DATA PROTECTION POLICY

1. GDPR Compliance

SIMPLIX processes personal data in accordance with GDPR and applicable local data protection laws. Our lawful bases for processing are: contract performance, legitimate interest, and consent where required.

2. Data Controller

SIMPLIX operates as data controller for platform data. Contact: dpo@simplixspace.com

3. Data Processor Agreements

All third-party processors (Supabase, Vercel, Cloudinary) have signed Data Processing Agreements meeting GDPR requirements.

4. Data Subject Rights

To exercise your rights (access, rectification, erasure, portability, objection), submit a request to: privacy@simplixspace.com. We respond within 30 days.

5. Security Measures

We implement: AES-256 encryption at rest; TLS 1.3 in transit; role-based access controls; audit logging of all data access; and regular penetration testing.

6. Breach Notification

In the event of a data breach, affected users will be notified within 72 hours in accordance with GDPR requirements.

7. International Transfers

Data is processed within the EU. Any transfer outside the EU is governed by Standard Contractual Clauses.

8. Data Minimisation

We collect only data necessary for platform operation. We do not collect sensitive special-category data.