Simplyfile
    by Neuralfinity

    Privacy Policy

    Last updated: 2025-06-10

    1. Introduction

    This privacy policy applies to the services offered Simplyfile, operated by by Neuralfinity UG (haftungsbeschränkt), referred to as "Simplyfile," "we," "us," or "our." At Simplyfile, we are committed to protecting the privacy of our users and visitors. This privacy policy explains how we collect, use, and protect your personal information in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This privacy policy applies to the services offered Simplyfile, operated by by Neuralfinity UG (haftungsbeschränkt), referred to as "Simplyfile," "we," "us," or "our." At Simplyfile, we are committed to protecting the privacy of our users and visitors. This privacy policy explains how we collect, use, and protect your personal information in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws in the jurisdictions where we operate.

    The scope of this privacy policy applies to all individuals who interact with Simplyfile, including users of our website, products, and services. This policy outlines the types of personal information we collect, how we use that information, and the measures we take to safeguard your data. It also explains your rights as a data subject under the GDPR.

    Simplyfile is the data controller for the personal information we collect and process, and our identity is as follows:

    Neuralfinity UG (haftungsbeschränkt)
    Am Sandtorkai 27
    20457 Hamburg
    Germany

    We encourage you to read this privacy policy carefully and contact us if you have any questions or concerns about how we handle your personal information. By using our website, products, or services, you consent to the terms of this privacy policy.

    2. Data Collection

    At Simplyfile, we collect personal data and metadata to provide our services and enhance the user experience. Personal data includes information such as name, email address, and payment information. We collect this information when you register for an account, subscribe to a plan, or contact us for support. We use this information to fulfill our contractual obligations, provide customer service, and improve our products and services.

    We process personal data and metadata on the basis of several legal grounds, including:

    • Consent: We may collect and process personal data based on your consent, which you can withdraw at any time.
    • Contractual Obligations: We collect and process personal data to fulfill our contractual obligations to you, such as delivering a product or providing customer support.
    • Legal Obligations: We may collect and process personal data to comply with legal obligations, such as tax reporting requirements.
    • Legitimate Interests: We may collect and process personal data to pursue our legitimate interests, such as improving our services, preventing fraud, and protecting the security of our products and services.

    2.1 Data Collection: App-Specific Information

    In addition to the general data described in Section 2, the Simplyfile app (accessible via browser or mobile device) may collect and process additional information to deliver its functionality:

    • Uploaded Documents: We process files you explicitly upload for processing. These files are stored and retained only as long as required to fulfill the agreed purposes, after which they are deleted. This data is never shared with any third parties.
    • Email Inbox Access: If you authorize us via IMAP, Office 365, or OAuth (e.g., Gmail), we may access and process the content of emails and attachments solely for the purposes defined in the application (e.g., document parsing, data extraction). We do not use your data for any unrelated purpose or share it with third parties.
    • Google Drive Access: If you grant us access to your Google Drive, we access only the files and folders you explicitly authorize. We do not read, write, or modify any other data. All access is scoped to the minimum permissions required. Any data provided through Google Workspace APIs is not used to develop, train or improve generalized Artificial Intelligence or Machine Learning models.
    • Third-Party APIs: When enabled by the user, we may interact with third-party APIs (e.g., financial data sources or CRM tools) to retrieve or augment data or to store data in your business systems as agreed as part of the usage of our software. All such accesses are consent-based.

    We follow Google API Services User Data Policy, including the Limited Use requirements. We only use the data from Google APIs to provide or improve user-facing features that are prominent in the requesting application's user interface.

    3. Data Usage

    At Simplyfile, we use the data we collect to provide our services and enhance the user experience. The content of API requests is never stored beyond the purpose of answering the request and is automatically deleted from all of our systems once this purpose has been achieved. IP addresses that make requests are stored as part of access logs, together with a time stamp of the request. Other request metadata can be stored, but this meta data by design cannot be used to draw any conclusions about the content of the request.

    For users of the Dashboard UI, we require first name, last name, email address, and optionally a company ID number (e.g. VAT ID or EIN) and a company name. This information is used to create and manage your account and to provide customer support. We may also use this information to communicate with you about updates to our services and other promotional information. You can opt out of receiving promotional emails at any time by following the unsubscribe instructions included in the email or by contacting us at [email protected].

    We may process payment information to be able to charge subscription and overage fees when they incur. We take reasonable measures to protect your payment information and to prevent unauthorized access or disclosure

    We do not sell, rent, or share your personal data with third parties, except as required by law or with your explicit consent. We may share your data with third-party service providers who assist us in providing our services, such as payment processors. We require our service providers to follow GDPR and other applicable data protection laws and to use your data only for the purpose of providing their services to us.

    3.1 Data Usage: Analytics and Logging

    To improve our product and diagnose issues, we use PostHog, a product analytics service. We have configured PostHog for regional data residency:

    • EU-based users: Analytics data is routed exclusively to PostHog's EU servers (located in Frankfurt, Germany).
    • US-based users: Analytics data is routed to PostHog servers in the United States.

    We do not collect or transmit sensitive personal data (such as document contents or email metadata) through PostHog. We use analytics data only to understand user interactions with the app interface (e.g., button clicks, time on page). We us analytics software to understand how users interact with our website and services. This helps us improve usability and performance. The software may collect anonymized usage data, including page visits, browser type, and session duration. No sensitive personal information is recorded.

    Users can opt out of analytics collection at any time by contacting us at [email protected] or using built-in privacy controls where available.

    4. Data Sharing

    At Simplyfile, we take the privacy and security of our users' data seriously. We do not sell or rent personal data to third parties. We only share personal data with external service providers when it is necessary to deliver and improve our services, and always in accordance with applicable data protection laws.

    We may share data with the following categories of third-party service providers:

    • Payments: We use Stripe to process payments and manage billing securely. Stripe may collect and process personal data such as payment details, contact information, and device metadata. Data may be transferred to and processed in the United States or other jurisdictions with appropriate safeguards in place.
    • Analytics: We use PostHog Cloud to analyze usage patterns and product performance. Depending on the user's region, data may be processed in the EU or the US.
    • Web Hosting: Our public-facing website is hosted using geographically appropriate cloud infrastructure—EU-based for EU visitors and US-based for US visitors. No sensitive application or user data is stored in this environment.
    • Content Delivery and Security: We use Cloudflare to provide secure and performant access to our website and application. This includes protection against DDoS attacks, encrypted traffic management, and global content caching. Cloudflare may temporarily process IP addresses and related metadata as part of these services.

    All third-party service providers act on our instructions and are bound by strict contractual obligations, including data processing agreements where required. For international data transfers, such as those between the EU and the US we, implement appropriate safeguards to ensure a level of data protection consistent with applicable laws. These safeguards may include mechanisms such as the EU Standard Contractual Clauses (SCCs) or equivalent frameworks recognized under relevant data protection regulations.

    We may share personal data with third-party service providers who assist us in providing our services, such as payment processors and billing service providers. Specifically, we share data with Stripe for payment processing purposes. We require our service providers to follow GDPR and other applicable data protection laws and to use your data only for the purpose of providing their services to us.

    We do not share the content of any API request with third parties. We took deliberate design decisions to prohibit us from being able to access request contents beyond the purpose of answering the API request. We take reasonable measures to protect your data and prevent unauthorized access or disclosure.

    We do not share personal data with affiliates or subsidiaries, except as required by law or with your explicit consent.

    Users can opt-out of data sharing by contacting us at [email protected]. However, please note that opting out of data sharing may limit our ability to provide certain services to you.

    4.1 Additional Sharing Notes

    • Google API Data: We do not share any Google user data with third parties. We access and use the data strictly for the features you've enabled. We do not use this data for advertising or marketing.
    • Uploaded Files: Files you upload directly without any third party integration are stored securely and encrypted at rest. They are not shared with any external cloud provider.

    5. GDPR User Rights

    Under GDPR, you have certain rights with regard to your personal data. These rights include:

    • The right to access your personal data: You have the right to request access to your personal data that we hold.
    • The right to rectify your personal data: You have the right to request that we correct any inaccurate or incomplete personal data that we hold.
    • The right to erase your personal data: You have the right to request that we delete your personal data in certain circumstances, such as if the data is no longer necessary for the purposes for which it was collected.
    • The right to restrict processing of your personal data: You have the right to request that we limit the processing of your personal data in certain circumstances, such as if you contest the accuracy of the data.
    • The right to object to the processing of your personal data: You have the right to object to the processing of your personal data in certain circumstances, such as if the data is being processed for direct marketing purposes.
    • The right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another data controller.

    If you would like to exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. Please note that we may need to verify your identity before fulfilling your request.

    If you believe that we have not complied with your data protection rights, you have the right to lodge a complaint with a supervisory authority.

    6. Security Measures

    At Simplyfile, we take the security of your personal data seriously. We have implemented technical and organizational measures to protect your personal data from unauthorized access, alteration, or destruction. These measures include:

    • Encryption of sensitive data: We use industry-standard encryption to protect all data, including sensitive data, such as payment information, during transmission and storage.
    • Access controls: We restrict access to personal data to authorized personnel and implement role-based access controls to ensure that personnel can only access data that is necessary for their job function.
    • Monitoring and logging: We monitor our systems and logs for suspicious activity and investigate any anomalies.
    • Regular testing and updates: We regularly test our systems for vulnerabilities and apply security updates as necessary.
    • Data retention policies: We only retain personal data for as long as necessary to fulfill the purposes for which it was collected, and we have implemented data retention policies to ensure that data is deleted in a timely manner.

    6.1 Data Breaches

    In the event of a data breach, we will take immediate steps to contain the breach, assess the impact of the breach, and notify affected individuals and the relevant supervisory authority as required by law.

    We have implemented a data breach response plan that includes procedures for identifying and containing breaches, notifying affected individuals, and conducting an investigation into the cause of the breach.

    If you believe that your personal data has been compromised, please contact us at [email protected] so that we can take appropriate action to address the issue.

    We continuously review our security measures to ensure that they remain effective and up-to-date with the latest industry standards and best practices.

    7. Data Retention

    At Simplyfile, we only retain personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by law. We have implemented data retention policies to ensure that data is deleted in a timely manner.

    API request content is not stored beyond the purpose of answering the request and is automatically deleted from all of our systems once this purpose has been achieved. IP addresses that make requests are stored as part of access logs, together with a time stamp of the request. Other request metadata can be stored, but this meta data by design cannot be used to draw any conclusions about the content of the request.

    Data from users of the Dashboard UI will be retained for as long as the user has an active subscription. Once the subscription is terminated, the user data will be deleted from our systems after a period of 90 days, except for data we are legally required store for a longer period as well as data required for accounting purposes.

    Users have the right to request the deletion of their data at any time. If you wish to request the deletion of your personal data in accordance with section 5 of this privacy policy. We will respond to your request in a timely manner and take appropriate action to delete your data as required by law.

    7.1 Retention of App-Specific Data

    • Uploaded Files: Stored only as long as required for processing. Files are automatically deleted once processing is complete or they are no longer needed.
    • OAuth Access (Gmail, Google Drive): Revoked access results in immediate deletion of associated tokens and metadata.
    • IMAP / Office 365 Access: If you disconnect your account, we cease all access and delete relevant authentication credentials and session metadata.
    • Third-Party API Data: Only retained as long as needed to serve the user request or maintain historical context, and only with user consent.

    You may revoke any authorization (e.g., Gmail, IMAP, O365, Google Drive) via your account with the respective provider at any time or by contacting us directly.

    If you'd like to opt out of specific processing or revoke permissions, contact us at [email protected].

    8. Changes to the Privacy Policy

    Simplyfile may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, and other factors. We will notify our users of any significant changes to this Privacy Policy by email, as well as by posting the updated Privacy Policy on our website.

    We encourage our users to review this Privacy Policy periodically to stay informed about our data practices. By continuing to use our services after any changes to this Privacy Policy become effective, you agree to be bound by the revised Privacy Policy.

    This Privacy Policy was last updated on 06/10/2025. If you have any questions or concerns about this Privacy Policy, please contact us at [email protected].

    9. Contact Information

    If you have any questions or concerns regarding this Privacy Policy, you can contact Simplyfile at:

    Neuralfinity UG (haftungsbeschränkt)
    Am Sandtorkai 27
    20457 Hamburg
    Germany

    Registered in Hamburg HRB 177880
    Email: [email protected]

    The company is represented by the board of management:
    Jannik Malte Meissner, Yuliia Butovchenko.