Skip to main content

Privacy Policy

Data we collect

What we ask for, and why

  • Account data— email address, display name, and authentication provider (Google, Apple, or email). We don't store passwords; sign-in is OAuth or one-time codes.
  • Usage data — episodes viewed, reports accessed, shows followed, saved items, notebook entries, onboarding answers.
  • Subscription data — plan and billing status. Card numbers are handled and stored by Stripe, not by us.
  • Email subscribers — if you subscribe to our digests without an account, we keep your email address and your preferences.
  • Technical data — IP address, browser, and device information for security and abuse prevention.

How we use it

Only what's needed to run the service

  • Provide and personalize the service
  • Send digests, reports, and notifications you've opted into
  • Process subscription payments via Stripe
  • Improve the product through aggregate, de-identified usage analysis
  • Send essential account communications (verification, security, billing)

We don't sell your data. We don't use it for advertising. We don't share it with brokers.

Storage & security

Where your data lives, and how it's protected

Database

Supabase Postgres, hosted in the EU (AWS eu-west region).

Encryption

TLS 1.3 in transit. AES-256 at rest. Backups encrypted with separate keys.

Access

Row-level security, narrowly-scoped service keys, audit logs. No engineer reads your private data without an explicit support request from you.

Third-party services

The vendors we rely on, and what they handle

Supabase

Database hosting (EU region) and auth tokens

Stripe

Subscription billing and payment processing

Resend

Transactional and digest email delivery

Google · Apple

OAuth sign-in providers

OpenAI · Google · Anthropic

AI models for summary generation

Vercel

Application hosting and edge delivery

Sentry

Error reporting (no user content sent)

Your rights (GDPR)

What you can do with your data, any time

Access

Request a copy of every record we hold about you.

Rectification

Correct anything that's wrong.

Erasure

Delete your account and all associated data — completed within 30 days.

Portability

Export a complete copy of your data as a downloadable HTML file.

Objection & restriction

Opt out of non-essential processing or limit how we use your data.

Most rights can be exercised directly in Settings. For anything else, email privacy@simplicity.finance.

Cookies

What we set, and what we don't

  • Essential only — authentication and session state.
  • No advertising or cross-site tracking cookies.
  • No third-party cookies set by our application.

Email communications

What we send, and how to stop

  • Transactional — verification codes, billing receipts, important account notices. Cannot be disabled while your account is active.
  • Digests & reports — only sent if you opt in. Toggle off any time in Settings.
  • Product updates — rare, opt-out via the unsubscribe link in any such email.

Retention

How long we keep things

Active accounts

Retained for as long as your account exists.

After deletion

All personal data is removed within 30 days. Backups containing residual data age out within 90 days.

Aggregated analytics

De-identified product metrics may be retained indefinitely for service improvement.

Contact

Privacy questions or data requests

Data Protection Officer

privacy@simplicity.finance

Last updated: 8 May 2026