Privacy Policy

SimplerDevelopment provides a multi-tenant platform for agencies and their clients, including a client portal, hosted websites, a CRM, an AI-powered “Company Brain,” marketing and automation tools, and integrations with third-party services. This policy applies to people who create an account, visitors to pages we host, and end users whose information is processed through a customer’s workspace.

Where we process information on behalf of a customer (for example, contacts in their CRM or content in their workspace), that customer is the controller of the data and we act as a processor under their instructions and their own privacy notice.

• Account information — name, email address, password (stored hashed), organization, and role.
• Customer content — data you create or upload, such as CRM records, website content, documents, notes, surveys, media, and the knowledge stored in the Company Brain.
• Billing information — subscription plan and transaction metadata. Payment card details are handled by our payment processor and are not stored on our servers.
• Integration data — information you authorize us to access from connected third-party services (for example, Google Workspace).
• Usage and device data — log data, IP address, browser/device type, and actions taken in the Service, used for security, debugging, and product improvement.
• Cookies — used for authentication, session management, and preferences.

• To provide, maintain, secure, and improve the Service.
• To authenticate users and protect against fraud and abuse.
• To process subscriptions and billing.
• To power features you use, including AI features that operate on your content.
• To communicate with you about your account, support requests, and material changes.
• To comply with legal obligations and enforce our agreements.

We do not sell personal information.

The Service includes AI features that process your content to generate answers, summaries, classifications, embeddings, and similar output. This processing is scoped to your workspace and is not used to train third-party foundation models. AI output may be inaccurate or incomplete and should be reviewed before you rely on it. To deliver these features we send the relevant content to AI model providers acting as our sub-processors (see Section 5).

We rely on trusted third parties to operate the Service. These currently include:

• Payment processing — Stripe.
• AI model providers — including Anthropic, to power AI features.
• Productivity integrations — Google Workspace (Gmail, Calendar, Drive), when you connect them.
• Hosting and infrastructure — our cloud hosting and database providers.

Each sub-processor receives only the information needed to perform its function and is bound by contractual confidentiality and security obligations.

You may connect third-party applications and AI clients to your workspace through our API and connectors using OAuth. When you authorize a connection, you grant that application access to the specific scopes you approve on the consent screen. Access tokens are short-lived and refreshed automatically; we store only a hashed form of each token.

You are responsible for the applications you connect and the access you grant. You can review and revoke connected applications and active tokens at any time from your account settings, which immediately ends their access.

We disclose information only as described here:

• With sub-processors that help us operate the Service (Section 5).
• With applications you explicitly connect or authorize (Section 6).
• Within your organization’s workspace, according to the roles and permissions you set.
• When required by law, legal process, or to protect rights, safety, and security.
• In connection with a merger, acquisition, or sale of assets, subject to this policy.

We retain information for as long as your account is active or as needed to provide the Service, then delete or anonymize it within a reasonable period, except where longer retention is required for legal, accounting, security, or dispute-resolution purposes. Customers may request deletion of workspace data as described below.

We use administrative, technical, and organizational safeguards designed to protect information, including encryption in transit, hashing of credentials and tokens, tenant isolation, scoped access controls, and access logging. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Depending on your location, you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing. You can exercise many of these directly in the Service, or contact us at the address below. If your information is processed on behalf of a customer, please direct your request to that customer; we will support them in responding.

We may process and store information in countries other than where you live. Where required, we use appropriate safeguards for cross-border transfers of personal information.

The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.

We may update this policy from time to time. We will revise the “Last updated” date above and, for material changes, provide additional notice. Your continued use of the Service after changes take effect constitutes acceptance.

SimplerDevelopment — [Legal entity name], [Mailing address]. Email info@simplerdevelopment.com.