "Last Updated" date.

13. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please visit our Contact page.

14. GDPR Compliance (EU Users)

If you are located in the European Union, you have additional rights under GDPR:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

To exercise these rights, please contact us through the Contact page.

15. CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect
  • Right to delete your personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your rights