SoulTrade Software produces CrystalSolutions, PraxisClinic and SoleTrader — holistic practice management and business software for self-employed practitioners and sole traders in the UK. Our contact address is jol@soul-trade.com.
CrystalSolutions, PraxisClinic and SoleTrader are installed and run on the customer’s own server, local network or hosting account. We do not host, store or have access to any customer data, patient records or financial information. All data entered into the software remains entirely on the customer’s own infrastructure.
All three applications include optional AES-256-CBC field-level encryption for sensitive patient and client records. When enabled via Setup → Security, the following fields are stored as encrypted ciphertext in the database:
config.php file on the server, never in the database itself.
Field-level encryption is optional but strongly recommended for any installation accessible over the internet — including shared hosting and VPS deployments. It supports compliance with UK GDPR Article 32, which requires appropriate technical measures to ensure a level of security appropriate to the risk.
Encryption can be enabled or disabled at any time from Setup → Security. All existing records are encrypted or decrypted in a single operation.
The optional MTD (Making Tax Digital) module allows customers to connect their software directly to HMRC and submit quarterly income tax figures. This involves:
HMRC legally requires software providers to submit fraud prevention data with every API request. When a customer uses the MTD module to connect to HMRC, the following technical data is automatically included in the request headers sent to HMRC:
This data is sent directly to HMRC and is not seen or stored by SoulTrade Software. HMRC uses this data to support prosecutions for tax and duty fraud. For more information see HMRC’s fraud prevention guidance.
Because we do not host or process customer data, SoulTrade Software is not a data processor for customer patient or financial records. Customers are the data controllers for the data held in their own installations and are responsible for their own UK GDPR compliance. Our software includes tools to support this — including data export, deletion, access controls, and optional field-level encryption as described above.
When customers purchase or register software, we collect only the information needed to provide the licence — typically a name and email address. This is used only for support and licence management and is never shared with third parties.
Our software uses a single session cookie to maintain login state. No tracking or analytics cookies are used.
For any privacy queries, to request deletion of your personal data, or to report a security concern, please contact us at jol@soul-trade.com or via the contact form at soul-trade.com.