Solay Privacy Policy

Last updated: June 7, 2026

Related document

Read Terms of Service

Privacy at a Glance

Solay is designed to keep your personal preferences and sun-session history primarily on your device. Connected features use limited information for forecasts, accounts, security, free-session allowances, purchases, and support.

Solay does not sell personal information, serve third-party advertising, use data brokers, or perform cross-app tracking. This Privacy Policy explains what information Solay handles, why it is used, when it is shared, and the choices available to you.

1. Local-First Information

The following information is stored primarily on your device and is not routinely uploaded to our backend:

  • Your selected skin type, sun-planning goal, default SPF, units, and onboarding status
  • Reminder and alert preferences, including SPF and UV-alert settings
  • Your saved location and location-permission choice
  • Completed sun-session history, session measurements, and feedback you choose to record

When you delete your Solay account through the app, Solay clears local session and history content associated with the app's session lifecycle. Stored preferences may remain on the device until you reset them, clear app data, or uninstall Solay.

2. Information Processed by Connected Services

Solay and its service providers process limited online information needed to operate connected features:

  • Guest and account information: backend user and session identifiers, authentication provider, and account status
  • Optional Sign in with Apple information: Apple account identifier, and the name or email address Apple provides when you choose to share them, together with authorization records needed to maintain or revoke account access
  • Device and security information: a randomly generated device-installation identifier that is stored by our backend only as a one-way hash, device platform, IP address, user agent, session identifiers, and access or activity timestamps
  • Free-session usage: records associated with a hashed device identity and, when signed in, your backend user account, used to apply the free-session allowance
  • Purchase and entitlement information: App Store and RevenueCat product, subscription, entitlement, expiration, transaction environment, app-user identifiers, and webhook or reconciliation records
  • Support information: your email address, messages, screenshots, diagnostics, and other information you voluntarily send when requesting help

Kovacs Software Solutions does not receive your full payment-card details. Apple processes payment-card and billing information under its own terms and privacy policy.

3. Location and Forecast Processing

When you request UV or weather information, Solay sends latitude, longitude, and timezone information to the Solay backend. The backend rounds coordinates to two decimal places, which is approximately neighborhood-level precision, before using them to request forecast information from Apple WeatherKit.

Rounded coordinates, timezone, forecast scope, and forecast responses may be cached for up to six hours to provide forecasts efficiently and reduce repeated requests. Infrastructure and failure logs may process request details or rounded coordinates when needed to diagnose service failures, protect the service, or investigate abuse.

Solay accesses location only with your permission while you use the app. You can deny or revoke location access in your device settings and may use a manually selected saved location where supported.

4. How We Use Information

We process information only as reasonably necessary to:

  • Provide UV forecasts, guest sessions, optional Apple account access, and Solay features
  • Apply free-session allowances and manage Solay Pro subscriptions and entitlements
  • Authenticate users, maintain sessions, prevent fraud or abuse, and protect Solay's security
  • Operate, troubleshoot, maintain, and improve service reliability
  • Respond to support requests, enforce agreements, resolve disputes, and comply with legal obligations

5. Service Providers and Sharing

We share information only as needed with providers that support Solay or when required by law:

  • Apple WeatherKit receives rounded coordinates and timezone information to provide current, hourly, and multi-day weather and UV forecast data.
  • Sign in with Apple authenticates optional Apple accounts and manages Apple authorization.
  • Apple App Store processes purchases, billing, refunds, and store-account activity.
  • RevenueCat processes app-user identifiers and purchase, subscription, and entitlement events to provide and restore Solay Pro access.
  • Hosting and infrastructure providers store and process backend accounts, sessions, hashed device identities, caches, purchase records, and operational logs.

Providers are expected to process information only for authorized purposes and to apply appropriate protections. They may also process information under their own terms and privacy policies where they have a direct relationship with you.

We may disclose information when reasonably necessary to comply with law, protect rights or safety, investigate abuse, or support a merger, acquisition, financing, reorganization, or transfer of the Solay business, subject to applicable legal requirements.

6. Notifications and Device Permissions

With your permission, Solay may schedule local notifications for SPF reminders, session timing, or UV alerts. Notification content and schedules are generally managed on your device. You can change location and notification permissions at any time in your device settings. Disabling a permission may limit related Solay features.

7. Retention

We retain information only for as long as reasonably necessary for the purposes described in this Policy:

  • Account and authentication records are retained while the account is active and as needed to secure, administer, or delete it.
  • Session and security records, including hashed tokens, IP addresses, user agents, and operational logs, are retained according to security, expiration, troubleshooting, and legal needs.
  • Hashed device identity and free-session usage records may be retained to preserve the allowance and prevent fraud or repeated resets.
  • Forecast cache records are designed to expire after no more than approximately six hours.
  • Purchase, entitlement, and RevenueCat webhook records may be retained to administer purchases, maintain audit records, restore access, resolve disputes, and comply with legal obligations.
  • Support communications are retained as needed to respond, maintain support history, and protect legal interests.

Retention periods may be extended where necessary for security, fraud prevention, disputes, legal claims, regulatory obligations, or backup restoration. When information is no longer needed, we delete, anonymize, or isolate it as appropriate.

8. Account Deletion and Your Choices

You can delete an active guest or Apple-linked account through Solay's account settings. Account deletion removes the backend user account, revokes active account sessions, and triggers deletion of local session-history content. If you use Sign in with Apple, Solay also attempts to revoke the associated Apple authorization.

Account deletion does not necessarily delete records that are maintained separately from the account, including hashed device-allowance records, purchase or RevenueCat webhook records, security logs, legal records, or information retained in backups until those backups are overwritten. Apple and other providers may retain information under their own policies.

Depending on your location, you may have rights to request access, correction, deletion, restriction, objection, portability, or withdrawal of consent regarding personal information. To exercise a privacy right or request help with deletion, contact info@kovacssoftware.com. We may need to verify your request and may retain information where permitted or required by law.

9. Children's Privacy

Solay is not intended for children under 13 years old or under the minimum age required in their jurisdiction. If you are under the age of majority in your jurisdiction, you must have permission from a parent or legal guardian to use Solay.

We do not knowingly collect personal information from a child who is not permitted to use Solay. If you believe a child has provided personal information without the required permission, contact info@kovacssoftware.com so we can review and delete the information where appropriate.

10. Security and International Processing

We use reasonable administrative, technical, and organizational measures designed to protect information, including hashing certain identifiers and tokens and encrypting stored Apple authorization tokens. No system, storage method, or transmission is completely secure, and we cannot guarantee absolute security.

Solay and its providers may process information in countries other than your own. Where required, we take appropriate steps intended to protect information during international processing.

11. Changes to This Policy

We may update this Privacy Policy as Solay, its providers, or legal requirements change. Updated versions will be posted at this URL with a revised "Last updated" date. Where required by law, we will provide additional notice or request consent for material changes.

12. Contact

Kovacs Software Solutions
Privacy questions, rights requests, and deletion requests can be sent to info@kovacssoftware.com. General product-support requests can be sent to support@kovacssoftware.com.