Legal
Privacy Policy
How we collect, use, and protect your data. Written in plain English — not legalese.
Last updated: 12 April 2026 · Effective from: 12 April 2026
This Privacy Policy describes how THC Projects SRL ("Soelem", "we", "us", "our"), a company incorporated in Romania, European Union, collects, uses, and shares information about you when you use our website at soelem.com and our hosting services.
We take your privacy seriously. This policy is written to comply with the General Data Protection Regulation (GDPR) and the Romanian Law no. 190/2018 implementing the GDPR.
1. What Data We Collect
1.1 Account and Customer Data
When you sign up for a Soelem account, we collect:
- Full name
- Email address
- Billing address (including country)
- Payment information (processed by Stripe — we do not store full card numbers)
- Phone number (optional, required for WhatsApp/Telegram management feature)
- Company name and VAT number (for business customers)
1.2 Usage Data
When you visit our website or use our services, we automatically collect:
- IP address (anonymised after 30 days)
- Browser type and version
- Pages visited and time spent
- Referring URL
- Server request logs (retained for 14 days for security purposes)
1.3 Hosting and Site Data
As part of providing hosting services, we process:
- Files, databases, and content you upload or that our AI creates for your website
- DNS records associated with your domains
- Email headers and metadata (for business email plans)
- Backup copies of your site data (stored encrypted on Wasabi S3)
1.4 Communication Data
If you use our WhatsApp or Telegram management feature, we process:
- The content of your messages to our AI system
- Message timestamps and delivery status
- Phone number associated with your messaging account
2. How We Use Your Data
We use the data we collect for the following purposes:
- Service delivery: To provision, operate, and support your hosting account, build your website, manage your domain, and process your payments.
- AI management: To interpret your chat messages and apply changes to your website on your instruction.
- Security: To detect and prevent fraud, abuse, and security incidents.
- Communication: To send you transactional emails (account confirmations, invoices, renewal notices, incident alerts). We do not send marketing emails without explicit consent.
- Legal compliance: To fulfil our obligations under applicable law, including tax, accounting, and regulatory requirements.
- Service improvement: To analyse anonymised usage patterns and improve our services. We never sell your data to third parties.
3. Data Storage and Retention
Your data is stored in the following locations:
- Primary hosting data: Hetzner Falkenstein, Germany (EU)
- Backup storage: Wasabi S3, EU region (encrypted at rest)
- Billing data: Stripe — EU data residency
- Customer account database: Our EU infrastructure (WHMCS on EU VPS)
We retain your data for as long as your account is active and for a period of 7 years after account closure (for tax and accounting purposes). Server logs are deleted after 14 days. Anonymised analytics data may be retained indefinitely.
4. Legal Basis for Processing
We process your personal data on the following legal bases under GDPR Article 6:
- Performance of a contract (Art. 6(1)(b)): Processing necessary to deliver the hosting services you purchased.
- Legitimate interests (Art. 6(1)(f)): Security monitoring, fraud prevention, and service improvement.
- Legal obligation (Art. 6(1)(c)): Tax, accounting, and regulatory compliance.
- Consent (Art. 6(1)(a)): Marketing communications (opt-in only).
5. Data Sharing
We share your data only with the following categories of sub-processors, all operating under GDPR-compliant data processing agreements:
- Stripe — payment processing
- Hetzner Online GmbH — server infrastructure
- Wasabi Technologies — backup storage
- 360dialog — WhatsApp Business API messaging
- Cloudflare — DNS and CDN services
We do not sell, rent, or trade your personal data with any other third parties for marketing or commercial purposes.
6. Your Rights Under GDPR
As a data subject in the EU/EEA, you have the following rights:
- Right of access: Request a copy of all personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): Request deletion of your data, subject to our legal retention obligations.
- Right to restriction: Request that we restrict processing of your data in certain circumstances.
- Right to portability: Receive your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at legal@soelem.com. We will respond within 30 days. You also have the right to lodge a complaint with the Romanian supervisory authority (ANSPDCP) at www.dataprotection.ro.
7. Cookies
We use the following types of cookies:
- Strictly necessary: Session cookies required for login and account management. Cannot be disabled.
- Functional: Remembering your dark/light mode preference (stored in localStorage, not a cookie). No consent required.
- Analytics: Anonymised usage tracking via self-hosted Plausible Analytics (no personal data, no cross-site tracking, no consent required under GDPR).
We do not use third-party advertising cookies or tracking pixels.
8. Data Protection Officer
Given the scale of our data processing, a formal DPO appointment is not currently required under GDPR Article 37. For all data protection enquiries, contact: legal@soelem.com
Data Controller: THC Projects SRL
Registered in Romania, European Union
Email: legal@soelem.com
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email (to your registered account email) at least 14 days before the changes take effect. Continued use of our services after that date constitutes acceptance of the revised policy.