Privacy Policy

Effective date: 1st June 2025

1. Introduction

SimpleT d.o.o. (“SimpleT,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring that your personal data is handled in a safe, transparent, and legally compliant manner. This Privacy Policy explains how we collect, use, disclose, and protect your information when you interact with our Platform—whether through our website, application interfaces, API endpoints, or as a user of our AI-enhanced Salesforce tools and services.

This policy applies to:

• Visitors to our website;
• Registered users of our Free Tier or paid subscriptions;
• Enterprise customers under custom agreements (to the extent applicable);
• Individuals interacting with our support or integration services.

By accessing or using the Platform, you acknowledge and agree to the practices described herein. If you do not agree with this policy, please discontinue use of our services.

2. Who We Are

Data Controller:

For the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable U.S. privacy laws including the California Consumer Privacy Act (as amended by the CPRA), SimpleT acts as the data controller with respect to the personal information collected and processed via our Platform.

3. Scope of This Policy

This Privacy Policy governs the collection and use of personal data by SimpleT in the context of:

• Interactions with our website and application;
• Accessing and using our AI-powered Salesforce enhancement tools;
• Subscription billing, support, and account administration;
• Integration with third-party services (e.g., Salesforce, Stripe).

This Policy does not apply to:

• Data submitted by our clients to third-party platforms (e.g., Salesforce);
• Aggregated or anonymized data that does not identify any individual;
• Employee data, which is governed by a separate internal privacy framework.

Where our clients process Salesforce data through our tools, they remain data controllers of that data. We act as processors and handle such data solely on their instructions.

4. Legal Basis for Processing

We process your personal data only when permitted under applicable data protection laws. Depending on the context, this may include:

• Contractual Necessity (GDPR Art. 6(1)(b)) – To provide access to our Platform and services.
• Legitimate Interests (GDPR Art. 6(1)(f)) – To improve our platform, ensure security, or contact users with critical updates.
• Consent (GDPR Art. 6(1)(a)) – For analytics, optional cookies, and communication preferences where required.
• Legal Obligations (GDPR Art. 6(1)(c)) – To comply with tax, anti-fraud, or regulatory mandates.
• CCPA/CPRA Compliance – We disclose your rights as a California resident separately under Section 13.

You may withdraw your consent at any time for non-essential processing (e.g., cookies, optional analytics) without affecting the lawfulness of prior processing.

5. What Data We Collect

We collect both personal and non-personal data, as outlined below.

A. Personal Data (Directly Provided)

• Name (first and last)
• Email address (mandatory)
• Company name / job title
• Billing data (processed securely via Stripe)
• Support communications (e.g., email or tickets)

B. Automatically Collected Data

• Login timestamps and access logs
• IP address, browser type, and device identifiers
• Usage metrics (e.g., frequency, volume, token usage)
• Language preferences, region

C. Platform Interaction Data

• Salesforce metadata and configuration inputs (non-personal)
• User prompts and outputs from AI tools (session-based)
• Workspace, project names (if used)

We do not collect or request any sensitive personal data (as defined under GDPR Article 9).

6. How We Collect Data

We collect information through the following channels:

• Registration & Account Setup – When users create or manage their account;
• Platform Usage – Automatically via logs, cookies, or API calls;
• Salesforce Integrations – Through metadata connectors;
• Billing and Invoicing – Via Stripe’s secure checkout forms;
• Support Communications – Via email, contact forms, or support tickets;
• Cookies and Analytics – As detailed in our Cookie Policy.

We may also collect non-identifiable data from aggregate usage for service improvement and debugging.

7. How We Use Your Data

We process your data for specific, legitimate, and limited purposes:

• Account Creation and Management – To create, authenticate, and administer user profiles;
• Service Delivery – To operate, personalize, and improve our AI-powered Salesforce tools;
• Subscription Billing – For invoicing, payment confirmation, and license validation;
• Usage Analytics – To understand how features are used, identify errors, and optimize performance;
• Security & Abuse Prevention – To detect unauthorized access or platform misuse;
• Compliance & Legal Obligations – To meet regulatory requirements (e.g., tax, GDPR);
• Communications – To send operational or support messages, including security updates;
• Service Customization (Enterprise only) – Tailoring of APIs or functionality under custom contracts.

We do not use personal data for advertising, profiling, or resale. AI-related data is used only to fulfill immediate user requests and is not reused, trained, or shared outside of your session.

8. Use of Artificial Intelligence (AI) Tools

SimpleT offers AI-enhanced features such as metadata translation, prompt builders, and configuration assistants. These services are powered by integrated third-party AI engines (e.g., OpenAI, DeepSeek, Anthropic, Google AI), and rely on automated processing to generate responses based on your inputs. Please note:

• We do not retain your session content unless explicitly saved by you or authorized under Enterprise plans;
• AI outputs are informational only and not reviewed or verified by SimpleT for accuracy, legality, or fitness for purpose.

You are solely responsible for reviewing, validating, and relying upon AI-generated content within your Salesforce environment or business processes. Use of our AI services is strictly at your own discretion and risk.

9. Cookies and Tracking Technologies

We use cookies and similar tracking tools to ensure platform functionality and to enhance user experience. These are categorized as follows:

A. Essential Cookies

Required for core functionality, such as session management, authentication, and security enforcement.

B. Performance & Analytics Cookies

Used to measure usage trends, troubleshoot issues, and optimize features. These may be provided via Google Analytics, Sentry, or Firebase.

C. Consent and Control

On your first visit, you will be presented with a cookie banner where you can accept or reject non-essential cookies. Your preferences may be updated at any time via browser settings or through our cookie management tool.

For more details, please refer to our Cookie Policy.

10. Subprocessors and Service Providers

To deliver and support our Services, we engage vetted third-party service providers (“Subprocessors”). These subprocessors may process personal data solely on our behalf and under binding contractual obligations, including data security, confidentiality, and compliance with GDPR Article 28.

Subprocessors include:

• Stripe (USA) – Payment processing
• Google Cloud (EU) – Data hosting
• MongoDB Atlas (EU) – Database layer
• Sentry (USA/EU) – Error monitoring
• OpenAI, DeepSeek, Anthropic, Google Translate, DeepL, AWS Translate – AI API integrations

We review subprocessors regularly and maintain a complete list available upon request. You will be notified in advance of any material changes to this list that may affect your data.

11. International Data Transfers

As a Croatian entity, we primarily store and process data within the European Union (EU). However, some subprocessors (e.g., OpenAI, Stripe, Sentry) are located outside the EU/EEA.

Where cross-border transfers occur:

• We rely on Standard Contractual Clauses (SCCs) approved by the European Commission;
• Additional safeguards, including encryption and strict access controls, are implemented;
• We monitor legal developments in jurisdictions where subprocessors operate and adjust practices accordingly.

By using our Platform, you consent to the transfer of your data outside your home country, subject to these safeguards.

12. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law.

Default Retention:

• Account-related data – Retained during the lifetime of the account plus 90 days post-termination
• Billing and financial records – Retained for a minimum of 6 years for legal compliance
• Session logs & metadata – Purged on a rolling basis or aggregated after 180 days
• Enterprise configurations – Retained under terms specified in your MSA or SLA

Users may request early deletion of their data by contacting our DPO (see Section 2). Subject to feasibility and regulatory limitations, such requests will be honored.

13. Your Rights (GDPR & CPRA/CCPA)

Depending on your location and applicable law, you may have the following rights regarding your personal data:

A. Under GDPR (EU/EEA users)

• Access – Request a copy of your personal data;
• Rectification – Request corrections to inaccurate data;
• Erasure – Request deletion (“right to be forgotten”);
• Restriction – Request limited processing;
• Objection – Object to processing based on legitimate interests;
• Portability – Request export of your data in structured format.

B. Under CPRA/CCPA (California users)

• Know – What personal data we collect, use, and share;
• Delete – Request deletion of personal data we hold;
• Correct – Request correction of inaccuracies;
• Opt-Out – Request not to be subject to “sale” or “sharing” of personal data (note: we do not engage in such activities);
• Non-Discrimination – We do not treat users differently for exercising their privacy rights.

To exercise any of these rights, email: support@simpletranslate.io. We may verify your identity before fulfilling requests.

14. Data Security Measures

We implement technical and organizational measures to protect your data against accidental loss, unauthorized access, misuse, alteration, or destruction. These include:

• Encryption of data in transit and at rest (TLS/HTTPS, AES-256);
• Role-Based Access Controls (RBAC) limiting data visibility by user role;
• Secure cloud infrastructure via Google Cloud (EU regions);
• Activity logging and anomaly detection using Sentry and Firebase;
• Internal policies for access approvals and incident response.

Despite our best efforts, no system is 100% secure. You are responsible for safeguarding your login credentials and for securing access to your workspace or systems using our services.

15. Data Breach Notification

In the event of a personal data breach involving your information, SimpleT will:

• Assess the nature and scope of the breach promptly;
• Notify affected users without undue delay, and in any event within 72 hours of becoming aware, where feasible;
• Provide details including: the nature of the breach, categories of affected data, likely consequences, and remedial actions taken;
• Coordinate with competent supervisory authorities (e.g., Croatian Personal Data Protection Agency) in accordance with legal obligations.

For Enterprise clients, additional breach response procedures may be governed by the relevant MSA or DPA.

16. Children's Privacy

SimpleT does not knowingly collect or process personal data from children under the age of 13 (or higher if required by applicable law in your jurisdiction).

• If you are under 13, please do not register, use, or submit any information via the Platform.
• If we learn that we have inadvertently collected data from a minor, we will take steps to delete such data as soon as reasonably possible.

Parents or guardians who believe their child has submitted data without consent should contact us immediately at: support@simpletranslate.io.

17. Automated Decision-Making and Profiling

SimpleT does not engage in fully automated decision-making or profiling that produces legal or similarly significant effects on individuals as defined under GDPR Article 22.

AI-generated outputs (e.g., translations, summaries, metadata suggestions) are informational tools only and are not used to make binding decisions about users or their customers. Enterprise clients retain full control over how AI-generated content is implemented within their Salesforce workflows.

18. Third-Party Links and Services

The Platform may contain links or references to external websites, applications, or APIs, including those of subprocessors or technology partners (e.g., Salesforce, Stripe, OpenAI).

• Such third-party services are not controlled by SimpleT and are governed by their own privacy and security policies.
• We are not responsible for the data practices, content, or availability of any third-party services.

Users are encouraged to review the privacy practices of any external sites or providers before engaging or sharing data with them.

19. Changes to This Privacy Policy

SimpleT may update this Privacy Policy from time to time to reflect changes in legal obligations, technological developments, or business practices.

• When we make changes, we will update the “Effective Date” at the top of this document;
• Where material changes are made, we will provide reasonable notice via the Platform or email (if feasible);
• Continued use of the Platform after such updates constitutes your acceptance of the revised Policy.

If you do not agree to any changes, you must discontinue use and may request account deletion.

20. Contact Information & Data Protection Officer

If you have questions, concerns, or complaints regarding this Privacy Policy or how your data is handled, please contact:

We aim to respond to all privacy-related inquiries within 30 days. If you believe your rights under applicable data protection laws have been violated, you may also lodge a complaint with your local supervisory authority.