Effective date: 14 May 2026 · Version 1.3 · App: SoloTrade · Developer: SoloTradeOS (Australia)
This page explains how to delete your SoloTrade account and the data associated with it. It is cross-referenced from clause 8.1 of our Privacy Policy v3.3 and clause 11 of our Terms of Service v3.2; where those documents disagree with this page, those documents prevail.
The fastest and most reliable way to delete your account is from inside the app:
If you change your mind, simply do not click the confirmation link — the request expires after 24 hours and nothing is deleted.
If you cannot open the app (e.g. you've already uninstalled it, or you've lost access to the device) email us and we'll run the deletion manually:
SoloTrade Account Deletion Request.We respond within 30 days as required by Australian Privacy Principle 12, and in practice usually within 2 business days. We confirm by email when deletion is complete.
When you complete the in-app flow, or when we run the deletion manually after an email request, the following data is permanently and irreversibly removed from production:
| Data category | Outcome |
|---|---|
| Account row (email, hashed password, MFA secrets, session tokens) | Deleted from auth.users and auth.identities |
| Business profile (business name, ABN, address, phone, logo, bank/PayID details) | Deleted from business_profiles |
| App settings (theme, currency, follow-up preferences, push opt-in) | Deleted from app_settings |
| Consent log (recorded acceptances of Privacy / Terms versions) | Deleted from user_consents |
| ABN registry tombstone | By default we keep a hash-only tombstone (abn_registry) so a future operator who reclaims that ABN cannot accidentally inherit your account. If you want full removal including the tombstone, say so in the deletion request. |
| Data category | Outcome |
|---|---|
Clients, client documents (storage objects in the client-documents bucket) | Deleted |
| Quotes, quote drafts, quote lines, AI-drafted scope/description text (V34.A) | Deleted |
| Invoices, invoice drafts, recurring-invoice schedules (V35.5) | Schedules stopped + all rows deleted |
| Jobs, job notes, job-site pinned notes (V35.10), time entries, variations | Deleted |
| Job photos (storage objects, AES-256-GCM encrypted at rest) | Ciphertext deleted + per-user encryption key (DEK) purged from Vault via purge_user_dek |
Expenses + receipts (rows in receipts.* tables, storage objects under receipts/<pseudonym>/…) | Deleted; per-user DEK purged |
| Quote templates, pricing profiles, materials library | Deleted |
| Public quote / invoice / document tokens | All tokens revoked. Any outstanding public URL returns "Link no longer valid" immediately. |
| Email logs (sent-email records, Resend message IDs) | Deleted |
| Warranty records (V35.9, surfaced on the public quote/invoice trust footer) | Deleted |
| Data category | Outcome |
|---|---|
Vehicle logbook trips (V35.6, vehicle_trips table - ATO logbook entries + CSV export staging) | Deleted |
Compliance credentials (V35.3, licence + insurance renewals, alert log, credential PDFs in the compliance-documents bucket) | Deleted from compliance_credentials + compliance_alert_log; storage objects deleted |
| Subbie register (V35.7, head-contractor compliance tracking for engaged subbies) | Deleted from subbies table. Note: the subbie's own SoloTrade account (if any) is unaffected - we only delete the link record you owned. |
| SWMS draft documents (V35.8, Safe Work Method Statements you've authored from the 6 trade templates) | Deleted, including any generated SWMS PDFs in the documents/<user_id>/swms/ path |
| AI usage log (V34.B, per-month counts of AI drafting calls + surface key - does NOT contain prompt/response content) | Deleted from ai_usage_log |
| AI follow-up drafts (V34.C, generated draft emails in your review queue with client first-name + quote number + total) | Deleted from ai_followup_drafts |
| Service-reactivation records (V35.11, scheduled HWS / RCD / safety-switch follow-ups) | Deleted |
| Weather-alert log (V35.12, daily BoM check-results against your scheduled jobs) | Deleted |
| Quote-insights data (V35.14, win-rate and trend analysis) | Insights derive from quotes/invoices and disappear automatically when those rows are deleted |
| Job-history search index (V35.13, "Ask job history" feature) | Search uses Postgres ILIKE against the underlying tables - no separate index, deletion is automatic when source rows go |
Voice notes (optional voice-note feature, storage objects in the voice-notes bucket) | Deleted |
| Push notification tokens (APNs / FCM device tokens used for compliance + weather alerts) | Deleted from push_tokens; tokens are useless once revoked because they reference the deleted auth.users.id |
OAuth refresh tokens (Gmail send, Google Drive backup) stored encrypted in vault.secrets | Both the mapping rows (gmail_oauth_tokens, drive_oauth_tokens) AND the underlying vault.secrets rows are deleted via the revoke RPCs |
| Data category | Retention period | Legal basis |
|---|---|---|
| Tax / GST records derived from your invoices (financial-transaction records, not the invoice rows themselves) | 5 years from the end of the financial year in which the transaction occurred | ATO record-keeping rules — we keep only the minimum necessary tax-evidence layer (date, GST amount, ABN, total), not your full invoice or client PII. Aligned with Privacy Policy v3.3 §9.1. |
| Purchase / subscription transaction records | Up to 7 years | Required by the payment processor (Google Play Billing / RevenueCat) for chargeback handling and ATO tax-reporting. |
| Anonymous crash logs and diagnostics (Sentry) | Up to 90 days after deletion | Diagnostic data is not linked to your identity after account deletion. Sentry's self-serve plan caps error retention at 90 days, then automatically purges. |
| Encrypted database backups | Up to 7 days after deletion | Supabase Pro retains 7 daily encrypted backups. Your deleted data is purged from all backups within this window. |
| Anthropic API logs (for AI-drafting calls you made before deletion) | Up to 30 days | Anthropic retains API inputs for up to 30 days for trust-and-safety review per their privacy policy. They are not used to train Anthropic's models. We have a DPA in force with Anthropic. After the 30-day window the logs are auto-purged. |
If you want to delete only specific data but keep your account active, you have two options:
To prevent indefinite retention of personal data after you've stopped using SoloTrade, we operate an inactivity sunset:
This clause is also mirrored in Privacy Policy v3.3 §9.
If you have questions about this process, want clarification on what we've deleted, or believe a deletion request was not handled correctly:
SoloTradeOS — the natural person operating SoloTrade
Privacy contact: privacy@solotrade.com.au
Support: support@solotrade.com.au
If you are not satisfied with our response you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at no charge.
This page was last updated on 14 May 2026, version 1.3 (V35 update - V34/V35 data categories added; in-app two-step flow documented; compliance-documents bucket disclosed; OAuth vault.secrets purge cited; inactivity sunset added; ATO retention basis cited). It refers to the SoloTrade mobile application developed by SoloTradeOS.