Solprise

Privacy Policy

Last updated: 2 March 2026

This Privacy Policy explains how Solprise collects, uses, stores and protects personal data when you use our website and services, including where you connect third party services such as LinkedIn, Microsoft or Google.

1. Introduction

Solprise provides enterprise software solutions including Synapse CRM. We are committed to protecting personal data and handling it responsibly in accordance with UK data protection law, including the UK General Data Protection Regulation and the Data Protection Act 2018, and where applicable, United States and Canadian privacy legislation.

This Privacy Policy explains how we collect, use, store and protect personal data when you use our website, our CRM platform, and when you connect third party services such as LinkedIn.

2. Data Controller

For the purposes of data protection law, Solprise is the data controller in respect of personal data processed through our website and platform, except where we act as a data processor on behalf of our organisational customers.

Where our customers use Synapse CRM to manage their own contacts, they remain the data controller for that data and we act strictly as a data processor under their instructions.

3. Categories of Personal Data We Process

We may process the following categories of personal data:

a. Account Information

Name, business email address, company name, role, login credentials.

b. Authentication Data

Encrypted passwords and authentication tokens used for secure login.

c. Third Party Integration Data

Where a user chooses to connect to LinkedIn, Microsoft or Google via authorised OAuth access, we may process profile information permitted by LinkedIn, Mocrosoft or Google API permissions, message metadata and message content where explicitly authorised, and contact identifiers necessary for CRM logging.

We do not access LinkedIn, Microsoft or Google data without the explicit consent of the logged in user through LinkedIn, Microsoft or Google’s official authorisation process.

d. Usage Data

IP address, device information, browser type, pages accessed, and timestamps.

e. Communications

Information contained in enquiries, support requests, or feedback.

4. Lawful Basis for Processing

We process personal data under one or more of the following lawful bases:

  • Performance of a contract where processing is necessary to provide CRM services.
  • Legitimate interests in operating, securing and improving our platform.
  • Consent where required, including for LinkedIn, Microsoft or Google API access and certain analytics technologies.
  • Legal obligation where required by applicable law.

5. LinkedIn, Microsoft and Google Integration and Compliance

Where users connect their LinkedIn, Microsoft or Google accounts:

  • Access is obtained exclusively via LinkedIn, Microsoft or Google’s official OAuth authorisation flow.
  • We only request permissions necessary for CRM functionality.
  • We do not scrape LinkedIn, Microsoft or Google data.
  • We do not bypass LinkedIn, Microsoft or Google technical controls.
  • We do not sell, rent, trade, or redistribute LinkedIn, Microsoft or Google data.
  • LinkedIn, Microsoft and Google data is used solely to provide CRM functionality within the user’s organisation.
  • Data is not shared outside the organisation that controls the CRM account.
  • Users may revoke LinkedIn, Microsoft ot Google access at any time via their LinkedIn, Microsoft or Google settings or within our platform.

LinkedIn, Microsoft and Google data is processed in accordance with the appropriate organisation’s API Terms of Use and applicable data protection laws.

6. Data Minimisation

We collect and process only the minimum amount of data necessary to deliver the requested service. We do not collect personal data that is not required for CRM functionality.

7. Data Sharing

We do not sell personal data.

We may share data only with:

  • Cloud hosting providers under strict contractual safeguards
  • Security service providers
  • Analytics providers in anonymised or aggregated form
  • Legal authorities where required by law

All third party service providers are bound by confidentiality and data protection obligations.

8. International Transfers

Where personal data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place, including recognised adequacy regulations or approved contractual safeguards.

9. Security Measures

We implement appropriate technical and organisational measures including:

  • Encryption in transit using SSL or TLS
  • Encryption of stored passwords and authentication credentials
  • Logical data segregation between organisations
  • Role based access controls
  • Audit logging
  • Secure cloud infrastructure
  • Regular security review and monitoring

Access to LinkedIn, Microsoft or Google data is restricted to authorised users within the relevant organisation.

10. Data Retention

We retain personal data only for as long as necessary to provide the service or to comply with legal obligations.

Where LinkedIn, Microsoft or Google integration is revoked, associated tokens are invalidated and access ceases. Data may be deleted upon request subject to contractual and legal requirements.

11. User Rights

Subject to applicable law, individuals may have the right to access their personal data, correct inaccurate data, request erasure, restrict processing, object to processing, and request data portability.

12. California and Canadian Users

Where applicable, we comply with relevant United States state privacy laws and Canadian privacy legislation, including rights relating to access and deletion.

13. Children

Our services are not intended for individuals under 18 years of age.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be published on our website.