Privacy Policy

Last Updated: 19.07.2025

1. Introduction

SimpleBusiness365 (“Service”), operated by SimpleSoftware365 - Alexander Duggleby (“Company”, “we”, “us”, or “our”), is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

This Policy applies to all users worldwide and complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Data Controller Information

Data Controller:
SimpleSoftware365 - Alexander Duggleby
Beatrixgasse 27/1/25
1030 Vienna, Austria
Email: [email protected]

3. Information We Collect

3.1 Information You Provide

When you register for an account, we collect:

• Name
• Email address
• Company name

through the Microsoft 365 / Microsoft Graph integration.

3.2 Information Collected Automatically

When you use our Service, we automatically collect:

• IP addresses
• Browser type and version
• Device information
• Usage analytics and interaction data
• Performance data and error logs

3.3 Cookies

We use only essential cookies required for authentication and core Service functionality. We do not use analytics or marketing cookies.

3.4 Payment Information

We do not collect or store payment information. All payment processing is handled by our payment processor, Paddle Payments Ltd., which has its own privacy policy.

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

4.1 Performance of Contract

Processing necessary to provide the Service you’ve requested, including:

• Account creation and management
• Service delivery and functionality
• Customer support

4.2 Legitimate Interests

Processing necessary for our legitimate business interests, including:

• Service improvement and analytics
• Security and fraud prevention
• Direct marketing to existing customers
• Legal compliance

We do not rely on consent as a legal basis for processing.

5. How We Use Your Information

We use your personal data for:

• Service Delivery: Providing and maintaining the Service
• Billing: Processing payments through our payment processor
• Marketing: Sending service-related and promotional communications
• Analytics: Understanding usage patterns and improving the Service
• Legal Compliance: Meeting legal obligations and enforcing our Terms

We do not conduct automated decision-making or profiling.

6. Data Sharing and Disclosure

6.1 We Do Not Sell Personal Data

We never sell, rent, or trade your personal data to third parties.

6.2 Service Providers

We share data with trusted service providers who assist in operating our Service:

• Cloudflare: Content delivery and security (Privacy Policy)
• Resend: Email delivery (Privacy Policy)
• Microsoft Azure: Cloud hosting and infrastructure (Privacy Policy)
• Paddle Payments Ltd.: Payment processing (Privacy Policy)

6.3 Legal Requirements

We may disclose information when required by law, court order, or governmental request.

7. International Data Transfers

Your data may be processed in data centers located in:

• North America
• West Europe
• Asia Pacific

You can select your preferred data storage region during account setup.

For transfers to the United States, we rely on Standard Contractual Clauses approved by the European Commission to ensure adequate protection of your personal data.

8. Data Retention

8.1 Active Accounts

We retain your personal data for as long as your account remains active.

8.2 Deleted Items

Items moved to trash are retained for 30 days and can be restored by administrative users. After 30 days, they are permanently deleted.

8.3 Account Termination

Upon account cancellation:

• Your Organization is deleted within 30 days
• All associated data is permanently deleted within an additional 30 days (60 days total)
• Legal records and invoices are retained as required by law for tax and accounting purposes

Accounts may be cancelled automatically if 3 failed payments occur.

9. Your Privacy Rights

9.1 Rights for All Users

Regardless of location, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Deletion: Request deletion of your data (“right to be forgotten”)
• Portability: Receive your data in a portable format
• Restriction: Limit how we process your data
• Objection: Object to certain processing activities

9.2 Exercising Your Rights

You can exercise most rights directly through your account settings. For other requests, contact us at [email protected]. We will respond within 30 days.

9.3 Identity Verification

We verify identity through:

• Authentication via your account, or
• Government-issued identification documents

9.4 Fees

We do not charge fees for privacy requests unless they are excessive or manifestly unfounded.

10. California Privacy Rights (CCPA)

California residents have additional rights:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of sale of personal information (Note: We do not sell personal data)
• Right to non-discrimination for exercising privacy rights

California residents enjoy the same privacy rights we provide to all users under GDPR.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data. For detailed information about our security practices, please refer to our IT Security documentation.

All data is encrypted both in transit and at rest.

12. Marketing Communications

12.1 Marketing Emails

We may send promotional emails about our Service. All marketing emails include a one-click unsubscribe option.

12.2 Do Not Track

We honor Do Not Track browser signals and do not track users across third-party websites.

12.3 Behavioral Advertising

We do not engage in behavioral advertising or retargeting.

13. Children’s Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal data from anyone under 18 years of age. If we discover we have collected such information, we will promptly delete it.

14. Sensitive Personal Data

We do not intentionally collect sensitive personal data (health, biometric, racial/ethnic origin, political opinions, religious beliefs, etc.). If users input such data into our system, it is processed with the same protections as other personal data.

15. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites.

16. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes by posting the new Policy on this page and updating the “Last Updated” date.

17. Supervisory Authority

As we are based in Austria, our lead supervisory authority is:

Österreichische Datenschutzbehörde (Austrian Data Protection Authority)
Barichgasse 40-42
1030 Wien, Austria
Website: www.dsb.gv.at

You have the right to lodge a complaint with your local data protection authority.

18. Contact Us

For any questions about this Privacy Policy or our privacy practices, please contact us at:

SimpleSoftware365 - Alexander Duggleby
Beatrixgasse 27/1/25
1030 Vienna, Austria
Email: [email protected]

By using SimpleBusiness365, you acknowledge that you have read and understood this Privacy Policy.