Privacy Policy

Our Commitment to Your Privacy

At Simpata, protecting your privacy isn't just a legal obligation—it's fundamental to how we do business. This Privacy Policy explains how Simpata.com, a secure SaaS platform operated by General Blue Corporation (a United States-based company), collects, uses, shares, and safeguards your personal information.

We've built our platform with privacy and security at the core. Our practices align with global privacy regulations including GDPR, CCPA, and industry best practices to ensure your data is handled responsibly and transparently. We believe you should always know what data we collect, how it's used, and have meaningful control over your information.

By using Simpata, you agree to the data practices described in this Policy. We encourage you to read this document carefully and contact us with any questions.

Scope of This Policy

Two Roles, One Commitment

This Policy covers two distinct scenarios:

Data Controller: When you create an account and use Simpata directly, we determine how and why your personal data is processed (account details, usage data, preferences).
Data Processor: When your organization uses Simpata and uploads data about employees or customers, we process that data only according to your organization's instructions and our contractual agreement.

In simple terms: When we decide how to use your data, this Policy applies. When we only process data on behalf of your organization, we protect it per our agreement with them—and their privacy policy may also apply to that data.

Privacy Policy Overview

Here's a quick reference guide to the key sections of our Privacy Policy:

We collect personal information you provide (name, email, payment details), data collected automatically (usage logs, device info, cookies), and data from third-party integrations you connect. We do not knowingly collect data from children under 13.

We use data to provide services, handle support, process transactions, improve features, and maintain security. We never access your proprietary content except as needed to run the service. Marketing communications require your consent and you can opt out anytime.

We do not sell your personal information. We share data only with trusted service providers (under strict obligations), when required by law, in corporate transactions (with continued protection), or at your direction.

You control your data. Access, correct, delete, or export your information anytime. Opt out of marketing, manage cookie preferences, and withdraw consent as needed. Exercising your rights never affects service quality.

Enterprise-grade security including 256-bit SSL encryption, network safeguards, access controls, regular monitoring, and security audits. We continuously update systems to protect against evolving threats.

Information We Collect

1. Personal Information You Provide

When you interact with Simpata, you provide certain information directly:

Account Information: Name, email address, phone number, company name, job title, and password when creating your account
Payment Information: Credit card details, billing address (processed securely through PCI-compliant payment processors)
Profile & Preferences: Optional information like profile photo, language preference, timezone, notification settings
Communications: Information in support requests, feedback forms, surveys, or inquiries you send us
Content You Upload: Employee data, project details, documents, or other business information you enter into the platform

Required vs. Optional: We'll always indicate which information is necessary for the service and which is optional. Some features may require certain data to function properly.

2. Information Collected Automatically

Like most online services, Simpata automatically collects certain data about your usage:

Usage Data

Pages visited, features used, timestamps, error logs, and performance metrics. This helps us troubleshoot issues and understand feature usage.

Device & Technical Data

IP address, browser type, device type, operating system, unique identifiers, and referral source (e.g., search engine or link).

Cookies & Tracking

Small text files that remember preferences, maintain login sessions, and enable analytics. You can control cookies via browser settings.

Analytics Data

Aggregated metrics via third-party tools (e.g., Google Analytics) showing visitor trends, page views, and demographics. Data is anonymized.

3. Information from Third-Party Sources

If you connect integrations (payroll systems, calendars, SSO providers), we receive relevant data to enable those connections. We treat third-party data according to this Policy and integration terms presented during setup.

4. Children's Privacy

Simpata is not intended for children under 13. We do not knowingly collect personal information from children under 13 in compliance with COPPA (Children's Online Privacy Protection Act). If we discover we've inadvertently collected such data, we will promptly delete it. Parents who believe their child provided us information should contact us immediately.

5. Customer Data (Your Content)

Data you actively input into Simpata (employee records, project details, documents) is your data or your organization's data ("Customer Data"). We treat this as confidential and process it solely to provide the service you requested. We do not access, use, or scan Customer Data for our own purposes except when absolutely necessary (automated backups, security scans, or with your explicit permission for support).

How We Use Your Information

We use collected information for legitimate business purposes related to operating and improving our services:

Purpose	Description	Legal Basis
Providing the Service	Authenticate you, display your data, run core platform features, generate reports	Contract Performance
Platform Improvement	Analyze usage patterns, debug issues, develop new features, enhance UX	Legitimate Interest
Communications	Transactional emails (receipts, alerts, password resets), support responses	Contract Performance
Marketing (Opt-in)	Newsletters, product updates, special offers—with clear unsubscribe option	Consent
Payment Processing	Charge subscriptions, manage billing, send invoices, comply with tax laws	Contract Performance
Security & Fraud Prevention	Monitor for suspicious activity, enforce Terms, prevent unauthorized access	Legitimate Interest
Legal Compliance	Maintain records per regulations, respond to legal obligations	Legal Obligation

For any purpose not listed above, we will provide notice and obtain consent where required by law.

How We Share Your Information

We Never Sell Your Data

Simpata does not sell, rent, or trade your personal information to third parties for profit. Your data is not a product.

We share your information only in these specific, limited circumstances:

Trusted Service Providers

We work with carefully vetted companies to operate Simpata (cloud hosting, payment processors, email delivery, analytics, customer support tools). These providers access only the minimum data necessary, are bound by strict confidentiality agreements, and cannot use your data for their own purposes. We remain responsible for their handling of your data.

Business Transfers

If Simpata or General Blue Corporation is acquired, merges, or sells assets, your information may be disclosed to prospective or actual new owners under confidentiality protections. The successor entity would continue to protect your data per this Policy. You'll be notified of material changes.

Legal Compliance & Protection

We may disclose data when required by valid legal process (subpoenas, court orders), to protect our rights or property, prevent fraud, or ensure safety. We'll notify you of legal demands unless prohibited by law.

Your Direction

When you explicitly direct us to share data (enabling integrations, collaborating with teammates, posting in forums), we'll share as instructed. Review third-party privacy practices when connecting external services.

Aggregated/De-Identified Data

We may share anonymized, aggregated data that cannot identify individuals (e.g., "Total platform users: 10,000" or usage trends). This is not personal information.

Data Retention

We retain personal information only as long as necessary for the purposes described or as required by law:

Active Accounts: Data retained while your account is active to provide ongoing service
Closed Accounts: Deleted or anonymized within 30-60 days; backups cycled out over time
Operational Records: Transaction records, suppression lists, or dispute-related data kept for legitimate business needs
Legal Requirements: Tax, audit, and financial records retained per applicable law (typically 3-7 years), then deleted

When no longer needed, we securely erase or anonymize your data. If immediate deletion isn't possible (long-term backups), we isolate and protect data from further use until deletion is feasible.

Your Rights and Choices

You have meaningful control over your personal information. Depending on applicable law, you have these rights:

Access & Portability

Request a copy of your data in a common format. Much of your data is accessible directly in your account dashboard.

Correction

Update inaccurate or outdated information via account settings or by contacting us. We want to ensure accuracy.

Deletion

Request deletion of your account and personal data (subject to legal retention requirements). Note: service access ends upon deletion.

Opt-Out of Marketing

Unsubscribe from promotional emails anytime via the link in any message or your account settings. Transactional emails continue.

Cookie Management

Control cookies via browser settings. Note: disabling cookies may limit some features (saved preferences, login persistence).

Restrict or Object

Request temporary halt or object to certain processing where applicable by law. We'll review and comply if required.

Non-Discrimination Policy

Exercising your privacy rights will never affect the quality or price of our services. Everyone receives equal treatment regardless of privacy choices.

To exercise any rights not available in your account settings, or for privacy requests (data export, deletion, corrections), contact us using the information in the Contact Us section. We may verify your identity to protect your data, and we'll respond within 30 days.

Data Security

Protecting your data is our top priority. We've implemented comprehensive security measures:

Enterprise-Grade Security Infrastructure

Encryption

HTTPS/TLS encryption for all data in transit
256-bit encryption for sensitive data at rest
Encrypted backups and archives
Secure key management practices

Access Controls

Principle of least privilege access
Multi-factor authentication for staff
Logged and audited administrative access
Regular access reviews and revocations

Network Security

Firewalls and intrusion detection systems
Regular vulnerability scanning
Automated threat monitoring and alerts
Third-party penetration testing

Backup & Recovery

Automated encrypted daily backups
Geographically redundant storage
Disaster recovery procedures
Regular recovery testing

Your Role in Security

Security is a shared responsibility. Help protect your account by:

Using a strong, unique password
Enabling two-factor authentication (if available)
Keeping your login credentials confidential
Being alert to phishing attempts (we'll never ask for your password via email)
Reporting any suspicious activity immediately

Important Limitation

While we employ industry-leading security measures, no system is 100% secure. We cannot guarantee absolute security. In the unlikely event of a data breach affecting your information, we will notify you within the timeframe required by law and take immediate steps to mitigate the issue.

International Data Transfers

Simpata operates from the United States. If you access our services from outside the U.S., please understand that your data will be transferred to, stored, and processed in the United States and potentially other countries where our service providers operate.

These countries may have different data protection laws than your home country. However, we take steps to ensure your privacy remains protected:

We use Standard Contractual Clauses (SCCs) approved by regulatory authorities
We require all international service providers to maintain adequate safeguards
We enforce the same high standards of privacy and security globally
We comply with applicable cross-border data transfer regulations

By using Simpata, you consent to the transfer of your information to the United States and other jurisdictions as necessary for service delivery. For questions about international transfers or specific safeguards, contact us.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, legal requirements, or industry standards. The "Last Updated" date at the top indicates when the most recent changes were made.

If we make material changes (such as new data uses or sharing practices), we will:

Post a prominent notice on our website before changes take effect
Send you an email notification (if you've provided an email address)
Obtain new consent if required by law

We encourage you to review this Policy periodically. Continued use of Simpata after updates become effective constitutes your acceptance of the changes, to the extent permitted by law.

Contact Us

We're here to help with any questions, concerns, or requests regarding this Privacy Policy or your personal data.

Email

support@generalblue.com

Preferred method for privacy requests

Phone

+1 (888) 411-2583

Monday–Friday, 9:00 AM – 5:00 PM Pacific Time

Mail

General Blue Corporation (Simpata)
Attn: Privacy Team
PO BOX 6733
Chico, CA 95927
United States

Response Time: We respond to privacy inquiries as promptly as possible, typically within 30 days. For requests to exercise your privacy rights, we may need to verify your identity for security purposes.