Security
Last updated: July 18, 2026
The short version
Your quotes, invoices, and client details are your livelihood. SoloDesks is built so that only you can see them, payments never pass through us, and you can take your data with you — or delete it all — at any time.
Your account
- Passwords are never stored as-is — only as a one-way encrypted hash, so not even we can read them.
- The sign-in page is protected by a bot check and rate limiting, which blocks automated password-guessing.
- Forgotten your password? Reset links are sent only to your own email address and expire quickly.
Your data
- Every request travels over HTTPS — data is always encrypted in transit.
- Access rules are enforced by the database itself (row-level security): it refuses to show, change, or delete a record unless it belongs to the signed-in account. Even a bug in the app couldn’t show one tradesperson another’s clients.
- You can download a full copy of your data from Settings any time, and delete your account — and everything in it — yourself, without asking us.
Your money
SoloDesks never touches money moving between you and your clients. Invoices point clients at your own payment details or payment link — funds go straight to you, and we simply help you track what’s been paid. Pro subscriptions are handled by Paddle as the merchant of record: your card number goes directly to Paddle and never reaches our servers.
Quote & invoice links
The links you share with clients use long, random codes that can’t be guessed, expire automatically after 60 days, and are flagged so search engines never index them. A link shows one document to the person you sent it to — nothing more.
Found a vulnerability?
We want to hear about it. Email support@solodesks.com with the details and we’ll respond as quickly as we can. Our disclosure contact is also published at /.well-known/security.txt. Please give us a reasonable chance to fix an issue before sharing it publicly.