0. Executive Summary
- Why: We use limited personal data to create and manage your account, provide and secure our services, bill you, and support you.
- What: Name, work email, phone, company, billing details; product usage and log data; and, when you connect systems (e.g., NetSuite), business data needed to deliver the service.
- Cookies: We use cookies for functionality, analytics, and preferences. See our Cookie Policy.
- Your rights: Access, rectify, delete, port, restrict, and object (as applicable).Security: Encryption in transit/at rest where applicable, access controls, monitoring, and secure development practices.
- Where: Data is collected in our web app, APIs, and integrations.
- When: On sign-up, during product use, and when you contact us.
- Who:Simon is the data controller for account/website data; for customer content you connect (e.g., ERP data), Simon acts as a data processor to your organization.
- How long: We retain data only as needed for the purposes above and to meet legal obligations.
1. Who We Are
Simon (“we”, “us”) provides AI-powered analytics and automations for finance teams.
Legal entity: READY TO VUALA, SL. Adress: Via Augusta 114, 08006 Barcelona, Spain.
Privacy contact: hello@joinsimon.ai.
If you are in the EEA/UK, Simon is the controller for account/website data, and a processor for customer content processed on your organization’s instructions (see §5).
2. What We Collect
2.1 Data you provide
- Account & profile: name, work email, phone, company, role, password (hashed).
- Billing: billing contact, address, tax/VAT ID, payment method (handled by our PCI-compliant provider; we don’t store full card data).
- Support & communications: messages, tickets, call notes, feedback.
- Integrations you connect: configuration and credentials (stored securely), metadata needed to sync (e.g., account IDs, entity IDs).
2.2 Data we process on your behalf (customer content)
- Transactional and operational data from systems you choose to connect (e.g., ERP/NetSuite records, invoices, POs, SKUs, GL/transactions, vendors, customers, budgets/forecasts), including files you upload. Your organization controls this data; we process it to provide the service.
2.3 Data collected automatically
- Usage & logs: app events, API calls, timestamps, IP, device/OS, browser, locale, performance and error data.
- Cookies/SDKs: functional and analytics cookies/identifiers (see Cookie Policy).
2.4 No special categories / children
We do not intentionally collect special category data or children’s data.
3. How We Use Data
- Provide and improve the service (set-up, syncs, analytics, automations, personalization).
- Security and abuse prevention (logging, fraud/misuse detection, incident response).
- Customer support and communications (product updates, notices).
- Billing and account administration.
- Analytics and product research (aggregated/de-identified where possible).
- Marketing (only B2B, and with consent where required; you can opt out anytime).
AI/LLMs
We may use AI models to generate insights and automate workflows. Customer content is not used to train public models. Our vendors are contractually prohibited from using your data for their own training. You can request more details about current AI processors at {{link to sub-processors page}}.
4. Legal Bases (EEA/UK)
- Contract necessity (provide the service).
- Legitimate interests (product security, analytics, service improvement, B2B direct marketing with safeguards).
- Consent (cookies/optional marketing).
- Legal obligations (tax, accounting, compliance).
5. Controller vs Processor
- Controller: Simon for website, account, and billing data.
- Processor: Simon for customer content synced from systems you connect. Processing is governed by our Data Processing Addendum (DPA), including SCCs/UK Addendum where applicable. Request/sign the DPA at {{link or email}}.
6. Sharing and Disclosure
We share data only as needed:
- Service providers/sub-processors: hosting, storage, telemetry, communications, payments, AI infrastructure. List and roles at {{link to sub-processors}}.
- Affiliates (intra-group processing under appropriate safeguards).
- Compliance and safety: if required by law or to protect rights, safety, and integrity of the service.
- Business transfers: in the event of a merger, acquisition, or restructuring (we’ll notify you).
7. International Transfers
Where data leaves your region, we use approved safeguards (e.g., EU Standard Contractual Clauses, UK Addendum, and supplementary measures). Details in our DPA.
8. Security
We apply administrative, technical, and physical measures: encryption in transit/at rest (where applicable), role-based access, MFA, network segmentation, backups, audit logging, and vendor/security reviews. No method is 100% secure, but we work to continually improve.
9. Retention
We keep personal data only as long as necessary for the purposes in §3 and to meet legal, tax, or audit requirements. On contract termination, customer content is deleted or returned per your instructions/DPA, subject to legal holds and standard backup windows.
10. Your Rights
Depending on your location, you can access, correct, delete, port, restrict, or object to processing; withdraw consent; and lodge a complaint with your data protection authority. To exercise rights, contact {{privacy@yourdomain.com}} or use in-product controls.
11. Cookies and Tracking
See our Cookie Policy for details and how to manage preferences. Essential cookies are required for the service to function.
12. Marketing Choices
You can opt out of marketing emails via the footer link or by contacting us. Service and transactional emails are mandatory.
13. Third-Party Links
Our site/app may link to third-party sites. Their privacy practices are their own.
14. Contact
Questions or requests: hello@joinsimon.ai
15. Changes
We may update this policy. We’ll post changes here and, if material, notify account owners in advance.
