SoulTrade Software produces CrystalSolutions, PraxisClinic and SoleTrader — holistic practice management and business software for self-employed practitioners and sole traders in the UK. Our contact address is jol@soul-trade.com.
CrystalSolutions, PraxisClinic and SoleTrader are installed and run on the customer’s own server, local network or hosting account. We do not host, store or have access to any customer data, patient records or financial information. All data entered into the software remains entirely on the customer’s own infrastructure.
All three applications include optional AES-256-CBC field-level encryption for sensitive patient and client records. When enabled via Setup → Security, the following fields are stored as encrypted ciphertext in the database:
config.php file on the server, never in the database itself.
Field-level encryption is optional but strongly recommended for any installation accessible over the internet — including shared hosting and VPS deployments. It supports compliance with UK GDPR Article 32, which requires appropriate technical measures to ensure a level of security appropriate to the risk.
Encryption can be enabled or disabled at any time from Setup → Security. All existing records are encrypted or decrypted in a single operation.
The optional MTD (Making Tax Digital) module (optional add-on, pending HMRC approval) allows customers to connect their software directly to HMRC and submit quarterly income tax figures. This involves:
HMRC legally requires software providers to submit fraud prevention data with every API request. When a customer uses the MTD module to connect to HMRC, the following technical data is automatically included in the request headers sent to HMRC:
This data is sent directly to HMRC and is not seen or stored by SoulTrade Software. HMRC uses this data to support prosecutions for tax and duty fraud. For more information see HMRC’s fraud prevention guidance.
Because we do not host or process customer data, SoulTrade Software is not a data processor for customer patient or financial records. Customers are the data controllers for the data held in their own installations and are responsible for their own UK GDPR compliance. Our software includes tools to support this — including data export, deletion, access controls, and optional field-level encryption as described above.
If you become aware of a security issue affecting CrystalSolutions, PraxisClinic or SoleTrader — including anything that could compromise the confidentiality of your data or your connection to HMRC — please report it to us straight away using the contact details below.
Where a reported or discovered issue could affect the security of HMRC-connected data across installations — for example, a vulnerability in the MTD module’s token handling, or a compromise of our own infrastructure or Developer Hub credentials — SoulTrade Software will:
When customers purchase or register software, we collect only the information needed to provide the licence — typically a name and email address. This is used only for support and licence management and is never shared with third parties.
Lawful basis: we process this information under the contract lawful basis (UK GDPR Article 6(1)(b)) — it is necessary to provide the software licence you have purchased or registered for. Where we contact you about support or updates to a product you use, we rely on legitimate interests (Article 6(1)(f)) to do so.
SoulTrade Software is the data controller for this licensing and contact information, and we are responsible for keeping it secure and using it only for the purposes described here. This is separate from the patient, client and financial data you enter into the software itself, for which you remain the data controller as described above.
Our software uses a single session cookie to maintain login state. No tracking or analytics cookies are used.
For any privacy queries, to request deletion of your personal data, or to report a security concern, please contact us at jol@soul-trade.com or via the contact form at soul-trade.com.