Privacy Policy

Learn how we safeguard your personal information and ensure data security when using SimplePIA.

We're here to help. Get in touch.

You can contact us at any time about how we handle and safeguard your information.

[email protected]

Privacy Made Simple provides the SimplePIA platform to help organizations conduct Privacy Impact Assessments (PIAs) efficiently and effectively.

Key Definitions:
  • we, our, or us – Privacy Made Simple
  • our services – SimplePIA platform and related services
  • you – users of our platform
  • your information – information you share with us
Our Platform Facilitates:
  • Privacy Impact Assessment creation and management
  • Collaborative PIA development
  • Privacy compliance documentation
  • Risk assessment and mitigation tracking

Category Details
Account Information Name, email address, job title, organization name, and account preferences.
PIA Content Privacy impact assessments you create, including risk assessments, mitigation strategies, and privacy analysis.
Usage Information Anonymized data about platform feature usage and application performance to help us improve SimplePIA's functionality and user experience.
Payment Information Billing details for paid subscriptions, processed securely through Stripe (payment related information is only retained in Stripe).
Technical Information Device information, IP address, browser type, and system performance data for security and optimization.
Communication Data Information from support requests, feedback, and other communications with our team.
Privacy by Design: We collect only the information necessary to provide and improve our services. All data collection follows privacy-by-design principles.

Directly From You:
  • Account registration and profile setup
  • PIA creation and content entry
  • Support requests and communications
  • Subscription and payment processing
  • Settings and preferences
Automatically:
  • Platform usage and interaction data
  • System logs and performance metrics
  • Security monitoring and audit trails
  • Anonymous analytics (no personal data)
Third-Party Information: We do not collect information about you from third parties without your explicit consent.

Purpose How We Use Your Information
Service Delivery Provide access to SimplePIA platform, store and manage your PIAs, enable collaboration features.
Account Management Manage subscriptions, process payments, provide customer support, manage user access.
Platform Improvement Analyze usage patterns (anonymized), improve features, enhance security, optimize performance.
Communication Send service updates, security notifications, support responses, and important announcements.
Legal Compliance Comply with legal obligations, respond to lawful requests, protect our rights and users' safety.
Privacy-First Approach: We use anonymized data for analytics and never use personal information for marketing without explicit consent.

Our Marketing Approach:

We believe in privacy-first marketing. We only send marketing communications if you explicitly opt-in during registration or through your account settings.

What We May Send:
  • Product updates and new features
  • Privacy best practices and industry insights
  • Webinars and educational content
  • Special offers and promotions
Easy Opt-Out:
  • Unsubscribe link in every email
  • Account settings management
We Promise:
  • ✓ No spam or excessive emails
  • ✓ Valuable content only
  • ✓ Respect your preferences
  • ✓ Easy unsubscribe process

Where We Store Your Data:

SimplePIA is hosted on Digital Ocean's cloud infrastructure with data centers in Canada, ensuring your core platform data remains within Canadian jurisdiction.

Data Residency:
All PIA content and user account data is stored in Canadian data centers and remains subject to Canadian privacy laws.
Third-Party Services:

Some platform features use third-party services with appropriate data protection agreements:

  • Stripe (US): Payment processing and billing information storage
  • Email Services (Canada): Transactional emails and notifications
  • Analytics: Anonymized usage data from audit logs only
Protection Measures:
Third-party services are selected based on their privacy and security standards. Payment data with Stripe is encrypted and tokenized for security.

Limited Sharing for Service Delivery:

We only share your information when necessary to provide our services or as required by law. We never sell your personal information.

Who What Information Purpose
Your Team Members Your name, email, and profile information. Subscription and PIA content within shared subscriptions Collaboration on privacy assessments
Service Providers Technical and account information (minimal) Platform hosting, payment processing, customer support
Legal Authorities Information as required by law Compliance with legal obligations only
We Never:
  • Sell your personal information
  • Share PIA content outside your organization without consent
  • Use your data for advertising or marketing to others

Technical Safeguards:
  • End-to-end encryption for data transmission
  • Encrypted database storage
  • Regular security updates and patches
  • Multi-factor authentication support
  • Automated backup and recovery systems
  • Intrusion detection and monitoring
Operational Safeguards:
  • Staff privacy and security training
  • Access controls and audit logging
  • Regular security assessments
  • Incident response procedures
  • Data retention and destruction policies
  • Vendor data processing agreements
Continuous Improvement: We regularly review and update our security measures to protect against evolving threats and maintain the highest standards of data protection.

Your Privacy Rights:
Access
Request a copy of your personal information
Correct
Update or correct your information
Delete
You may delete your account and data
Export
Download your PIA data in portable format
Object
Unsubscribe from marketing emails and promotional communications
How to Exercise Your Rights:
Contact Us:

Email us at [email protected] with your request and we'll respond within 30 days.

Account Settings:

Many settings can be managed directly through your SimplePIA account preferences.

Data Export:

Use the built-in export features to download your PIAs and related data.

Our Cookie Policy:

SimplePIA uses only essential cookies required for platform functionality. We do not use tracking or marketing cookies.

Cookie Type Purpose Can You Opt Out?
Session Keep you logged in and maintain your session Required
Security Protect against security threats and fraud (including CSRF protection) Required
Cookie Notice Remember that you've acknowledged our cookie notice Required
Privacy-First Approach

We use server-side analytics from existing audit logs instead of tracking cookies.

Your browsing behavior is not tracked across websites.

Data Type Retention Period Reason
Active Account Data While account is active Service provision
PIA Content While subscription is active + 30 days grace period Allow data recovery during grace period
Billing Records 7 years (or as required by law) Legal and tax requirements
Security Logs 2 years Security monitoring and incident response
Analytics Data 2 years (anonymized) Service improvement
Account Deletion: When you delete your account, we immediately stop processing your information and begin secure deletion procedures. Some information may be retained for legal compliance as outlined above.

How We Handle Policy Updates:
Notification Methods:
  • In-app notifications for significant changes
  • Email notifications to active users
  • Updated policy posted on our website
  • Change log with effective dates
Your Options:
  • Review changes before they take effect
  • Contact us with questions or concerns
  • Export your data if you disagree with changes
  • Delete your account if you choose to opt out
Advance Notice: We will provide at least 30 days notice before any material changes to how we handle your personal information take effect.

Privacy Officer

Email: [email protected]

Response Time: Within 30 days

For: Privacy questions, rights requests, concerns

Need Further Help?

If you're not satisfied with our response:

  • BC Privacy Commissioner:
    www.oipc.bc.ca
  • Federal Privacy Commissioner:
    www.priv.gc.ca
  • Your Provincial Privacy Commissioner:
    (where applicable)
Effective Date

This privacy policy is effective as of January 2025

Last updated: January 2025 | Version: 1.0

back to Top
All times shown on this site are in Canada Pacific Time