Privacy Policy (隐私政策)
Effective date(生效日): 2025-10-21
SIMPLIFY LAB SOLUTIONS (“we”, “us”, “our”) operates Simplify-AutoReply. This policy explains how we collect, use, share and protect personal data across our services, including WhatsApp integrations and optional Google Calendar/OAuth connections.
2) What data we collect (我们收集的数据)
- Account data: name, email, organization, role, auth identifiers (e.g., workspace/Firebase UID), audit logs.
- WhatsApp business data: WABA ID, phone number & phone number ID, templates, statuses (sent/delivered/read), timestamps, routing metadata, and—only if enabled—message content & media.
- OAuth/Integrations: Google OAuth tokens (Calendar read/write if you approve), optional provider API keys (e.g., Gupshup/Telco) stored encrypted at rest.
- Diagnostics: IP, user agent, error logs, performance and security telemetry.
- Billing (if applicable): invoice info, tax ID, payment references (full card data remains with payment processor).
Note: By default we process messages transiently for delivery. Persistent storage (archiving) happens only if you enable it in workspace settings and may be time-limited.
3) How we use data (我们如何使用)
- Provide and operate Simplify-AutoReply features (auto-replies, templates, status webhooks, calendar sync).
- Customer support, troubleshooting, abuse and fraud prevention.
- Analytics & product improvement using aggregated or de-identified data.
- Billing & accounting; compliance with law and platform policies (e.g., WhatsApp Business Policy).
4) Legal bases (法律依据)
- Contract necessity (GDPR Art. 6(1)(b))
- Legitimate interests (security, diagnostics) (GDPR Art. 6(1)(f))
- Consent (e.g., calendar access) (GDPR Art. 6(1)(a))
- Legal obligation (invoicing, records) (GDPR Art. 6(1)(c))
5) Sharing & subprocessors (共享与子处理方)
We share data only as needed with vetted providers under Data Processing Agreements (DPAs). Live list (kept up-to-date): https://simplify-lab.com/subprocessors
Examples include: Meta (WhatsApp Cloud API), Google (OAuth/Calendar), hosting/infra (e.g., Render/Cloud provider), CDN/security, observability, and payment processors.
6) International transfers (跨境传输)
Data may be processed outside your country. We rely on Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. For users in Singapore, we also comply with the Personal Data Protection Act (PDPA) requirements regarding cross-border data transfers.
7) Security (安全)
- Encryption in transit (TLS) and at rest (secrets via industry-standard encryption).
- Key management/Secret Manager, strict RBAC & least privilege.
- Audit logging, anomaly detection and incident response.
- Backups & disaster recovery exercises.
8) Retention & deletion (保留与删除)
- Account data: for the life of the account plus a short backup period.
- Messages/media: transient by default; archived only if enabled with a configurable retention (e.g., 30–90 days).
- Logs: typically 30–180 days.
- Finance/records: as required by law (e.g., 5–7 years).
You can request deletion or export via admin@simplify-lab.com.
9) Your rights (你的权利)
- GDPR/UK GDPR: access, rectification, erasure, restriction, portability, objection, withdraw consent, lodge a complaint.
- CCPA/CPRA (if applicable): we do not “sell” personal information. If you are a California resident and believe additional rights apply, contact us at the email below.
- PDPA (Singapore) & other regimes: rights as per local laws. Contact us to exercise your rights.
Contact: admin@simplify-lab.com. We will respond within statutory deadlines.
10) Cookies & tracking (Cookies 与跟踪)
We use strictly necessary cookies for authentication and security; optional analytics only with consent where required. You can manage cookies in your browser settings.
11) Children (未成年人)
Simplify-AutoReply is a B2B service and not directed to children under the age applicable in your region (e.g., 13/16). We do not knowingly collect children’s data.
12) Changes (变更)
We may update this Policy from time to time. Material changes will be notified in-app or by email.