Privacy Policy
Your privacy matters to us. This policy explains how we collect, use, and protect your personal data.
Last updated: January 2025
Your Data Rights
You have the right to access, export, or delete your personal data at any time.
1. Introduction
Simpl Group ("we," "our," or "us") operates the Simpl platform (withsimpl.com), providing inventory management and booking services for experience operators including restaurants, venues, and tour operators.
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our platform. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
By using our services, you acknowledge that you have read and understood this Privacy Policy.
2. Data We Collect
Account Information
- Name, email address, phone number
- Company or organization name
- Account credentials (passwords are securely hashed)
- Profile preferences and settings
Booking Information
- Guest name, email, and phone number
- Booking dates, times, and party sizes
- Special requests and dietary requirements
- Booking history and preferences
Payment Information
- Payment method details (processed securely by Stripe)
- Billing address
- Transaction history and invoices
Usage Data
- IP address and device information
- Browser type and operating system
- Pages visited and features used
- Timestamps and session duration
Technical Data
- API access logs and usage metrics
- Error logs and performance data
- Security audit logs
3. How We Use Your Data
Service Delivery
- Create and manage your account
- Process and fulfill bookings
- Provide customer support
- Enable platform features and functionality
Communication
- Send booking confirmations and reminders
- Respond to inquiries and support requests
- Send important service updates
- Marketing communications (with your consent)
Compliance & Security
- Comply with legal obligations
- Detect and prevent fraud
- Maintain platform security
- Enforce our terms of service
Improvement
- Analyze usage patterns to improve our services
- Develop new features and functionality
- Conduct research and analytics
4. Legal Basis for Processing (GDPR)
Under the GDPR, we process your personal data based on the following legal grounds:
Contract Performance
Processing necessary to fulfill our contractual obligations to you, such as providing our services and processing bookings.
Legitimate Interests
Processing necessary for our legitimate business interests, such as improving our services, preventing fraud, and maintaining security, where these interests are not overridden by your rights and interests.
Consent
Processing based on your explicit consent, such as marketing communications. You may withdraw consent at any time.
Legal Obligation
Processing necessary to comply with legal requirements, such as tax reporting and responding to lawful requests from authorities.
5. Data Sharing
We share your data only with the following parties and for the following purposes:
| Third Party | Purpose | Data Shared |
|---|---|---|
| Experience Operators | Fulfill your bookings | Guest name, contact info, booking details |
| Stripe | Payment processing | Payment details, billing info |
| Resend | Email communications | Email address, name |
| Railway | Hosting infrastructure | Encrypted data in transit/at rest |
| Legal Authorities | Legal compliance | As required by law |
We do not sell your personal data to third parties.
6. Data Retention
We retain your data for the following periods:
| Data Category | Retention Period | After Retention |
|---|---|---|
| Account Information | Until deletion + 30 day grace period | Deleted |
| Booking History | 7 years (legal requirement) | Anonymized |
| Payment Records | 7 years (tax compliance) | Anonymized |
| Audit Logs | 7 years (compliance) | Anonymized |
| Tax Attestations | 7 years (legal requirement) | Anonymized |
| Marketing Preferences | Until withdrawal or deletion | Deleted |
7. Your Rights
Under GDPR and other privacy laws, you have the following rights:
Right to Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data (with certain exceptions).
Right to Restrict Processing
Request limitation of how we use your data.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests or for marketing.
Exercise Your Rights
Access, export, or request deletion of your data through our self-service portal.
Go to My Data Portal9. International Transfers
Your data may be processed in countries outside your own, including the United States and European Union countries. We ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) for EU-US transfers
- Data Processing Agreements with all service providers
- Encryption in transit and at rest
- Regular security audits and compliance reviews
10. Children's Privacy
Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@withsimpl.com.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes:
- We will update the "Last updated" date at the top of this page
- We will notify you via email if the changes are material
- We may display a prominent notice on our platform
We encourage you to review this page periodically. Your continued use of our services after any changes constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Simpl Group - Data Protection
Email: privacy@withsimpl.com
For EU residents, you also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.