Trust & Data Governance | Solas

Trust & Data Governance

We believe workplace analytics should empower employees, not surveil them

Data governance isn't a compliance checkbox for Solas. It's a core product differentiator. This page explains exactly how we handle employee data.

Last updated March 2026

Our philosophy

Honest about data ownership

The employer owns the communication data. It's generated on business systems. We acknowledge this honestly rather than making vague privacy claims.

But Solas gives employees exclusive ownership of the insights derived from that data. The analysis, the patterns, the coaching. That belongs to the employee. This honesty builds more trust than polish.

The data boundary

Who sees what, exactly

The only way individual data crosses the boundary is through the employee's active, specific, per-instance consent.

Data TypeWho Can See
Individual communication patterns
Employee only, never organisation
Individual behavioural signals
Employee only, never organisation
AI Coach conversations
Private, never logged
Speak Up submissions
Private log for employee only
Team aggregate patterns
Manager (own team), HR (all teams)
Department/org compliance scores
HR / Executives

Consent model

Per-instance, per-purpose, per-audience

Solas never relies on broad standing consent. Every data share is specific, time-limited, and transparent.

Transparency

The employee is told exactly why this data is being requested.

Audience

The employee is told exactly who will see it.

Time-Limited

Consent has automatic expiry. No open-ended access.

Invisible Refusal

Choosing not to share is never visible to the organisation.

Technical security

Architecturally enforced, not just policy-based

ISO/IEC 27001:2022

Independently certified information security management.

GCP-Native

Data within organisation's secure Google Cloud boundary.

Vertex AI / Gemini

No data used to train external models.

Technical Enforcement

Architectural restrictions prevent employer access, not just policy.

Regulatory alignment

Built for the regulatory landscape

EU AI Act

  • Text-based analysis (not biometric)
  • Clear transparency documentation
  • Human oversight safeguards
  • Risk classification compliant

GDPR

  • Per-instance consent model
  • Data minimisation by design
  • Right to deletion
  • Lawful basis documentation

ISO Standards

  • ISO 45003 compliance monitoring
  • ISO 30415 inclusion methodology
  • ISO 45001 continuous improvement
  • Audit-ready evidence generation

FAQ

Frequently asked questions

Does Solas read my messages?+
No. Solas analyses communication patterns — frequency, timing, tone, collaboration networks — but never stores or surfaces the content of any message. Think of it like a fitness tracker for communication health.
Can my manager see my individual data?+
No. Your individual dashboard is private by default. Managers only see aggregate team patterns with a minimum group size of 7. Non-participation is invisible — choosing not to share is never a signal.
What happens if I want my data deleted?+
You have the right to request deletion at any time. Solas is fully GDPR compliant with documented data minimisation and right-to-deletion processes.
How is Solas different from surveillance software?+
Surveillance tools monitor content and report to management. Solas gives employees ownership of their own insights, analyses patterns rather than content, and uses aggregate data for organisational intelligence. The data boundary is architecturally enforced, not just policy-based.
Is Solas compliant with the EU AI Act?+
Yes. Solas uses text-based pattern analysis (not biometric), provides clear transparency documentation, includes human oversight safeguards, and is classified appropriately under the EU AI Act risk framework.

Co-design

Built with employee interests in mind

Solas was co-designed with workplace organisations and employee representatives, ensuring the product serves both employer and employee needs.

About Solas →Talk to Us

Questions about data governance?

Let's talk about trust

We're happy to walk through our data model, consent architecture, and security posture in detail.

Book a Demo →Talk to Us