The PDF that travels further than you think
A sales rep receives a document with client data through a messaging app. A quote, a contract, a medical report. They open it, forward it to a colleague, maybe save it on their phone. Nobody thinks twice about it. It's just how things work.
But that document just travelled to a server in the United States. It's been stored in a cloud you don't control. It passed through systems that can index its content. And the European General Data Protection Regulation has something to say about that.
What the regulation says
The GDPR requires that personal data of European citizens be adequately protected. If that data leaves the European Economic Area, the responsible company must ensure the recipient offers an equivalent level of protection. In practice, this means sending client data through messaging services whose servers are outside Europe can be a violation. Even if nobody has told you yet.
And we're not just talking about message content. Metadata — who sends what to whom, when, how often — is also personal data under the regulation. A service that collects metadata from your professional communications is processing your clients' personal data without them knowing.
Compliance by design
In Solo2, documents travel directly from the sender's device to the recipient's. They don't pass through any server. They're not stored in any cloud. They don't leave each person's device. Regulatory compliance doesn't depend on configurations, internal policies or good intentions. It's a direct consequence of how the system is built.
Our server is in Germany, within the European Economic Area. But that barely matters, because the server doesn't take part in the conversation. It doesn't touch the data. It doesn't see it. It doesn't store it. It only helps the two devices find each other.
Who this matters for
Any professional or company that handles sensitive information from third parties. Lawyers talking to their clients. Doctors sharing reports. Tax advisors sending documentation. Sales reps receiving contact details. HR teams managing employees' personal information.
All of them handle data protected by the GDPR. All of them, in most cases, send it through messaging services whose servers are beyond their control. Not out of bad faith, but because it's convenient and because nobody has shown them the alternative.
The alternative exists
Solo2 isn't a compliance tool. It's a private chat. But because of its architecture — direct messages between devices, no middleman server, no metadata, no cloud — it turns out to be naturally GDPR-compliant. No extra audits. No standard contractual clauses. No wondering where the provider's servers are.
Because the data isn't on any provider's server. It's on each person's device. Exactly where it should be.
Solo2 is direct communication between two people. Data travels from one device to another with no middlemen. No external servers. No international transfers. Compliance by design.