Privacy Policy

Last updated: April 2, 2026

Effective Date: April 2, 2026

1. Introduction and Scope

Simpler Technologies Private Limited ('Company', 'we', 'us', 'our') is committed to protecting your privacy and ensuring transparency regarding how we collect, use, process, and protect your personal data. This Privacy Policy explains our practices in detail and the choices available to you regarding your personal information.

This Privacy Policy applies to all users, customers, subscribers, and visitors of our website (www.simplertechnologies.com) and all products and services offered by Simpler Technologies, including but not limited to GymFusion, Institute-Fusion, LibraryFusion, and Enterprise ERP solutions (collectively, the 'Services').

By accessing our website or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our practices, please do not use our Services.

2. Data Controller and Contact Information

Simpler Technologies Private Limited is the data controller responsible for your personal data.

Simpler Technologies Private Limited

Email: privacy@simplertechnologies.com

Legal Email: legal@simplertechnologies.com

Support Email: support@simplertechnologies.com

For Data Subject Access Requests (DSAR): dpo@simplertechnologies.com

3. Types of Personal Data Collected

We collect various categories of personal data to provide, maintain, and improve our Services. The specific data collected depends on how you interact with us.

3.1 Information You Provide Directly

  • Account Registration: Name, email address, phone number, company/organization name, job title, physical address, password (encrypted)
  • Organizational Data: Business address, GST/Tax registration numbers, organizational structure, employee roster, member/student records (for gyms, institutes, libraries)
  • Customer Data: Transaction history, subscription details, payment information, invoice records
  • Communications: Messages, support tickets, feedback, testimonials, survey responses
  • Professional Information: Industry certifications, professional qualifications, business licenses
  • Sensitive Data (with explicit consent): Attendance records, performance metrics, member/student health information, financial records

3.2 Information Automatically Collected

  • Device Information: IP address, browser type, operating system, device identifiers, hardware model
  • Usage Analytics: Pages visited, time spent, features used, clicks, search queries, navigation patterns
  • Location Data: Approximate location based on IP address (not precise GPS tracking)
  • Cookies and Tracking: Session identifiers, preference data, performance metrics
  • Server Logs: Request logs, error logs, access times, server performance metrics

3.3 Information from Third Parties

  • Payment processors (transaction data, payment status)
  • Email service providers (delivery status, engagement metrics)
  • Cloud infrastructure providers (anonymized usage data)
  • Third-party integrations your organization enables

4. Legal Basis for Processing Personal Data

We process your personal data on one or more of the following legal bases:

  • Performance of Contract: To deliver the Services, manage subscriptions, process payments
  • Legitimate Interests: To improve Services, conduct analytics, prevent fraud, ensure security
  • Legal Compliance: To comply with laws, regulations, court orders, respond to legal requests
  • Consent: For marketing communications, non-essential cookies, optional features
  • Vital Interests: To protect safety, security, or health of individuals

For users in the EU/EEA, we rely on GDPR Article 6 lawful bases. For users in California, we comply with CCPA requirements. For users in Canada, we comply with PIPEDA.

5. How We Use Your Personal Data

We use collected personal data for the following purposes:

5.1 Service Delivery and Account Management

  • Creating and managing your account
  • Providing access to Services and features
  • Processing transactions and managing subscriptions
  • Sending transactional emails (invoices, receipts, password resets)
  • Providing technical and customer support

5.2 Communication and Marketing

  • Sending newsletters, product updates, and announcements (with consent)
  • Informing you about new features, services, or service changes
  • Responding to inquiries and customer support requests
  • Sending promotional materials and special offers (with opt-in consent)
  • Conducting surveys and collecting feedback

5.3 Platform Analytics and Improvement

  • Analyzing how users interact with our Services
  • Identifying usage patterns and user preferences
  • Measuring feature adoption and effectiveness
  • Improving user experience and interface design
  • Developing new features and services

5.4 Security, Fraud Prevention, and Legal Compliance

  • Detecting and preventing fraudulent activities
  • Monitoring for unauthorized access or misuse
  • Ensuring compliance with applicable laws and regulations
  • Responding to legal requests and law enforcement inquiries
  • Protecting the rights, property, and safety of our company, users, and the public

5.5 Data Aggregation and Business Intelligence

  • Creating anonymized, aggregated reports (individual users cannot be identified)
  • Generating industry benchmarks and market insights
  • Understanding business trends in different verticals (gyms, institutes, libraries)
  • Supporting product strategy and roadmap development

6. Data Retention and Deletion Policies

We retain personal data only for as long as necessary to provide Services, comply with legal obligations, or as otherwise permitted by law.

6.1 Retention Periods by Data Type

  • Account Data: Retained for the duration of the subscription. Deleted within 30 days after account termination
  • Transaction Records: Retained for 7 years (for tax and legal compliance)
  • Marketing/Communications: Retained until you unsubscribe, then deleted within 30 days
  • Support/Ticket Data: Retained for 2 years from last interaction
  • Usage Analytics: Anonymized after 12 months; raw logs deleted after 3 months
  • Cookies: Session cookies deleted upon browser closure; persistent cookies deleted per settings (up to 2 years)

6.2 User-Initiated Deletion

You can request deletion of your personal data at any time by contacting dpo@simplertechnologies.com. We will delete your data within 30 days unless:

  • We are required by law to retain it longer
  • There is a pending legal claim or investigation
  • You have outstanding financial obligations

7. Sharing and Disclosure of Personal Data

Simpler Technologies does not sell, rent, or lease your personal data to third parties for their marketing purposes. However, we may share your data in the following circumstances:

7.1 Service Providers and Processors

We share data with trusted third-party service providers who process data on our behalf under Data Processing Agreements (DPAs):

  • Cloud hosting providers (data center operations)
  • Email service providers (Amazon SES, transactional and marketing emails)
  • Payment processors (Stripe, PayPal, Razorpay for secure transactions)
  • Analytics providers (anonymized data only)
  • Customer support platforms

All processors are contractually bound to maintain confidentiality and use data only as authorized.

7.2 User-Authorized Sharing

  • Third-party integrations you explicitly enable (Zapier, Integromat, etc.)
  • Data exports you request
  • Multi-tenant organization sharing (for admin-designated employees)

7.3 Legal and Compliance

  • Law enforcement, government agencies (with valid legal process)
  • Court-ordered disclosures
  • Responses to valid subpoenas or legal requests
  • Protection of legal rights and public safety

7.4 Business Transitions

In the event of merger, acquisition, bankruptcy, or sale of assets, personal data may be transferred as part of that transaction. You will be notified of any such change and any choices regarding your data.

7.5 Aggregated and Anonymized Data

We may share anonymized, aggregated data that cannot identify individuals with partners, researchers, and the public for analytical, benchmarking, and business intelligence purposes.

8. Data Security and Protection Measures

We implement comprehensive technical, administrative, and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

8.1 Technical Security

  • SSL/TLS encryption for all data in transit
  • AES-256 encryption for data at rest
  • Secure password hashing (bcrypt/Argon2, salted)
  • API security (token-based authentication, rate limiting)
  • Web application firewalls (WAF) and DDoS protection
  • Regular security testing and vulnerability scanning
  • Intrusion detection systems (IDS)

8.2 Administrative and Physical Security

  • Access control: Role-based access, principle of least privilege
  • Employee training: Security awareness and confidentiality agreements
  • Background checks: Verification for employees with data access
  • Physical security: Secured data centers with biometric access controls
  • Audit logs: Monitoring all data access and system changes
  • Incident response: Documented procedures for security breaches

8.3 Organizational Measures

  • Privacy by design principles in all product development
  • Regular comprehensive security audits
  • Periodic penetration testing by independent security firms
  • Compliance certifications (ISO 27001, SOC 2 Type II in progress)
  • Data Protection Impact Assessments (DPIA) for high-risk processing

8.4 Limitations

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security, and transmission of data over the internet carries inherent risks. You use our Services at your own risk.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience, understand user behavior, and personalize content.

9.1 Types of Cookies

  • Essential Cookies: Required for website functionality (authentication, session management)
  • Performance Cookies: Analyze usage patterns to improve performance
  • Functional Cookies: Remember user preferences and settings
  • Marketing/Tracking Cookies: Used for advertising and retargeting (with consent)

9.2 Cookie Consent

We obtain your explicit consent before placing non-essential cookies. You can manage cookie preferences through:

  • Cookie consent banner on our website
  • Browser settings (disable, delete, or manage cookies)
  • Your account privacy settings

9.3 Similar Technologies

We may use web beacons, pixels, and local storage (including LocalStorage and IndexedDB) for tracking and personalization. These technologies operate similarly to cookies.

10. International Data Transfers

Your personal data may be transferred to, stored in, and processed in countries other than your country of residence, including countries that may have different data protection laws.

10.1 Transfer Mechanisms

For transfers from EU/EEA to non-adequate countries, we rely on:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Your explicit consent
  • Data Processing Agreements with appropriate safeguards

10.2 Data Location

By default, data is stored in secure data centers within India. Users can request specific data residency requirements, which we will endeavor to accommodate where commercially feasible.

11. Your Data Subject Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

11.1 Right of Access (GDPR Article 15, CCPA §1798.100)

You have the right to request and receive a copy of all personal data we hold about you in a portable, machine-readable format.

11.2 Right to Rectification (GDPR Article 16)

You can request correction or update of inaccurate, incomplete, or outdated personal data.

11.3 Right to Erasure (GDPR Article 17, CCPA §1798.105)

You may request deletion of your personal data in certain circumstances, subject to legal retention obligations. This is sometimes called the 'right to be forgotten.'

11.4 Right to Restrict Processing (GDPR Article 18)

You can request that we limit how we use your data, such as restricting it to storage only during disputes.

11.5 Right to Data Portability (GDPR Article 20, CCPA §1798.100)

You have the right to receive your personal data in a structured, commonly used format and transmit it to another service provider.

11.6 Right to Object (GDPR Article 21)

You can object to processing of your data for direct marketing, profiling, and certain legitimate interest purposes.

11.7 Right to Withdraw Consent (GDPR Article 7)

If we process your data based on consent, you can withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

11.8 Right to Opt-Out of Marketing (CAN-SPAM, CASL)

You can unsubscribe from marketing communications at any time via email unsubscribe links or your account preferences.

11.9 Right to Non-Discrimination (CCPA §1798.125)

We will not discriminate against you for exercising your privacy rights by denying services, increasing prices, or lowering quality.

11.10 Exercising Your Rights

To exercise any of these rights, please submit a written request to:

Data Subject Rights Request

Email: dpo@simplertechnologies.com

Subject Line: 'Data Subject Access Request' (or specify the right)

We will respond within 30 days (extendable to 90 days for complex requests).

12. Children's Privacy

Simpler Technologies Services are not directed toward children under 13 years of age (or as defined by local law). We do not knowingly collect personal data from children without parental consent.

Exception: For our Institute-Fusion product, schools and institutes may process student data on behalf of parents/guardians as required by education regulations. In such cases, the institution is responsible for obtaining necessary parental consent and managing data according to education-specific regulations (FERPA in the US, etc.).

If we discover we have collected data from a child without proper consent, we will delete it immediately. Please contact us at privacy@simplertechnologies.com if you believe we have inadvertently collected children's data.

13. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify affected users without undue delay (without unreasonable delay)
  • Provide information about the nature of the breach
  • Describe measures taken or being taken to address the breach
  • Provide contact information for our Data Protection Officer
  • Notify relevant supervisory authorities as required by law

Notifications will be sent via email, SMS, or prominent notice on our website. We will also maintain an incident response plan and conduct post-breach analysis.

14. Third-Party Links and External Services

Our website and Services may contain links to third-party websites and services that are not operated by Simpler Technologies. This Privacy Policy does not apply to external sites, and we are not responsible for their privacy practices.

We strongly encourage you to review the privacy policies of any third-party services before providing your personal data. Your use of third-party services is at your own risk and subject to their terms and policies.

15. Compliance with Data Protection Regulations

Simpler Technologies complies with applicable data protection laws across multiple jurisdictions:

15.1 GDPR (EU/EEA Users)

We comply fully with the General Data Protection Regulation (EU 2016/679), including lawful bases, data subject rights, data protection impact assessments, and international data transfers.

15.2 CCPA (California Users)

We comply with the California Consumer Privacy Act (CCPA), providing California residents with rights to know, delete, opt-out, and non-discrimination protections.

15.3 CASL (Canadian Users)

We comply with Canada's Anti-Spam Legislation (CASL), obtaining consent before sending commercial electronic messages and providing clear identification and unsubscribe options.

15.4 Other Regulations

We comply with applicable data protection laws in India (DPDP Act 2023), UK (UK GDPR), and other jurisdictions where we operate.

16. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated 'Last updated' date.

For material changes that substantially alter your rights or our practices, we will provide advance notice via email or prominent notice on the website. Your continued use of the Services following notification of changes constitutes your acceptance of the updated Privacy Policy.

17. Contact Information and Support

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

General Privacy Inquiries

Email: privacy@simplertechnologies.com

Data Subject Access Requests

Email: dpo@simplertechnologies.com

Legal and Compliance

Email: legal@simplertechnologies.com

Customer Support

Email: support@simplertechnologies.com

Expected Response Time: We aim to respond to all inquiries within 5 business days. For formal data subject requests, we provide responses within 30-90 days as required by law.

18. Accountability and Verification

Simpler Technologies maintains comprehensive records of our data processing activities to demonstrate compliance with data protection laws. We conduct regular privacy audits, impact assessments, and maintain documentation of:

  • Processing activities and purposes
  • Legal bases for processing
  • Data categories and recipients
  • Data subject rights fulfillment
  • Security measures and incident response
  • Compliance certifications and assessments