Privacy Policy

This Privacy Policy explains how Solomon Venture — Ross John Castillo (sole trader, Malta) (“Solomon Venture”, “we”, “us”) collects and uses personal data when you use our business-diagnostic platform. We are the data controller. For any privacy question or to exercise your rights, contact us at privacy@solomonventure.com.

What data we collect

• Account data — your name, email address, business name and role.
• Business information you submit — the answers you provide about your business so we can produce your diagnosis. Please do not submit special-category data, or personal data about other people, unless you have a lawful basis to do so.
• Technical data — basic security and audit information (e.g. the time and IP address recorded when you accept our terms).

Why we use it, and our lawful basis

• Creating and securing your account, and producing your diagnosis — necessary to perform our contract with you (GDPR Art. 6(1)(b)).
• Security, fraud prevention and improving the service — our legitimate interests in running a safe, reliable service (Art. 6(1)(f)).
• Optional product updates / marketing — only with your consent (Art. 6(1)(a)), which you can withdraw at any time.

How your diagnosis is generated (AI)

Your diagnosis is generated with the help of artificial intelligence. The report is advisory and is intended to be reviewed and used by you and our team — it is not a solely-automated decision producing legal or similarly significant effects about you. The output may contain errors and should not be relied on as professional advice (see our Disclaimer).

Who we share data with (sub-processors)

We do not sell your data, and we do not share it with third parties for their own purposes or for advertising. We use a small number of trusted service providers (sub-processors) strictly to operate the service on our behalf. They act only on our documented instructions under data-processing agreements (GDPR Art. 28) and may not use your data for their own purposes:

• Supabase — Database & authentication hosting (EU region).
• Vercel — Application hosting & content delivery (EU / US).
• Google (Gemini API) — AI processing of submitted business information (paid tier — no training on your data) (EU / US).
• OpenAI (API) — AI processing — alternative provider (no training on API data by default) (US).
• Resend — Transactional email delivery (EU / US).

International transfers

Some sub-processors (for example our AI and email providers) may process data outside the EU, including in the United States. Where they do, the transfer is protected by appropriate safeguards — the provider’s certification under the EU-US Data Privacy Framework and/or Standard Contractual Clauses approved by the European Commission.

How long we keep it

We keep your account and business data for as long as your account is active, and for a limited period afterwards as needed for legal, security and audit purposes. Consent and acceptance records are kept as evidence of compliance. You can ask us to delete your account and associated data at any time (see your rights below).

Your rights

Under the GDPR you have the right to access, rectify, erase, restrict and port your personal data, and to object to certain processing. Where we rely on consent, you can withdraw it at any time. To exercise any of these rights, email privacy@solomonventure.com. We will respond within one month.

Complaints

If you have a concern we have not resolved, you have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner (IDPC), Malta (https://idpc.org.mt). If you are based elsewhere in the EU, you may also complain to your local supervisory authority.

Cookies

We use only a strictly-necessary session cookie to keep you signed in. We do not use advertising or analytics trackers. See our Cookie Notice.

Changes

We may update this policy. When we make a material change we will update the version and date above and, where appropriate, ask you to review the updated policy on your next sign-in.