Privacy Policy
How we handle your data. Short version: we collect as little as possible.
Last updated: 17 April 2026
1. Introduction
This Privacy Policy describes how SimpliSoft B.V. ("SimpliSoft", "we", "us" or "our") processes personal data of visitors to its website and of individuals who contact us through it. We process personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") and Directive 2002/58/EC (ePrivacy Directive), as implemented in the Member States of the European Union.
2. Controller and contact details
The controller responsible for the processing of personal data described in this Privacy Policy is:
SimpliSoft B.V.
Tokyostraat 19 M, Lijnden, The Netherlands
Chamber of Commerce number: 96268735
Email: info@simplisoft.app
SimpliSoft has not appointed a Data Protection Officer, as it is not required to do so under Article 37 GDPR. For any question regarding this Privacy Policy or the exercise of your rights, please contact us at the email address above.
3. Scope
This Privacy Policy applies to the processing of personal data collected through the website available at https://www.simplisoft.app (including any related subdomains). It does not apply to the processing of personal data carried out by SimpliSoft in the context of its software products and services, which is governed by separate contractual arrangements with the relevant customer.
4. Categories of personal data
Depending on your interaction with the website, SimpliSoft processes the following categories of personal data:
- Contact form data: first name, last name, email address, company name, team size, area of interest and free-text message;
- Technical data: IP address, user agent, timestamp and request URL, recorded in standard server and function logs;
- Preference data: your display preference (light or dark mode), stored locally in your browser;
- Aggregated analytics data: aggregated, non-identifying information about use of the website, including page views, referrers, country (derived from the IP address on the server side and not retained) and device type.
SimpliSoft does not process special categories of personal data within the meaning of Article 9 GDPR, and does not knowingly process personal data of children within the meaning of Article 8 GDPR.
5. Purposes of processing and legal bases
Personal data is processed solely for the purposes and on the legal bases set out below:
| Purpose | Legal basis (GDPR) |
|---|---|
| Responding to enquiries submitted via the contact form and taking steps prior to entering into a contract | Article 6(1)(b) GDPR |
| Sending a confirmation email following a contact form submission | Article 6(1)(f) GDPR (legitimate interest in reliable communication) |
| Operating, securing and maintaining the website, including the recording of server logs | Article 6(1)(f) GDPR (legitimate interest in the integrity and security of the website) |
| Storing strictly necessary preference information in the browser | Article 5(3) ePrivacy Directive (strictly necessary exemption); Article 6(1)(f) GDPR |
| Measuring use of the website through privacy-preserving, aggregated analytics | Article 6(1)(f) GDPR (legitimate interest in understanding and improving the website) |
| Complying with legal obligations to which SimpliSoft is subject | Article 6(1)(c) GDPR |
6. Cookies and similar technologies
6.1 HTTP cookies
As at the date of this Privacy Policy, the website does not place any HTTP cookies on your device. SimpliSoft will update this Privacy Policy if that changes.
6.2 Browser storage (localStorage)
The website uses the following items in browser localStorage, each of which qualifies as strictly necessary under Article 5(3) of the ePrivacy Directive and therefore does not require prior consent:
| Identifier | Purpose | Category | Retention |
|---|---|---|---|
simplisoft-cookies | Records whether the visitor has acknowledged or dismissed the website's information notice | Strictly necessary | Retained until cleared by the visitor |
You may remove these items at any time through your browser settings.
6.3 Analytics without device storage
SimpliSoft uses a privacy-preserving analytics service, established within the European Union, to obtain aggregated and non-identifying insight into the use of its website. According to the information provided by that service provider, the service does not place cookies or any other identifiers on your device, does not retain IP addresses and does not perform cross-site or device fingerprinting. On that basis, no information is stored on or read from your terminal equipment, Article 5(3) of the ePrivacy Directive does not apply, and no prior consent is required. This processing is carried out on the basis of Article 6(1)(f) GDPR.
6.4 Technologies not used
As at the date of this Privacy Policy, the website does not use tracking pixels, tag managers, chat widgets, advertising technologies or external font services, and all fonts are served locally. SimpliSoft will update this Privacy Policy if any such technology is introduced.
7. Contact form
Information submitted through the contact form is transmitted to SimpliSoft's server and forwarded as an email to the address info@simplisoft.app. The submitting individual receives a confirmation email. As at the date of this Privacy Policy, submitted data is not stored in a separate database maintained by SimpliSoft; subsequent retention occurs within SimpliSoft's corporate mailbox and, where applicable, in replies exchanged with the submitting individual.
The provision of personal data through the contact form is neither a statutory nor a contractual requirement. You are not obliged to provide your personal data, but without the information requested in the form SimpliSoft will not be able to respond to your enquiry.
8. Server-side logging
Standard server logs and function logs are generated in the course of operating the website. These logs may contain the IP address, user agent, timestamp, request URL and, where applicable, the visitor's acknowledgement of the website's information notice. According to the information provided by the hosting provider, such logs are automatically deleted after a short retention window determined by the applicable service plan. SimpliSoft does not currently export or otherwise separately retain these logs.
9. Retention periods
Personal data is retained no longer than is necessary for the purposes for which it is processed, unless a longer retention period is required or permitted by law.
| Category | Retention |
|---|---|
| Contact form submissions (as received in the corporate mailbox) | Retained in accordance with SimpliSoft's mailbox management practices; not stored in a separate database |
| Confirmation emails sent to the visitor | Not controlled by SimpliSoft after transmission; retention governed by the recipient's mail environment |
| Browser preferences (information notice acknowledgement, display mode) | Stored locally in the visitor's browser until cleared by the visitor |
| Aggregated analytics data | Retained by the analytics provider for as long as SimpliSoft's account remains active; data is not attributable to individual visitors |
| Server logs and function logs | Automatically deleted by the hosting provider within the retention window set by that provider for the applicable service plan |
| Transactional data processed by the email-delivery provider | Retained by that provider for the period set out in its then-current data processing terms (at the date of this Privacy Policy, up to 30 days, for deliverability purposes) |
10. Recipients of personal data
SimpliSoft shares personal data only where necessary for the purposes set out in Section 5 and in accordance with applicable law. Personal data may be disclosed to the following categories of recipients:
- Providers of website hosting and serverless infrastructure;
- Providers of transactional email delivery services;
- Providers of business email and productivity services;
- Providers of privacy-preserving web analytics;
- Professional advisers (including legal and financial advisers), where necessary;
- Competent public authorities, where disclosure is required by law.
Each recipient acting as a processor on behalf of SimpliSoft is bound by a data processing agreement that meets the requirements of Article 28 GDPR. The following sub-processors are currently engaged by SimpliSoft:
| Sub-processor | Purpose | Location | Data Processing Addendum |
|---|---|---|---|
| Vercel Inc. | Website hosting and serverless functions | United States | vercel.com/legal/dpa |
| Resend (Plus Five Five, Inc.) | Transactional email delivery | United States | resend.com/legal/dpa |
| Google LLC (Google Workspace) | Business email and productivity | European Union / United States | cloud.google.com/terms/dpa |
| Umami Software, Inc. (Umami Cloud) | Privacy-preserving website analytics | European Union | umami.is/umami-dpa.pdf |
The list above is accurate as at the date set out at the top of this Privacy Policy. SimpliSoft will update this Privacy Policy whenever it engages a new sub-processor or replaces an existing one.
11. International transfers
Certain processors engaged by SimpliSoft are established outside the European Economic Area, in particular in the United States. Where personal data is transferred to a third country or an international organisation, SimpliSoft relies on appropriate safeguards within the meaning of Article 46 GDPR, in particular the Standard Contractual Clauses adopted by the European Commission in Implementing Decision (EU) 2021/914, supplemented where necessary by additional technical and organisational measures. Where the relevant processor is certified under the EU-US Data Privacy Framework, SimpliSoft may additionally rely on the Commission's adequacy decision of 10 July 2023.
Further information on the safeguards applicable to a specific transfer is available upon request via info@simplisoft.app.
12. Security
SimpliSoft implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR. These measures include, without limitation, transport-layer encryption (HTTPS), access controls on systems processing personal data, and the selection of service providers that offer adequate security guarantees.
13. Automated decision-making
SimpliSoft does not carry out automated decision-making, including profiling, within the meaning of Article 22 GDPR, in the context of its website.
14. Rights of data subjects
Subject to the conditions set out in the GDPR, data subjects have the following rights:
- The right of access (Article 15 GDPR);
- The right to rectification (Article 16 GDPR);
- The right to erasure (Article 17 GDPR);
- The right to restriction of processing (Article 18 GDPR);
- The right to data portability (Article 20 GDPR);
- The right to object to processing carried out on the basis of Article 6(1)(f) GDPR (Article 21 GDPR);
- The right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal (Article 7(3) GDPR).
Requests to exercise these rights may be submitted to info@simplisoft.app. SimpliSoft will respond without undue delay and in any event within one month of receipt of the request, as provided for in Article 12(3) GDPR. Where necessary, SimpliSoft may request additional information to verify the identity of the data subject.
15. Right to lodge a complaint
Without prejudice to any other administrative or judicial remedy, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement, in accordance with Article 77 GDPR. For SimpliSoft, the lead supervisory authority is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, https://www.autoriteitpersoonsgegevens.nl).
16. Changes to this Privacy Policy
SimpliSoft may amend this Privacy Policy from time to time to reflect changes in its processing activities or in applicable law. The current version is available at https://www.simplisoft.app/privacy and is identified by the date set out at the top of this document. Material changes will be communicated by appropriate means, such as a notice on the website.