Solo2 Pro for accounting firms

Tax, labor, and economic data of your clients without passing through third-party servers. Demonstrable GDPR compliance, not just declared.

Request pilot

What happens today in an accounting firm using WhatsApp with clients

Real cases we see in any firm:

Payslips via WhatsApp

The client sends you the employee's signed payslip for archiving. Employee personal data (ID, salary, withholdings, IBAN) travel through servers in the United States. The AEPD considers this personal data processing subject to GDPR.

Quarterly model with PDF photos

Quarter-end: the client photos invoices and models for your confirmation. Billing figures, margins, suppliers, financial positions — sensitive information for the competition — cross a channel over which you have no technical control.

Employee list with sick leaves

Labor information mixed with health data when there are sick leaves. Art. 9 GDPR data (specially protected) in a WhatsApp group. If leaked, the AEPD sanction falls on the firm as the data controller.

What the law says

As an accounting firm, you are responsible for processing client data and that of the client's employees. The LOPDGDD and GDPR oblige you to guarantee the confidentiality, integrity, and availability of that data through appropriate technical and organizational means.

When data crosses a service whose business model is based on metadata analysis, compliance becomes difficult to demonstrate. The AEPD has sanctioned professional firms for leaks occurring in informal channels, with fines that can reach 4% of annual turnover or 20 million euros — whichever is greater.

The AEPD's criterion is clear: choosing an inappropriate channel for personal data is the professional's responsibility, not the client's.

How Solo2 Pro solves it

Data does not cross our servers

The payslip, the quarterly model, the sick leave list — they travel directly between the client's device and yours. We have no copy, no backup, no technical way to read them. Sub-processors with access to content: none.

Data always in European territory

Initial signaling (the moment of establishing the connection) occurs on European infrastructure (Hetzner, Germany). There are no international transfers subject to standard clauses or the EU-US Framework. By design, there is no passage through jurisdictions outside GDPR.

Labels per client, encrypted vault

Organize your tunnels by client (color-coded local labels: VAT pending, freelancer, limited company, new registration). Labels are yours only, never synced to the client. The local vault is encrypted with the professional's 24 words.

Auditable export for AEAT or requirement

If you need to export conversations with a specific client in a time range (year-end, Tax Agency requirement, disciplinary file), Solo2 Pro generates a file with a technical chain of custody. More robust than a WhatsApp screenshot.

Evidence of due diligence

GDPR compliance is not achieved just with declarations. You must be able to demonstrate the technical and organizational measures adopted. Solo2 Pro gives you:

  • A channel whose architecture technically prevents leakage by the provider.
  • Public verification of the cryptographic primitives used (X3DH, Double Ratchet, the same as Signal).
  • Data processing agreement signed with Menzuri Gestión S.L. (service provider), although the real scope is minimal because we do not process content.
  • Servers in EU territory, without international transfers of content (which doesn't exist in our infrastructure).
  • Pseudonymized identities: we don't even see the client's real name, only a cryptographic identifier.

Frequently asked questions

Do I need to sign a data processing agreement with Menzuri?

Yes, we provide it as part of the onboarding. Its scope is deliberately minimal, as we don't handle client content: we only facilitate initial signaling between devices. Most standard clauses don't apply because we don't manage protected data.

What if the client sends me a payslip via WhatsApp because they don't want to install anything?

You answer on Solo2. Once your client sees you only respond through the secure channel, the flow closes. Solo2 opens as a link in the browser, no App Store, no phone account registration — simpler than registering for almost any service.

Does it also work for communicating with my own team within the firm?

Yes. The firm plan (49 €/month for up to 10 users) covers both client communication and communication between team members. Each professional with their own encrypted identity.

Talk to us

An email to pro@solo2.net telling us the size of your firm and the specific case you're trying to resolve. A team member will always reply to you within one or two business days.

pro@solo2.net
Solo2 Pro