the short version
sol pbc makes open source software, and now operates one optional paid service: solstone hosted — private link, a relay that lets you reach your own journal from your phone. we don't sell your data — and we never will. the relay is blind by construction: it passes encrypted bytes between your devices and can't read what's inside. the billing system is not blind — to run your subscription we knowingly hold a small, named set of data (your email, your subscription status, and a reference to your sign-in), which you can see, export, or delete anytime. nothing from your journal reaches either one. the no-sale promise isn't just a promise: it's a binding legal covenant in our articles of incorporation, enforceable against the company forever.
this is still a comparatively short policy: most of what sol pbc makes runs on your hardware and never reaches us, and our one hosted service is a relay that can't see what flows through it. but now that we operate a paid service, this policy discloses in full what that service collects and who processes it.
who we are
sol pbc is a Colorado public benefit corporation. our benefit purpose, as filed with the Colorado Secretary of State, is to advance digital self-determination by providing open-source, privacy-respecting tools and services that enable individuals to directly collect and gain insight from their personal data.
sol pbc has one director: jeremie miller, the founder. the company can only be acquired by a successor that is legally bound to preserve a substantially equivalent benefit purpose and that assumes covenants no less protective than Article 8. acquisition by an entity that wouldn't honor these protections is not permitted. these constraints are in the articles of incorporation and cannot be weakened — see the amendment lock below.
contact: contact us. for the hosted service specifically, support@solstone.app.
what sol pbc makes
sol pbc develops two open source projects:
- solstone: an open source, local-first journal of what you see and hear, for the agents you use. it processes your screen and audio locally with AI and builds a searchable knowledge graph of your digital life. it runs on your hardware. your data stays on your device.
- vit — a developer capability network built on AT Protocol. developers and AI agents discover, share, and remix software capabilities through a decentralized social network.
sol pbc also operates one optional, paid hosted service:
- solstone hosted — private link: a relay sol pbc runs so you can reach your own journal from your phone (or any of your devices) without running your own relay. it's a convenience, never a requirement: the free paths — connecting directly on your own network, or bringing your own transport, or self-hosting the open-source relay — are always available and are private by the same construction. the relay is blind: it moves encrypted bytes between your devices and can't read them.
what data does sol pbc collect?
from solstone and vit: nothing
solstone and vit are open source software that runs on your hardware. sol pbc receives no data from your use of these products — no telemetry, no analytics, no crash reports, no usage data. the software works entirely offline from sol pbc.
the source code is public. you can verify this yourself.
from the hosted relay (solstone hosted): connection metadata, never content
when you use the hosted relay, your devices open an encrypted tunnel to each other and the relay passes the encrypted bytes between them. the encryption is end-to-end between your own devices — the relay holds no key to it and keeps no copy of what flows through. sol pbc cannot read your journal or anything inside the tunnel.
to move your bytes, the relay and Cloudflare (whose network the relay runs on) necessarily handle connection metadata about your devices — their network (IP) addresses, connection timing, and how much data moved. this metadata is Customer Data under our covenants: we use it only to operate, secure, and bill the relay, and we never sell it, profile you with it, or use it for advertising. it can reveal that your devices connected — never what they said. Cloudflare's handling of the edge data it sees is described in the Cloudflare privacy policy.
if someone served sol pbc a subpoena over the relay, the only thing we could produce is that connection metadata — that your devices connected, when, and how much data moved — never the contents, because there is no key and no plaintext to give. we resist such demands to the maximum the law allows and notify you when we legally can.
from subscribing (billing): the minimum to bill you
if you subscribe to the hosted service, we collect and keep the minimum needed to run your subscription: your email address, your subscription status and renewal dates, and a reference that ties the subscription to your sign-in. payments are handled by Stripe, our payment processor — your card and payment details go directly to Stripe and are governed by Stripe's terms and privacy policy. sol pbc never sees or stores your card. we send Stripe only what's needed to charge you for the service, and we never send Stripe anything from your journal.
we use your billing details only to run your subscription. we do not sell them, share them for anyone else's purposes, or use them for advertising, profiling, or any other purpose. (see what sol pbc will never do — this is structural, not just policy.)
from solpbc.org: almost nothing
when you visit solpbc.org, our hosting provider — Cloudflare — collects standard edge server logs (IP address, pages visited, browser type, timestamp). this is inherent in how the web works. Cloudflare's collection and handling of these logs is described in the Cloudflare privacy policy under "end users."
sol pbc does not access these logs for analytics or any other purpose. we don't use Google Analytics, tracking pixels, cookies, or any other tracking technology on solpbc.org.
from email: what you send us
if you email us, we receive your email. we use it to respond to you. we don't add you to mailing lists, share your email with anyone, or use it for marketing.
what sol pbc will never do
these aren't policies — they're binding covenants in our articles of incorporation and bylaws. while the founder serves as a director, any amendment requires his personal written consent (a right that cannot be delegated). after he ceases to serve, amendments are permitted only to strengthen these protections or to comply with mandatory law to the minimum extent strictly required. weakening amendments are foreclosed forever. (Articles of Incorporation, Article 8, Section 8.6.)
throughout this section, user data refers to what is legally defined in Article 8 as Customer Data — any data, information, content, record, output, or inference concerning a user or derived from such data, including de-identified, anonymized, aggregated, pseudonymized, or encrypted forms.
- never sell, license, sublicense, or lease user data — including anonymized, aggregated, or de-identified data. most privacy laws allow companies to share "de-identified" data freely. Article 8 closes that gap entirely. (Articles of Incorporation, Article 8, Section 8.3(a)(1))
- never use data for advertising, profiling, or behavioral targeting — user data can only be used to provide the service to the person who generated it, including through service providers strictly necessary to provide, secure, or support that service. no analytics vendors, no tracking pixels, no behavioral profiles — no exceptions. (Articles, Section 8.3(b))
- never weaken these protections, even if acquired — any merger, acquisition, or transfer of control is conditional: the successor must be legally bound to preserve a substantially equivalent benefit purpose and must assume covenants no less protective than Article 8. shareholders and former shareholders are third-party beneficiaries with direct enforcement rights that survive the transaction. (Articles, Section 8.5)
- always pursue the strongest practical encryption and access controls — encryption in transit and at rest, least-privilege access, and ongoing design toward end-to-end encryption, customer-held keys, secure enclaves, and confidential computing — architectures that minimize and, where reasonably practicable, eliminate operator access to plaintext data. (Bylaws, Article III, Section 3.1)
- always resist government data demands — resist disclosure to the maximum extent permitted by law, notify the affected user if legally allowed, and pursue architectures that make compelled disclosure technically infeasible. (Bylaws, Article III, Section 3.2)
these covenants bind the company, the founder, and any successor. they apply in full to the hosted service — the relay's blind-by-construction design is one of these covenants made concrete.
the narrow exceptions. your data leaves sol pbc only in the three narrow ways the covenant allows: (1) to the named processors below, strictly to run the service you asked for; (2) when you direct it — for example, choosing to pay Stripe by card; or (3) when we're compelled by law, in which case we resist to the maximum the law allows, disclose the minimum required, and notify you when we legally can. we never sell, license, or trade your data, and we never share it for anyone else's purposes. (Articles, Section 8.3(a)(2).)
who processes data for us
sol pbc keeps its list of data processors short and names them. each is bound — by contract and by Article 8 — never to use what we send it to advertise to you, profile you, or sell your data. like any payment or infrastructure company, each also runs its own fraud-prevention, security, and service operations on the limited technical data it handles — which is exactly why we send each one as little as possible, and never a byte from your journal.
| provider | what they handle | what they can see |
|---|---|---|
| Cloudflare | hosts solpbc.org; operates the network the hosted relay runs on | for solpbc.org: standard edge logs (it does not analyze them for us). for the relay: connection metadata + the encrypted bytes — never your content |
| Stripe | payment processing for the hosted subscription | your card + payment details (which you provide to Stripe directly) and the minimal billing info we send to charge you — never anything from your journal |
if we ever add or change a processor, we'll update this list and the changelog below.
your rights
you have rights over your data, and we extend them to everyone, regardless of where you live:
- access — ask us what personal data we have about you
- correction — ask us to fix inaccuracies
- deletion — ask us to delete your data
- portability — get a copy in a portable format
- opt out — of sale, targeted advertising, or profiling (sol pbc does none of these, for anyone, ever)
most of your sign-in and subscription data you can see, export, or delete yourself at services.solstone.app/settings/data; for anything else, or to exercise any right, email support@solstone.app (for the hosted service) or contact us. deleting your subscription data ends the hosted relay; it never touches your journal, which lives on your own devices. we'll respond as fast as we can, and within the time the law requires — 45 days under the Colorado Privacy Act, with the extensions the law allows.
if we deny a request, you can appeal by replying to support@solstone.app; we'll respond to the appeal within 45 days. if we deny the appeal, you can raise it with the Colorado Attorney General.
if you're a Colorado resident, you have the specific rights granted by the Colorado Privacy Act; residents of California (CCPA/CPRA) and the EU/UK (GDPR) have the equivalent rights — including, where those laws grant them, the right to restrict or object to processing. sol pbc does not make automated decisions about you and does not profile you. our covenants go further than any of these laws require. exercise any of them through the channels above.
vit and AT Protocol
vit is built on AT Protocol, a decentralized protocol where most data is public by design. when you publish a capability, vouch for a skill, or follow someone on vit, that data flows across the AT Protocol network to relays and indexers operated by many different parties.
sol pbc's privacy commitments apply to data on sol pbc's infrastructure. once data is published to the AT Protocol network, sol pbc cannot delete copies from other servers. this is how decentralized protocols work — it's a feature of the architecture, not a limitation of our commitment.
if sol pbc operates a relay or PDS for vit, we collect only what the protocol requires to function. no additional tracking, analytics, or data collection.
solstone and recording laws
throughout this site we describe what solstone does as observing along with you. when those observations include audio of a conversation, wiretapping and consent statutes call that recording — the term used in this section, because it is the term used in the laws.
solstone observes your screen and, when configured to do so, records audio. if you use solstone, you are responsible for complying with recording-consent laws in your jurisdiction. some states and countries require all parties to a conversation to consent to recording.
sol pbc doesn't record anything — you do, on your own hardware. we recommend informing others in advance when audio recording is active during conversations.
the hosted service in detail
sol pbc's one hosted service today is solstone hosted — private link: the relay described above. here is exactly what it does with data:
- what we collect and why — to run the relay, the network handles connection metadata (your devices' network addresses, timing, data amounts) and the encrypted bytes themselves. to bill you, we hold your email, your subscription status and renewal dates, and a reference linking the subscription to your sign-in. that's all. nothing from your journal reaches the relay or sol pbc.
- who processes it — Cloudflare (the network the relay runs on) and Stripe (payments). both are named above, bound by contract and Article 8, and able to see only what's described — never your content.
- how it's encrypted — the tunnel is end-to-end encrypted between your own devices. the relay holds no key and keeps no copy; it cannot read what flows through. this isn't a setting you have to trust us to honor — it's how the relay is built.
- how to export and delete — manage, export, or delete your sign-in and subscription data at services.solstone.app/settings/data, or email support@solstone.app. canceling or deleting your subscription stops the relay and never touches your journal.
- what happens when you stop paying — the relay simply stops at the end of the period you've paid for. nothing is lost: your journal, your data, and your device pairings are untouched, and the free paths (direct-on-your-network, bring-your-own-transport, self-host) keep working. you are never locked out of your own journal by a billing state.
- your rights — the access, correction, deletion, portability, and opt-out rights above apply to your hosted-service data, under the Colorado Privacy Act and the equivalent laws of your jurisdiction.
we will notify users before launching any new hosted service and publish the updated policy. the covenants above apply to all services — they are structural, not service-specific.
changes to this policy
if we change this policy, we will:
- update this page with a clear summary of what changed
- update the changelog below
the covenants in the articles of incorporation and bylaws cannot be weakened through a policy update — see the amendment lock described above.
changelog
| date | change |
|---|---|
| 2026-06-16 | updated for sol pbc's first hosted service, solstone hosted — private link (a paid, blind-by-construction relay). added the hosted-relay and billing data-collection disclosures; named Stripe (payments) and Cloudflare (relay network) as processors, with a processor table; described the hosted service in detail (data, processors, encryption, export/delete, graceful cancellation, rights); updated "your rights" with the services.solstone.app self-service + support@solstone.app channels, the CPA appeal mechanism, and the CPA/CCPA/GDPR rights. the binding covenants are unchanged. |
| 2026-05-01 | hosting attribution corrected: solpbc.org is served by Cloudflare Workers only — the prior reference to GitHub Pages reflected an earlier deployment and was no longer accurate. linked to the Cloudflare privacy policy for the edge server logs Cloudflare collects from visitors. |
| 2026-05-01 | updated to reflect the amendment and restatement of Article 8 (CO SOS Doc. 20261537456) and the adoption of restated bylaws. acquisition language updated to reflect that change of control is conditional (mission-aligned successors only, with covenants no less protective). amendment-lock language updated to reflect the new strengthening-only rule outside the founder's stewardship. operational-agent succession references removed; succession now flows through the Successor Designator mechanism in Article 8 §8.4. |
| 2026-03-29 | initial publication |
this privacy policy reflects the binding covenants in sol pbc's articles of incorporation and bylaws. the covenants are the authority — this policy describes them in plain language. if there is ever a conflict between this policy and the articles or bylaws, the articles and bylaws govern.
questions? get in touch.