Legal

Privacy Policy

Effective date: 6 April 2026  ·  Solvce Pty Ltd

This Privacy Policy explains how Solvce Pty Ltd(“Solvce”, “we”, “us”, or “our”) collects, uses, discloses, and protects information about you when you use our accounts payable automation platform and related services (the “Service”). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account and Contact Information

When you create an account or contact us, we collect:

  • Name, email address, and job title
  • Company name, industry, and country
  • Billing address and payment method details (processed by Stripe — we do not store card numbers)
  • Communications you send to us

1.2 Business and Financial Data You Upload

To provide the Service, we process business documents and data you upload or connect, including:

  • Invoices (PDF, image, or email)
  • Purchase orders and goods receipts
  • Vendor names, bank details, and payment information
  • General ledger codes and chart of accounts
  • Transaction history and payment runs

This data is stored in your isolated environment and is never shared with other customers or used to train any AI model.

1.3 ERP and Accounting System Data

When you connect an accounting system (such as QuickBooks Online, Xero, MYOB, Zoho Books, or NetSuite), we access only the data necessary to provide AP automation:

  • Purchase orders and vendor lists
  • Invoice and payment records
  • Chart of accounts and GL codes
  • Currency and payment terms settings

We access ERP data using OAuth 2.0 (where supported). We do not store your ERP login credentials. OAuth tokens are stored in Google Cloud Secret Manager with AES-256 encryption.

You can revoke Solvce’s access to your accounting system at any time from within your accounting provider’s settings. Revoking access will disable ERP sync but will not delete data already processed.

1.4 Usage Data

We automatically collect information about how you use the Service:

  • Pages visited, features used, and actions taken
  • IP address, browser type, and device information
  • Session duration and navigation paths

We use Google Analytics and Microsoft Clarity for usage analytics. These tools use cookies. You can opt out via your browser settings.

2. How We Use Your Information

  • To provide the Service: Processing invoices, performing 2-way and 3-way matching, posting approved invoices to your ERP, and generating payment files.
  • To improve the Service: Analysing usage patterns to improve features and fix bugs. We never use your business documents or financial data for this purpose.
  • To communicate with you: Sending invoice approval requests, exception alerts, payment confirmations, and account notifications via SendGrid.
  • To process payments: Managing your subscription and invoicing via Stripe.
  • To comply with legal obligations: Maintaining records as required by applicable law.
  • To protect security: Detecting and preventing fraud, abuse, and unauthorised access.

3. AI and Document Processing

Solvce uses artificial intelligence to extract data from invoices and match them against purchase orders and goods receipts. We use Google Cloud Document AI for this purpose.

Your data is never used to train any AI model — not ours, not our providers’. Documents you upload are processed inside a contained cloud environment and are not transmitted to external AI APIs for model training, benchmarking, or any shared-learning purpose.

Every field extracted by AI is accompanied by a reason explaining how the value was determined. You can review and override any AI decision at any time.

4. Data Isolation and Security

4.1 Tenant Isolation

Every customer has their own isolated data environment. Row-Level Security (RLS) is enforced at the PostgreSQL database engine level — not the application layer. It is architecturally impossible for your data to be accessed by another customer’s session, even in the event of an application bug.

4.2 Security Measures

  • All data in transit is encrypted using TLS 1.2 or higher
  • All data at rest is encrypted using AES-256
  • ERP credentials stored in Google Cloud Secret Manager
  • Authentication managed by Clerk with multi-factor authentication available
  • Immutable audit log of every user action and system event
  • Access to production data by Solvce staff requires explicit customer consent and generates an audit record

4.3 Data Residency

Data is stored in Australia (Sydney region, Google Cloud) by default. Enterprise customers may request alternative regions. AI document extraction runs within Google Cloud’s network and does not leave the cloud provider environment.

5. Disclosure of Information

We do not sell your personal information. We share information only in the following circumstances:

5.1 Service Providers

We share data with third-party service providers who help us deliver the Service, subject to confidentiality obligations:

  • Google Cloud Platform — infrastructure, database, storage, and Document AI
  • Clerk — identity and authentication
  • Stripe — subscription billing and payment processing
  • SendGrid (Twilio) — transactional email notifications

Each provider is bound by data processing agreements. We do not authorise providers to use your data for any purpose other than providing services to Solvce.

5.2 ERP Providers

When you connect an accounting system, data is transmitted to and from that provider pursuant to their terms of service and your existing agreement with them. Solvce acts as a processor of that data on your behalf.

5.3 Legal Requirements

We may disclose information if required by law, regulation, legal process, or government request, or to protect the rights, property, or safety of Solvce, our customers, or the public.

5.4 Business Transfers

If Solvce is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

6. Data Retention

  • Account data is retained for the duration of your subscription and for 90 days after cancellation.
  • Business documents and financial data are retained for the duration of your subscription and deleted within 90 days of cancellation. We will confirm deletion in writing on request.
  • Audit logs are retained for 7 years to meet financial record-keeping requirements.
  • Usage analytics data (anonymised) may be retained indefinitely.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to certain processing of your information.
  • Withdrawal of consent: Where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, contact us at hello@solvce.com. We will respond within 30 days.

8. Cookies

We use the following cookies and similar technologies:

  • Essential cookies: Required for authentication and session management. Cannot be disabled.
  • Analytics cookies: Google Analytics and Microsoft Clarity to understand usage patterns. You can opt out via your browser or by visiting Google’s opt-out page.

We do not use advertising or tracking cookies.

9. Children's Privacy

The Service is intended for business use and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly.

10. International Transfers

We are based in Australia. If you access the Service from outside Australia, your information may be transferred to, stored, and processed in Australia and other countries where our service providers operate. We take steps to ensure appropriate safeguards are in place for such transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice in the Service at least 30 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have a privacy complaint, contact us at:

Solvce Pty Ltd

Australia

hello@solvce.com

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Terms of Service →Security & Trust →hello@solvce.com
Home