This Privacy Statement explains how Simplexi (“Simplexi,” “we,” “us,” or “our”) collects, uses, stores, and discloses personal information about our customers, potential customers, and individuals interacting with our services. It applies to the use of our website, our software, tools, applications, and related services (collectively, the “Services”).

By signing up for our Services and agreeing to our Terms of Service , you consent to the collection, use, and disclosure of information as described in this Privacy Statement. We may update this Statement from time to time; any updates will be reflected by revising the “Last Updated” date at the top of this page.

1. Personal Information Collection

We collect personal information only to provide the Services, communicate with you, and improve your experience. We employ industry-standard measures to prevent unauthorized access to stored data.

Information You Provide

When you create an account, request support, or communicate with us, we may collect:

• Basic User Information: Name, email, phone number, and profile photo or avatar.

• Authentication Data: When you use Meta (Facebook) Login, we collect your App-Scoped User ID (ASID) to securely identify your account.

Information Collected Automatically

• Log Information: Browser type, device version, IP address, access times, and pages viewed.

• Cookies and Tracking: We use cookies and similar technologies to enhance your experience, analyze feature usage, and improve the Services. You can refuse cookies via browser settings, but some Services features may be limited as a result.

2. How We Use Personal Information

For individuals in the European Economic Area (EEA), processing is justified by:

• The necessity to perform our agreement with you.

• Compliance with legal obligations.

• Legitimate business interests (security, fraud prevention, and service improvement).

We use personal information to

• Operate, maintain, and improve the Services.

• Respond to inquiries, support requests, or complaints.

• Protect our intellectual property and prevent fraud or misuse.

• Comply with legal and regulatory obligations globally.

3. Meta (Facebook/WhatsApp) Platform Data Use

When using Meta APIs, including WhatsApp Business API:

• Controller / Processor Roles: You, the Customer, are the Data Controller of any end-user data collected through our Services. Simplexi acts only as a Data Processor, handling data as necessary to provide the Services.

• WhatsApp Data Usage: Data obtained from WhatsApp Business API is used solely to provide messaging services to your end-users. We do not use this data for advertising, profiling, or any purpose prohibited by Meta/WhatsApp policies.

• Data Deletion: All deletion requests via Meta’s automated callback or manual requests to Simplexi will be fully executed. Data will be permanently removed or anonymized within 30 days, in line with Meta’s requirements.

4. Personal Information Disclosure

We do not share personal information without your consent except in the following circumstances:

• To fulfill your requests (e.g., account support or service usage).

• To detect, prevent, or address fraud, security, or technical issues.

• When required by law, government authorities, or law enforcement.

• In connection with a sale, merger, or acquisition of our company or assets.

When personal information is transferred outside the EEA, we ensure protection using European Commission-approved Standard Contractual Clauses or equivalent safeguards.

5. Data Retention

Personal information is generally stored for no longer than three (3) years, unless you request earlier deletion or we are required to retain data for legal, tax, or accounting purposes.

Meta (Facebook) Data Deletion Requests:

• Automated Request: Navigate to your Facebook Profile > Settings & Privacy > Settings > Apps and Websites. Locate Simplexi, click “Remove,” then click “Send Request” in the “View Removed Apps” section. This triggers our automated Data Deletion Callback.

• Manual Request: Email privacy@simplexi.io with subject “Data Deletion Request.” We will permanently anonymise or delete your data within 30 days.

6. Your Rights

EU Rights (GDPR)

You may:

• Access a copy of your personal information.

• Rectify inaccurate or incomplete data.

• Request deletion of your data.

• Port your data to another service.

• Object to processing based on legitimate interests.

California Rights (CCPA)

• We do not sell personal information for money.

• We may share hashed identifiers for referral tracking.

• California residents can request details about the categories of information collected and opt out of any sharing considered a “sale” under CCPA.

7. Security

The security of personal information is important to us. We implement reasonable technical and organizational measures to protect data. However, no method of transmission over the internet is 100% secure, and we cannot guarantee complete protection. In the event of a significant breach, we will notify users and authorities within 72 hours of discovery.

8. Children

Our Services are not intended for children under 16. We do not knowingly collect information from children under 16. If we become aware that such data has been collected, we will delete it immediately.

9. Contact Us

For questions about this Privacy Statement, to exercise your rights, or to request deletion of your data, contact:

Email: compliance@simplexi.io