Privacy Policy

Last updated: 30 April 2026

Solace is a macOS menu bar application built by THEODOREHQ. The data controller for the purposes of the UK GDPR and the Data Protection Act 2018 is:

TJH/CO LIMITED (trading as THEODOREHQ)
A company registered in England and Wales
Company number: 16589593
Registered office:
c/o Fairway House Links Business, Fortran Rd, St Mellons, Cardiff CF3 0LT, United Kingdom
Email: support@theodorehq.com

This policy explains what data Solace collects (very little), the lawful basis for each processing activity, and how to exercise your rights.

The short version

Solace does not collect, store, or transmit your personal data. There are no user accounts, no analytics in the app, no telemetry, and no tracking. Your data stays on your Mac.

Data the app collects

None. Solace does not collect any personal information. It does not phone home. It has no analytics SDK, no crash reporter, and no telemetry of any kind.

Location data

Solace uses macOS CoreLocation to determine your approximate position for sunrise, sunset, and weather calculations. This data is processed entirely on your device. Your coordinates are never transmitted to any server operated by the Developer.

The legal basis for processing your location data under GDPR Article 6(1)(a) is your explicit consent, which you provide by granting location access in macOS System Settings. You may withdraw this consent at any time in System Settings > Privacy & Security > Location Services.

Apple WeatherKit

If you enable weather-aware switching, Solace sends your approximate location to Apple's WeatherKit API to retrieve current weather conditions. This request is handled by Apple and is governed by Apple's Privacy Policy. THEODOREHQ does not receive, log, or store any data from these requests.

Purchase data and email

When you purchase Solace, our payment processor Polar collects your email address and payment information to complete the transaction. Polar acts as the merchant of record and processes payments in accordance with their own privacy policy.

We receive the following from Polar to fulfil your purchase:

• Email address — used to deliver your licence key. Lawful basis: contractual necessity (UK GDPR Article 6(1)(b)).
• Country of purchase — used for VAT / sales tax accounting handled by Polar. Lawful basis: legal obligation (UK GDPR Article 6(1)(c)).
• Licence-activation log (timestamp, activation count, device identifier) — held by Polar and used to enforce the three-device activation limit. Lawful basis: contractual necessity (UK GDPR Article 6(1)(b)).

We will never share your email address with third parties for their marketing purposes, and we will never use your email address to market unrelated third-party products or services.

Marketing emails

After you purchase Solace, we may send occasional product update emails — feature announcements, usage tips, and news about Solace and related macOS products we develop. Our lawful basis for this is legitimate interests (UK GDPR Article 6(1)(f)): keeping existing customers informed about updates to a product they have purchased.

An opt-out option is presented after checkout on the download confirmation page, and every marketing email contains a one-click unsubscribe link. You have an absolute right to object to direct marketing at any time (UK GDPR Article 21(2)); if you object, we will stop sending marketing emails without delay.

How to unsubscribe

You can opt out of marketing emails at any time by:

• Ticking "I'd prefer not to receive product updates" on the download confirmation page after purchase
• Clicking the "Unsubscribe" link included in every marketing email
• Emailing support@theodorehq.com with the subject line "Unsubscribe"

Opting out of marketing emails will not affect transactional emails related to your purchase or licence key.

Data retention

We retain personal data only for as long as we have a lawful basis to do so:

• Purchase email and licence record — held by Polar (our merchant of record) and by us for as long as your licence is active, and for seven years after your last purchase, in line with HMRC record-keeping requirements (Value Added Tax Act 1994, Schedule 11; Finance Act 2008, Schedule 36).
• Marketing list subscription — until you unsubscribe, after which your email is removed from the marketing list within 30 days. We retain a suppression record indefinitely so that we do not contact you again.
• Licence-activation logs — 12 months from the most recent activation event.
• Support emails — two years after the last reply, longer where a specific issue requires it.

Website analytics

This website (theodorehq.com) uses two privacy-first, cookie-free analytics tools to count anonymous page views:

• Cloudflare Web Analytics — does not use cookies, does not collect personal data, does not fingerprint visitors, and does not track you across sites.
• Umami, self-hosted by THEODOREHQ at analytics.theodorehq.com — also cookie-free; it counts page views and a small set of custom events (e.g. CTA clicks, scroll depth) using anonymised, aggregate data only. Lawful basis: legitimate interests (UK GDPR Article 6(1)(f)) — running our own privacy-respecting analytics in place of third-party tracking.

Cookies and similar storage

Neither the Solace app nor this website set any tracking cookies. The website may use functional localStorage entries for two purposes only: remembering your light/dark theme preference, and capturing the marketing campaign source of your visit (e.g. UTM parameters) so it can be passed to checkout when you click "Buy Now". This storage is exempt from consent under PECR Regulation 6(4) because it is strictly necessary for a service you have requested.

International transfers

Some of our processors are based outside the UK. Where personal data is transferred internationally, it is protected by appropriate safeguards under UK GDPR Chapter V — typically the UK extension to the EU-US Data Privacy Framework, the UK International Data Transfer Agreement (IDTA), or Standard Contractual Clauses with the UK addendum.

• Polar (payment processor and merchant of record) — processes data in the United States. See Polar's privacy policy and DPA.
• Apple Inc. (WeatherKit) — processes data in the United States and other regions in accordance with Apple's Privacy Policy.
• Cloudflare (website analytics, edge network) — processes data on a global edge network with regional routing; transfers covered by Cloudflare's published safeguards.

Third-party services

The Solace application itself does not integrate with any third-party analytics, advertising, or data-processing services. The only external service the app communicates with is Apple WeatherKit, as described above. THEODOREHQ does not sell, share, or use personal information for targeted advertising.

Data storage and retention

All settings and preferences are stored locally on your Mac using macOS UserDefaults. No data is stored on external servers. No data is synced to iCloud or any cloud service.

Solace does not retain any personal data. Settings stored locally on your Mac persist until you uninstall the application or clear them manually. To delete all Solace data, simply uninstall the application.

Children's privacy

Solace is not directed at children. It does not knowingly collect any data from anyone, including children under the age of 13 (or 16 in the EU/UK).

Your rights

Under the UK GDPR, the EU GDPR, the CCPA, and similar privacy regulations, you have the following rights:

• Right of access (UK GDPR Article 15) — confirmation of the personal data we hold about you and a copy of it.
• Right to rectification (Article 16) — correction of inaccurate personal data.
• Right to erasure (Article 17) — deletion of your personal data, subject to retention obligations such as HMRC's seven-year record-keeping requirement.
• Right to restrict processing (Article 18) — in defined circumstances such as while the accuracy of the data is being checked.
• Right to data portability (Article 20) — to receive data you provided to us in a structured, machine-readable format.
• Right to object (Article 21), including an absolute right to object to direct marketing.
• Right to withdraw consent (Article 7(3)) — where we rely on consent (e.g. location access). Withdrawal does not affect the lawfulness of processing before withdrawal.
• Right not to be subject to automated decision-making (Article 22). We do not use any automated decision-making or profiling.

To exercise any of these rights, email support@theodorehq.com. We will respond within 30 days (UK GDPR Article 12(3)). The response is provided free of charge (Article 12(5)).

You may withdraw consent for location access or uninstall the application at any time. If you purchased Solace directly, you may also request deletion of any purchase records by contacting us.

Right to complain to the ICO

You have the right to lodge a complaint with a data protection supervisory authority at any time. In the UK:

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
ico.org.uk/make-a-complaint

In the EU, you can find your local data protection authority at edpb.europa.eu.

Changes to this policy

If this policy is updated, the revised version will be posted on this page with a new "Last updated" date at the top. We will not retroactively widen our data collection without notice. For material changes that affect customers' rights or our handling of personal data, we will give existing customers at least 14 days' notice by email before the changes take effect.