Skip to content
Solvgent Back to home
On this page

Privacy Policy

Last updated · May 15, 2026

Solvgent is built for agencies, brands, and creators who take their customers' data as seriously as their own. This policy explains what we collect, what we do with it, and — equally importantly — what we never do. If something here is unclear, write us at hello@solvgent.com and a real person will answer.

1. Information We Collect

We collect only what we need to run the service, learn your brand voice, and bill you correctly. Specifically:

  • Account information. Your name, email address, and a hashed password (we never store the plaintext). If you sign in through a passkey or OAuth provider, we store the provider's opaque user identifier and your verified email.
  • Brand assets you upload. Logos, voice samples, content corpora, do/don't rules, swipe files, and any reference media you provide so the agent can learn your brand. This is your material; we treat it as confidential to your organization.
  • Usage data. Page views, feature usage, button clicks, and basic device metadata (browser, OS, viewport size). We use this to debug, prioritize what to build, and detect abuse. We collect it through Vercel Analytics and Sentry — never through third-party ad pixels.
  • AI generation logs. The prompts you submit, the drafts the agent returns, and the corrections you apply. These are what teach your brand brain. They are scoped to your organization and never used to train shared models that other customers benefit from.
  • Billing data. Stripe handles every card and bank number. We store only the Stripe customer ID, subscription ID, and high-level billing state (active, past_due, canceled) needed to gate access to paid features. We never see your card.
  • Platform credentials you connect. If you let Solvgent publish on your behalf, we store encrypted refresh tokens for the social platforms you authorize. They are encrypted at rest with AES-256-GCM and only decrypted in-process at publish time.

2. How We Use Your Information

We use your information for the following purposes — and no others:

  • Operating the service. Authenticating you, scoping data to your organization, rendering your dashboards, and serving your saved drafts.
  • Generating content. The agent sends prompts (your system prompt + brand context + the user's instruction) to configured model providers — primarily Anthropic and OpenAI — and returns the drafts. Provider calls are logged for cost accounting and quality audits.
  • Learning your brand voice. When you correct a draft, the correction becomes a lesson in your brand brain — a per-organization vector that future generations consult. Your brand brain stays inside your organization. It is never shared, pooled, or sold.
  • Billing. We send subscription state changes to Stripe and read invoice events back to keep your account in sync.
  • Security and abuse detection. Rate-limit enforcement, suspicious-login flagging, and review of unusual generation patterns (e.g., attempts to produce content that violates our acceptable use policy).
  • Operational and marketing email. We send a small number of operational emails (welcome, password reset, billing receipts, security alerts, scheduled-maintenance notices). You can unsubscribe from marketing email any time; you cannot unsubscribe from operational email while your account is active.

3. Sharing & Subprocessors

Solvgent uses a tight, named list of subprocessors. Every vendor on the list has a signed data-processing agreement with us and a documented security posture. The current list:

  • Neon — managed Postgres hosting. Your row-level data, organization metadata, and brand brain lessons live here.
  • Vercel and Hetzner — compute and hosting for the web app and worker fleet.
  • Stripe — billing, invoicing, and card processing.
  • Anthropic and OpenAI — model providers used to generate drafts. Per their contractual commitments, prompts you submit through Solvgent are not used to train their models.
  • Resend — transactional email delivery.
  • Sentry — error tracking. We redact authorization headers, cookies, Stripe signatures, and password fields before events leave the server.
  • Cloudflare — DNS, edge caching, and tunnel.

Beyond that list: we do not sell your data. We do not share your brand corpus with advertisers. We do not feed your prompts or corrections into shared training pools. If a regulator or court orders disclosure, we will, where lawful, notify you before complying.

4. Where Data Lives

Primary storage is in the United States (US-East), through Neon. Object storage for assets is at Hetzner's EU region. Data is encrypted at rest with AES-256 and in transit with TLS 1.3. Enterprise customers can request EU data residency for all primary storage; contact us for terms.

5. Retention

  • Active accounts. Account data, brand brains, and content history are retained for as long as your subscription is active.
  • Canceled accounts. Thirty days after cancellation, your data is deleted from production systems and queued for deletion from encrypted backups within the next backup cycle (up to ninety days). Brand brains can be exported as JSON before cancellation.
  • Logs. Operational and security logs are retained for ninety days, then deleted.
  • Legal hold. If we receive a valid legal preservation request, the affected records are isolated and retained for the duration of the hold; everything else continues to delete on its normal schedule.

6. Your Rights

Depending on where you live, you have some or all of the following rights under GDPR, the CCPA, and similar regimes:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct information that is inaccurate or incomplete.
  • Erasure — request deletion of your account and associated data.
  • Portability — export your brand brains, content, and history in a machine-readable format.
  • Restriction — limit the ways we use your data while a complaint is being resolved.
  • Objection — object to processing based on our legitimate interests.
  • Withdraw consent — where we rely on consent (for example, marketing email), withdraw it without affecting prior lawful processing.

To exercise any of these rights, email hello@solvgent.com. We respond within thirty days. If you are a California resident, you also have the right not to be discriminated against for exercising these rights.

7. Cookies & Tracking

Solvgent uses two categories of cookies — and no third-party advertising cookies of any kind.

  • Essential cookies. Session, CSRF, and authentication cookies. These are required for the service to function and cannot be disabled while you are signed in.
  • Analytics cookies. First-party Vercel Analytics tags. You can opt out from Settings → Privacy (available once your account is active). We do not use Google Analytics, Meta Pixel, or any cross-site tracking pixel.

8. Children

Solvgent is a B2B tool intended for users eighteen or older. We do not knowingly collect personal information from minors. If you believe a minor has created an account or submitted data through the service, email hello@solvgent.com and we will delete the account and any associated records.

9. Changes to This Policy

We may update this policy as the service evolves. For material changes — anything that meaningfully expands what we collect or how we use it — we will notify affected users by email at least thirty days before the change takes effect. Continued use of Solvgent after the effective date constitutes acceptance of the updated policy.

10. Contact

Solvgent is operated by itligt.

Email: hello@solvgent.com
Mail: itligt, [physical address placeholder]
For data-protection inquiries, use the email above and include “Privacy” in the subject line so it routes to the right queue.