Solvent Privacy Policy
Last updated: 26 June 2026 Operator: RHND Innovations GmbH, Dornbacher Str. 5, top 2-3, 1170 Vienna, Austria
This Privacy Policy explains how Solvent processes personal data when you visit our website, create an account, use the Solvent application, or connect optional integrations. It is designed for the EU General Data Protection Regulation (GDPR), including the information duties in Articles 13 and 14.
1. Who We Are
Solvent is operated by RHND Innovations GmbH ("Solvent", "we", "us").
Contact: tamas@rhnd.io VAT ID: ATU79789114 Supervisory authority: Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, Austria
RHND Innovations GmbH is established in the EU, so no Article 27 EU representative is required. A Data Protection Officer need-assessment is kept under review as the service scales. Until a DPO is appointed, privacy requests should be sent to tamas@rhnd.io.
2. Our Roles
Solvent has two different GDPR roles, depending on the data.
| Role | What It Covers | What It Means |
|---|---|---|
| Controller | Your account, login, billing, audit, support and product-security data | We decide why and how this data is processed. |
| Processor | Business data you enter about your own customers, subscribers, suppliers, client companies, invoices, costs and bank transactions | You are the Controller. We process this data on your documented instructions under our Data Processing Agreement. |
For accountants, corporate service providers and practices, your client companies remain your clients. Solvent provides the technical workspace; it does not become the accountant of record, tax filer, payroll provider or statutory representative.
3. Personal Data We Process
| Data Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Account and authentication data | Name, email, password hash, login metadata | Create accounts, authenticate users, keep the service secure | Contract, GDPR Art. 6(1)(b); legitimate interests, Art. 6(1)(f) |
| Workspace and entity data | Company name, addresses, VAT numbers, role assignments, practice/client-entity links | Provide the multi-company finance workspace and access controls | Contract, Art. 6(1)(b) |
| Business finance data | Subscribers, suppliers, invoices, costs, payments, bank transactions, tax calculations, planning data | Deliver invoicing, reconciliation, reporting, planning and advisory finance workflows | Contract, Art. 6(1)(b); as Processor where this includes your customers' personal data |
| Audit and security logs | User ID, organisation/entity ID, action, timestamp, IP/device metadata where available | Security, fraud prevention, tenant isolation, abuse detection, support and incident investigation | Legitimate interests, Art. 6(1)(f) |
| Billing data | Plan, subscription status, invoice reference, billing contact, Stripe customer reference | Manage trials, subscriptions, invoices, payment status and tax records | Contract, Art. 6(1)(b); legal obligation, Art. 6(1)(c) |
| Support and feedback | Messages, diagnostics you submit, feature requests, attachments you choose to provide | Resolve issues, answer requests, improve the product | Contract, Art. 6(1)(b); legitimate interests, Art. 6(1)(f) |
| Product telemetry | Pseudonymous usage events, feature adoption, error and performance data | Keep the service reliable and improve onboarding and product quality | Legitimate interests, Art. 6(1)(f), unless consent is required for a particular tool |
We ask you not to enter special-category personal data into Solvent unless you have a lawful basis to do so and it is necessary for your own records. Solvent is not designed to process health, biometric, genetic, political, religious or similar special-category data.
4. Optional Features
The following processing only happens if you enable the relevant feature.
| Feature | What Happens | Legal Basis / Control |
|---|---|---|
| AI assistant | Relevant prompt context may be sent to Anthropic Claude or another configured AI provider so the assistant can answer questions or draft proposed actions. The assistant is advisory and requires human approval for write actions. | Consent, Art. 6(1)(a), or your own provider contract if you bring your own key. You can disable the feature. |
| Billing via Stripe | Stripe processes payment and subscription data when you subscribe to a paid plan. | Contract, Art. 6(1)(b). |
| Accounting and bank integrations | Xero, QuickBooks Online, Wise, Payoneer or similar providers exchange data you authorise through OAuth or API keys. Tokens are encrypted at rest. | Consent or contract, depending on the integration. You can disconnect integrations. |
| Marketing emails | We send product or commercial updates only where permitted or with consent. | Consent, Art. 6(1)(a), or legitimate interests for limited B2B communications where permitted. |
| Non-essential analytics or tracking | We may use analytics, attribution or monitoring tools only after the required consent mechanism is in place. | Consent where required under ePrivacy rules. |
Exchange-rate lookups through Frankfurter / ECB do not send personal data.
5. AI, Automation and Tax Outputs
Solvent is a finance operations tool. It helps you prepare, reconcile, project and understand your data, but it does not file tax returns and it does not replace your accountant or tax adviser.
The AI assistant and finance engines are advisory. They may produce drafts, classifications, explanations, forecasts, tax-threshold warnings or suggested actions. They do not make solely automated decisions with legal or similarly significant effects under GDPR Article 22. Write actions require meaningful human approval, and filings remain your responsibility.
We maintain privacy and risk assessments for AI features where required, including DPIA review as processing scale, feature scope or risk changes.
6. Recipients and Sub-processors
We use service providers to host and operate Solvent. Core sub-processors are used for all accounts; optional sub-processors are used only when you enable a feature. The current list is maintained in our Sub-processor List.
Core providers include hosting, authentication and database infrastructure. Optional providers include AI, billing, accounting, bank-feed and support integrations.
We require sub-processors to process personal data under appropriate contractual terms. Where we act as your Processor, sub-processor use is governed by the Data Processing Agreement.
7. International Transfers
Some providers may process personal data outside the EEA, including in the United States or the United Kingdom. Where personal data is transferred outside the EEA, we rely on one or more of the following safeguards:
- an adequacy decision, including the EU-US Data Privacy Framework where the
recipient is certified;
- the European Commission's Standard Contractual Clauses;
- supplementary contractual, organisational or technical measures where needed.
You may request more information about the transfer mechanism for a specific provider by contacting tamas@rhnd.io.
8. Retention
We keep personal data only as long as needed for the purpose for which it was processed, unless a longer retention period is required by law.
| Data | Typical Retention |
|---|---|
| Account data | For the life of the account, then deleted or anonymised within a reasonable period after closure. |
| Business finance data | For the life of the workspace or entity, then exported, deleted or anonymised according to the account closure flow and legal-retention limits. |
| Statutory bookkeeping and billing records | Retained for applicable accounting and tax periods. The exact period depends on the record type and governing law. |
| Audit and security logs | Kept for security, integrity, abuse-prevention and dispute purposes, then deleted or anonymised. |
| Support requests | Kept while needed to resolve the request and maintain a support history, then deleted or anonymised. |
| Optional AI and integration data | Retained according to Solvent settings, provider terms and any legal-retention requirement that applies to the underlying business record. |
If you request erasure, we delete data unless we must keep it for legal obligations, legal claims, security, audit integrity or another lawful exception.
9. Your Rights
Under the GDPR, you may have the right to:
- access your personal data;
- correct inaccurate personal data;
- delete personal data;
- restrict processing;
- object to processing based on legitimate interests;
- receive a portable copy of your data;
- withdraw consent where processing is based on consent;
- complain to the Austrian Datenschutzbehörde or another competent supervisory
authority.
You can use the in-app account area to export data and submit erasure requests. You can also contact tamas@rhnd.io. We may need to verify your identity before acting on a request.
Where Solvent acts as Processor for data controlled by one of our customers, we will redirect or assist the relevant customer unless the law requires us to respond directly.
10. Security
Solvent is designed for multi-tenant financial data. Our measures include:
- per-organisation access scoping and tenant isolation;
- role-based permissions for workspaces and entities;
- encryption in transit;
- encrypted storage of OAuth tokens and AI provider keys;
- audit logging for sensitive actions;
- least-privilege operational access;
- backups and recovery procedures;
- monitoring, incident response and abuse detection.
No system is perfectly secure, but we work to protect the confidentiality, integrity and availability of the service.
11. Children
Solvent is a business finance product and is not directed at children. Do not create an account for a child or intentionally submit children's personal data.
12. Changes
We may update this Privacy Policy as the service, providers, law or product features change. The latest version will be posted with a new "Last updated" date. Material changes will be notified in-app or by email where appropriate.
13. Contact
For privacy questions or requests, contact:
RHND Innovations GmbH Dornbacher Str. 5, top 2-3 1170 Vienna, Austria tamas@rhnd.io