Skip to main content

Privacy Policy

Last updated: January 28, 2026

Solima ("we," "our," or "us") is a product of Trust Recovery Apps, LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our sober living home management software and related services.

We understand the sensitive nature of substance use disorder recovery. Solima is designed to comply with applicable privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA) and 42 CFR Part 2, which provides special federal protections for substance use disorder patient records.

1. Our Role and Your Role

Facility Operators (Our Customers)

When sober living facility operators use Solima, they are the data controllers for resident information. As operators, you determine what resident data to collect, how to use it, and when to disclose it. You are responsible for:

  • Obtaining appropriate consent from residents before entering their data
  • Complying with 42 CFR Part 2 consent requirements for any disclosures
  • Ensuring staff are trained on privacy requirements
  • Responding to resident requests regarding their information
  • Using Solima in accordance with applicable laws and your facility's policies

Solima (Our Role)

We act as a data processor (or "business associate" under HIPAA) for resident information. We process this data solely to provide Solima's services on your behalf. We will enter into a Business Associate Agreement (BAA) with customers who require one.

2. Information We Collect

Account Information

When you create a Solima account, we collect:

  • Name and contact information (email, phone number)
  • Organization/facility name and address
  • Billing information (processed securely through Stripe)
  • Account credentials

Resident Data

Facility operators use Solima to manage resident information. This data is entered and controlled by the facility operator and may include:

  • Resident names and contact information
  • Emergency contact details
  • Intake and discharge dates
  • Room/bed assignments
  • Rent payment history
  • Drug testing schedules and results
  • Recovery meeting attendance records
  • Case notes and progress documentation
  • Incident reports
  • Signed documents and consent forms

This information is protected under 42 CFR Part 2 because it identifies individuals as receiving services related to substance use disorder recovery.

Usage Data

We automatically collect certain technical information when you use Solima:

  • Device information (browser type, operating system)
  • IP address and general location
  • Pages visited and features used
  • Date and time of access

This data is used for security monitoring, service improvement, and audit purposes.

3. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve Solima's services
  • Process payments and send billing-related communications
  • Respond to your requests and provide customer support
  • Send important updates about the service
  • Detect, prevent, and address technical issues or security threats
  • Maintain audit logs as required by law
  • Comply with legal obligations

We do not use resident data for marketing, advertising, or any purpose other than providing the services you have engaged us to provide.

4. 42 CFR Part 2 Protections

Resident records in Solima are protected by federal law under 42 CFR Part 2. This regulation provides special privacy protections for substance use disorder patient records that go beyond standard healthcare privacy laws.

Key Protections

  • Consent Required: Disclosure of resident information generally requires the resident's written consent, which must meet specific requirements under 42 CFR Part 2.
  • Limited Exceptions: There are very limited exceptions permitting disclosure without consent (medical emergencies, crimes on premises, child abuse reporting where required by state law, and qualified audits).
  • Prohibition on Re-disclosure: Anyone who receives resident information cannot further disclose it without additional consent.
  • Protection from Legal Proceedings: Records cannot be used in legal proceedings against a resident without proper consent or court order.

Re-Disclosure Notice

Any information disclosed from Solima that identifies a resident includes the following notice as required by federal law:

This information has been disclosed to you from records protected by federal confidentiality rules (42 CFR Part 2). The federal rules prohibit you from making any further disclosure of information in this record that identifies a patient as having or having had a substance use disorder either directly, by reference to publicly available information, or through verification of such identification by another person unless further disclosure is expressly permitted by the written consent of the individual whose information is being disclosed or as otherwise permitted by 42 CFR Part 2. A general authorization for the release of medical or other information is NOT sufficient for this purpose. The federal rules restrict any use of the information to investigate or prosecute with regard to a crime any patient with a substance use disorder, except as provided at §§ 2.12(c)(5) and 2.65.

5. Data Sharing and Disclosure

We do not sell personal information. We may share information only as follows:

Service Providers

We use third-party service providers who assist in operating Solima. These providers are bound by contractual obligations (including Business Associate Agreements where applicable) to protect information and use it only for the services they provide to us:

  • Microsoft Azure: Cloud hosting and infrastructure
  • Stripe: Payment processing

Legal Requirements

We may disclose information when required by law. However, for records protected by 42 CFR Part 2, we will only disclose in response to a valid court order that meets the specific requirements of the regulation—a subpoena alone is not sufficient.

Business Transfers

In connection with a merger, acquisition, or sale of assets, information may be transferred. Any successor would be bound by the same privacy obligations.

6. Data Security

We implement security measures designed to protect information in compliance with HIPAA Security Rule requirements:

  • Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access Controls: Role-based access ensures users only see information necessary for their role
  • Audit Logging: All access to protected information is logged
  • Secure Infrastructure: Hosted on Microsoft Azure with SOC 2 and HIPAA compliance
  • Regular Assessments: Ongoing security monitoring and periodic risk assessments

While we implement strong safeguards, no system is completely secure. We will notify affected parties of any breach as required by law.

7. Data Retention

We retain information for as long as your account is active or as needed to provide services. Facility operators may delete resident data at any time through Solima.

Upon account termination, we will delete or anonymize data within 90 days, unless:

  • Retention is required by law
  • You request an export of your data (available for 30 days after termination)
  • A legal hold is in place

We recommend facility operators maintain records for at least 7 years after a resident's discharge to meet typical healthcare recordkeeping requirements.

8. Your Rights

Facility Operators

You have the right to:

  • Access your account and resident data at any time
  • Export your data in standard formats
  • Correct inaccurate information
  • Delete data (subject to legal retention requirements)
  • Receive a copy of our Business Associate Agreement

Residents

Residents whose data is stored in Solima should contact their facility operator directly to:

  • Access their records
  • Request corrections
  • Obtain copies of their information
  • Request restrictions on certain uses
  • Receive an accounting of disclosures

Facility operators are responsible for responding to resident requests. We will assist operators in fulfilling these requests.

9. State Privacy Rights

Depending on your state of residence, you may have additional privacy rights:

California Residents (CCPA/CPRA)

California residents have the right to:

  • Know what personal information is collected and how it's used
  • Delete personal information (with exceptions)
  • Correct inaccurate personal information
  • Opt-out of the sale or sharing of personal information (we do not sell personal information)
  • Limit use of sensitive personal information
  • Non-discrimination for exercising these rights

To exercise these rights, contact us at support@solima.app.

Other States

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and other states with comprehensive privacy laws have similar rights. Contact us to exercise your rights under applicable state law.

10. Children's Privacy

Solima is designed for adult sober living facilities. We do not knowingly collect information from individuals under 18 years of age. If a facility serves minors, the operator is responsible for obtaining appropriate parental/guardian consent.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated policy with a new "Last updated" date. Your continued use of Solima after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, contact us at:

Trust Recovery Apps, LLC
Email: support@solima.app
Website: trustrecoveryapps.com

For questions specifically about 42 CFR Part 2 or HIPAA compliance, please include "Privacy Compliance" in your subject line.