Privacy Policy

Last updated: April 21, 2026

This policy explains what data Simon Platform collects, why, how long we keep it, who we share it with, and how you can remove it. We try to keep it short and accurate. If anything is unclear, email simonsangla@gmail.com.

Data controller

Simon Platform is operated by D Fabrik, run by Simon Sangla, contactable at simonsangla@gmail.com. For GDPR / UK GDPR purposes, we are the data controller of the personal data described below.

What we collect

• Account data: email address and, if you sign in with Google, the OAuth profile fields Google releases to us (display name, email, profile picture URL). No Google Drive, Gmail, Calendar, or Contacts scopes are requested.
• Authentication state: session tokens, IP address and user agent for the device that signed in, and timestamps. Used to keep you signed in and to detect stale sessions.
• Billing data: if you subscribe, your Stripe customer ID and subscription status. We do not see or store full card numbers — Stripe handles payment details directly.
• Product usage: server logs (request path, response code, latency, user agent) retained for up to 30 days for debugging and abuse prevention.

Legal basis

We process account and authentication data under contract (Art. 6(1)(b) GDPR) — you need an account to use the service. Billing data is processed under the same basis. Server logs are processed under legitimate interest (Art. 6(1)(f) GDPR) for keeping the service running and secure.

Sub-processors

We do not sell your data. We share what the service requires with these processors:

• Neon (EU, Frankfurt) — Postgres database for account, session, and subscription records.
• Vercel (US/EU) — application hosting and edge delivery.
• Stripe (IE/US) — subscription billing. Stripe's own privacy policy governs payment-method data.
• Google (US) — only if you sign in with Google. Used to verify identity; no further data exchange after the OAuth handshake.

Retention

• Account records: kept for the life of the account, then deleted within 30 days of deletion request.
• Sessions: expire automatically; expired sessions are pruned within 7 days.
• Billing records: kept as long as legally required (typically 7 years for invoicing records under EU tax law).
• Server logs: up to 30 days.

Your rights

You have the right to access, correct, export, and delete your personal data, and to object to processing. To exercise any of these, email simonsangla@gmail.com. We respond within 30 days. You may also lodge a complaint with your local data protection authority.

Cookies

We use a single first-party cookie to hold your authentication session. No third-party analytics, advertising, or tracking cookies are set.

Children

Simon Platform is not directed at children under 16 and we do not knowingly collect their data. If you believe we have, contact us and we will delete the account.

Changes

We will update the date above and, for material changes, notify signed-in users by email at least 14 days before the change takes effect.

Contact

Privacy questions or requests: simonsangla@gmail.com.