Privacy Policy

Introduction

Simplita AI Technologies Private Limited ("we," "us," "our," or "Company") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect your information when you access or use the Simplita.ai platform, website (https://simplita.ai), applications, and related services (collectively, the "Service").

This Privacy Policy applies to all users of the Service, including visitors, registered users, and customers. By using the Service, you consent to the data practices described in this policy.

1. Information We Collect

We collect various types of information to provide, maintain, and improve the Service. The categories of information we collect include:

1.1 Information You Provide Directly

Account Information:

• Full name
• Email address
• Username
• Password (encrypted)
• Company name and role
• Phone number (if provided)
• Billing address
• Payment information (processed through third-party payment processors)

User Content:

• Applications, websites, and automations you create
• Code, data, and files you upload or generate
• Prompts and instructions you provide to AI features
• Database content and configurations
• Community posts and shared content
• Communications with our support team

Profile Information:

• Bio and profile description
• Profile photo or avatar
• Social media links
• Professional information and credentials

Event and Communication Data:

• Registration information for events, webinars, or workshops
• Feedback, survey responses, and testimonials
• Email newsletter subscriptions and preferences

1.2 Information Collected Automatically

Usage and Technical Information:

• IP address and approximate geographic location
• Device type, operating system, and browser information
• Device identifiers and mobile network information
• Pages visited, features used, and time spent on the Service
• Clickstream data and navigation patterns
• Referral source and exit pages
• Search queries and interactions with AI features

Performance and Diagnostic Data:

• Error logs and crash reports
• System performance metrics
• API calls and response times
• Feature usage statistics
• Application performance data

Cookies and Similar Technologies:

• Session cookies for authentication
• Preference cookies for settings and language
• Analytics cookies for usage tracking
• Marketing cookies for advertising (with consent)

1.3 Information from Third-Party Sources

We may receive information about you from third-party sources, including:

• Authentication services (Google, GitHub, LinkedIn)
• Payment processors (Stripe, Paddle, PayPal)
• Analytics providers (Google Analytics, PostHog)
• Marketing platforms
• Public databases and professional networks
• Partners and affiliates

1.4 Sensitive Personal Information

Under certain regulations, some information is considered "sensitive." We may collect:

• Payment card information (processed by third-party processors; we do not store complete card details)
• Government-issued identification (for identity verification in specific circumstances)
• Precise geolocation data (only if you enable location services)

We collect sensitive information only when necessary and with appropriate safeguards.

2. How We Use Your Information

We use collected information for the following purposes:

2.1 Provide and Maintain the Service

• Create and manage your Account
• Process authentication and authorization
• Provide core Service functionality and features
• Generate AI-powered content and code based on your inputs
• Store and manage your applications, data, and content
• Process deployments and execute automations
• Facilitate community sharing and collaboration
• Enable code export and download features

2.2 Process Payments and Transactions

• Process subscription payments and billing
• Manage invoices and payment records
• Verify payment information
• Prevent fraud and unauthorized transactions
• Process refunds when applicable

2.3 Communicate with You

• Send transactional emails (account confirmations, password resets, billing notifications)
• Provide customer support and respond to inquiries
• Send Service announcements and updates
• Deliver newsletters and marketing communications (with consent)
• Notify you of changes to Terms of Service or Privacy Policy
• Request feedback and conduct surveys

2.4 Improve and Develop the Service

• Analyze usage patterns and user behaviour
• Identify trends and usage statistics
• Develop new features and functionality
• Optimize Service performance and reliability
• Conduct research and development
• Test new features and improvements
• Improve AI models and algorithms (using aggregated, anonymized data only)

2.5 Ensure Security and Prevent Abuse

• Detect, prevent, and respond to security incidents
• Identify and prevent fraudulent activity
• Monitor for violations of Terms of Service
• Protect against unauthorized access and misuse
• Conduct security audits and vulnerability assessments
• Enforce our policies and legal rights

2.6 Comply with Legal Obligations

• Respond to legal requests and court orders
• Comply with applicable laws and regulations
• Establish, exercise, or defend legal claims
• Cooperate with law enforcement authorities
• Fulfill tax and accounting requirements

2.7 Marketing and Advertising

• Send promotional communications about new features (with consent)
• Display targeted advertisements
• Measure advertising effectiveness
• Conduct marketing campaigns and promotions
• Analyze marketing performance

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data based on the following legal grounds:

• Consent: When you have given explicit consent for specific processing activities (e.g., marketing communications, optional analytics).
• Contractual Necessity: To perform our contract with you (i.e., to provide the Service pursuant to our Terms of Service).
• Legitimate Interests: For our legitimate business interests that are not overridden by your privacy rights, including:
  • Improving and developing the Service
  • Ensuring security and preventing fraud
  • Marketing our services to existing customers
  • Analyzing Service usage
• Legal Obligation: To comply with applicable laws, regulations, court orders, or legal processes.

4. How We Share Your Information

We share your information only in the following circumstances:

4.1 Service Providers and Processors

We engage third-party service providers to perform functions on our behalf, including:

Infrastructure and Hosting:

• Cloud hosting providers (AWS, Google Cloud, Azure)
• Content delivery networks (CDN)
• Database services

Payment Processing:

• Payment processors (Stripe, Paddle, PayPal)
• Billing and invoicing services
• Fraud detection services

Communication Services:

• Email service providers (SendGrid, Mailchimp)
• Customer support platforms
• SMS and notification services

Analytics and Marketing:

• Analytics providers (Google Analytics, PostHog)
• Marketing automation platforms
• Advertising networks

Security and Monitoring:

• Security services and threat detection
• Performance monitoring tools
• Error tracking services

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Community Sharing

When you choose to share applications, templates, or content through the Service's community features, that content becomes accessible to other users according to the sharing permissions you set.

4.3 Business Transfers

If we are involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.4 Legal Requirements and Protection

We may disclose your information:

• To comply with applicable laws, regulations, or legal processes
• To respond to lawful requests from government authorities
• To enforce our Terms of Service and other agreements
• To protect our rights, property, or safety
• To protect the rights, property, or safety of users or the public
• To detect, prevent, or address fraud or security issues

4.5 With Your Consent

We may share your information with third parties when you provide explicit consent for such sharing.

4.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for research, analytics, marketing, or other purposes.

5. Data Retention

We retain your information for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

5.1 Retention Periods

• Account Information: Retained while your Account is active and for a reasonable period after Account closure (typically 90 days) to allow for Account reactivation.
• User Content: Retained while your Account is active. Upon Account deletion, User Content is deleted within 30 days, except for Content you have shared publicly or as required for legal compliance.
• Payment Information: Retained for the duration required by tax laws and financial regulations (typically 7 years).
• Usage and Analytics Data: Retained for up to 2 years, after which it is aggregated or deleted.
• Communications: Support communications retained for 3 years; marketing communications retained until you unsubscribe.
• Legal and Compliance Data: Retained as required by applicable laws or regulations.

5.2 Deletion and Anonymization

After retention periods expire, we securely delete or anonymize your information. Anonymized data may be retained indefinitely for analytics and research purposes.

5.3 Backup Data

Your information may persist in backup systems for up to 90 days after deletion before being permanently removed from backups.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information.

6.1 Rights Under GDPR (EEA, UK, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request correction of inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): You may request deletion of your personal data in certain circumstances.
• Right to Restriction of Processing: You may request that we limit how we process your personal data.
• Right to Data Portability: You may request a copy of your personal data in a machine-readable format.
• Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.
• Right to Lodge a Complaint: You may lodge a complaint with your local data protection authority.

6.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights:

• Right to Know: You may request information about the categories and specific pieces of personal information we have collected, the sources of that information, the purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: You have the right to opt out of the "sale" of your personal information. We do not sell personal information in the traditional sense, but sharing data with advertising partners may constitute a "sale" under CCPA.
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Personal Information: You may limit our use of sensitive personal information.

6.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at hello@simplita.ai with the subject line "Privacy Rights Request." We will respond within the timeframe required by applicable law (typically 30 days for GDPR, 45 days for CCPA).

We may need to verify your identity before processing your request. We may require additional information to confirm your identity and ensure we are providing information to the correct person.

6.4 Account Settings and Preferences

You can manage certain aspects of your information through your Account settings:

• Update your profile information
• Change email preferences
• Manage notification settings
• Control community sharing settings
• Delete User Content
• Export your data
• Delete your Account

6.5 Marketing Communications

Opt-Out: You may opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by updating your email preferences in your Account settings.

Do Not Sell My Personal Information: To opt out of data sharing that may constitute a "sale" under CCPA, please contact hello@simplita.ai.

7. Cookies and Tracking Technologies

7.1 What Are Cookies

Cookies are small text files stored on your device when you visit a website. We use cookies and similar technologies (web beacons, pixels, local storage) to provide, improve, and protect the Service.

7.2 Types of Cookies We Use

• Essential Cookies: Necessary for the Service to function properly. These cannot be disabled without affecting Service functionality (authentication, security, session management, load balancing).
• Preference Cookies: Remember your settings and preferences (language preferences, display settings, user interface customizations).
• Analytics Cookies: Help us understand how users interact with the Service (usage statistics, feature adoption metrics, performance monitoring).
• Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness (interest-based advertising, conversion tracking, retargeting).

7.3 Third-Party Cookies

Third-party service providers may set cookies when you use the Service. These include:

• Google Analytics
• PostHog
• Advertising networks
• Social media platforms

7.4 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to view and delete cookies, block third-party cookies, block all cookies, or receive notifications when cookies are set.

Note that disabling cookies may affect Service functionality.

7.5 Do Not Track

Some browsers support "Do Not Track" (DNT) signals. We do not currently respond to DNT signals, but you can control tracking through cookie preferences and opt-out mechanisms.

7.6 Global Privacy Control (GPC)

We recognize and respect Global Privacy Control (GPC) signals as an opt-out of the "sale" or "sharing" of personal information under applicable privacy laws.

8. International Data Transfers

Simplita AI Technologies Private Limited is based in India. If you access the Service from outside India, your information may be transferred to, stored in, and processed in India and other countries where our service providers operate.

8.1 Adequacy and Safeguards

When we transfer personal data internationally, we implement appropriate safeguards, including:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with service providers
• Adequacy decisions recognized by applicable authorities
• Other legally recognized transfer mechanisms

8.2 EEA, UK, and Swiss Data Transfers

For transfers of personal data from the EEA, UK, or Switzerland to countries without adequate data protection, we rely on Standard Contractual Clauses or other approved transfer mechanisms.

9. Data Security

9.1 Security Measures

We implement reasonable technical and organizational measures to protect your information from unauthorized access, disclosure, alteration, and destruction, including:

Technical Measures:

• Encryption in transit (TLS/SSL) and at rest
• Secure authentication mechanisms
• Access controls and authorization
• Regular security audits and penetration testing
• Intrusion detection and prevention systems
• Secure data centres and infrastructure

Organizational Measures:

• Employee training on data security and privacy
• Confidentiality agreements with employees and contractors
• Access restriction on a need-to-know basis
• Incident response procedures
• Vendor security assessments
• Regular policy reviews and updates

9.2 Your Security Responsibilities

You are responsible for:

• Maintaining the confidentiality of your Account credentials
• Using strong, unique passwords
• Enabling two-factor authentication if available
• Reporting suspected security breaches
• Securing your own devices and networks

9.3 Limitations

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You acknowledge and accept this risk when using the Service.

9.4 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and applicable authorities as required by law, typically within 72 hours of becoming aware of the breach.

10. Third-Party Links and Services

The Service may contain links to third-party websites, applications, or services not operated by us. This Privacy Policy does not apply to third-party services. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access.

11. Changes to This Privacy Policy

11.1 Right to Modify

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons.

11.2 Notice of Changes

We will notify you of material changes by:

• Posting the updated Privacy Policy on the Service with a new "Last Updated" date
• Sending email notification to your registered email address
• Displaying a prominent notice on the Service

11.3 Effective Date

Changes become effective on the date specified in the updated Privacy Policy. Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

11.4 Review Obligation

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Additional Disclosures for Specific Jurisdictions

12.1 Categories of Personal Information Collected (Last 12 Months):

• Identifiers (name, email, IP address)
• Commercial information (purchase history, billing information)
• Internet or network activity (browsing history, usage data)
• Geolocation data (approximate location based on IP address)
• Professional or employment information (company name, role)
• Inferences drawn from personal information (user preferences, behavior patterns)

Sources of Personal Information:

• Directly from you
• Automatically through your use of the Service
• From third-party service providers

Business or Commercial Purposes:

As described in Section 2 (How We Use Your Information)

Categories of Third Parties with Whom We Share:

• Service providers and processors
• Payment processors
• Analytics providers
• Marketing platforms
• Legal authorities (when required)

Sale or Sharing of Personal Information:

We do not sell personal information in exchange for monetary consideration. We may share information with advertising partners in ways that may constitute a "sale" or "sharing" under CCPA. You may opt out by contacting hello@simplita.ai.

Retention:

As described in Section 5 (Data Retention)

Authorized Agent:

You may designate an authorized agent to submit requests on your behalf. We may require proof of authorization.

12.2 European Economic Area, UK, and Switzerland (GDPR)

• Data Controller: Simplita AI Technologies Private Limited is the data controller for your personal information.
• Legal Basis: As described in Section 3 (Legal Basis for Processing)
• Data Protection Officer: For data protection inquiries, contact: hello@simplita.ai
• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.
• International Transfers: As described in Section 8 (International Data Transfers)

12.3 India (DPDP Act)

For users in India, we comply with the Digital Personal Data Protection Act, 2023 (DPDP Act). You have rights including:

• Right to access your personal data
• Right to correction and erasure
• Right to grievance redressal
• Right to nominate another individual

To exercise your rights under the DPDP Act, contact hello@simplita.ai.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

• Email: hello@simplita.ai
• Phone: +91 89258 91857
• Mailing Address:

Data Protection Inquiries: For specific data protection or privacy concerns, contact: hello@simplita.ai

Registered Office: 268 7th Cross, Anugraha Satellite Township, Mathalapattu, Cuddalore, Tamil Nadu, India 605007

We will respond to your inquiry within 30 days or as required by applicable law.