Privacy Policy

Semplo ("Semplo", "we", "us") is operated by ReMingle AS, a Norwegian aksjeselskap (AS) registered in Norway ("the Company"). The Company is the data controller for personal data processed in connection with the Semplo service.

For privacy questions or to exercise your rights, contact us at privacy@semplo.com.

• Account data: name, email address, hashed password / authentication identifiers.
• Business profile: legal business name, address, VAT/organisation number, bank details (IBAN/BIC) that you enter in Settings.
• Customer & job data: the customer, quote, job and invoice information you enter into Semplo. This is your business data; we process it on your behalf.
• Payment data: billing name, country and last 4 digits of your card are visible to us via Paddle. Full card numbers are processed by Paddle and never stored by Semplo.
• Usage & technical data: IP address, device/browser information, basic logs needed to operate and secure the service.
• Support communications: emails you send us.

• Provide the service (account, jobs, quotes, invoices, PDF generation, email delivery) — legal basis: performance of a contract (Art. 6(1)(b) GDPR).
• Billing & subscription management via Paddle — legal basis: performance of a contract and legal obligation (tax/accounting).
• Security, fraud prevention, abuse detection, backups — legal basis: legitimate interests (Art. 6(1)(f)) in running a safe service.
• Service emails (password reset, billing notices, important changes) — legal basis: contract / legitimate interests.
• Legal/accounting obligations — legal basis: legal obligation (Art. 6(1)(c)).

We do not sell your data and we do not use it for advertising profiling.

We only share personal data with the processors required to deliver Semplo:

• Supabase — managed database, authentication and file storage hosting.
• Paddle — our Merchant of Record. Paddle processes payments, calculates and remits VAT, and handles subscription billing on our behalf. See Paddle's privacy notice for details.
• Resend — transactional email delivery (quotes, invoices, reminders, account emails).
• Hosting / CDN provider — to serve the application.
• Authorities — only where we are legally required to do so.

Some of these providers may process data outside the EU/EEA. Where that is the case, transfers are protected by appropriate safeguards such as the EU Standard Contractual Clauses.

• Active account data: kept while your account is active.
• After account deletion: active business data (customers, jobs, quotes, invoices) is deleted within 30 days of your deletion request, except where we must keep it longer to meet a legal obligation.
• Invoicing & accounting records: retained for up to 5 years (or longer where local tax law requires) to satisfy accounting and tax obligations.
• Backups: overwritten on a rolling basis within 35 days.
• Security logs: retained for up to 12 months.

Under GDPR and similar laws you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your data ("right to be forgotten"), subject to legal retention.
• Restrict or object to certain processing.
• Port your data — Semplo lets you export customers, jobs and invoices as CSV from Settings at any time.
• Withdraw consent at any time, where processing is based on consent.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact privacy@semplo.com. We respond within 30 days.

• All traffic to Semplo is encrypted in transit using TLS (HTTPS).
• Data is stored in a managed database with encryption at rest.
• Every row in our database is tied to an account, and access is enforced by Row Level Security (RLS) policies — members of one account cannot read another account's data.
• Passwords are hashed; we never see your plaintext password.
• Payment card details are handled by Paddle and never stored on Semplo servers.
• We follow least-privilege access for internal administration.

We use only the cookies and local storage strictly necessary to run the service (for example, keeping you signed in). We do not use third-party advertising or tracking cookies.

ReMingle AS · privacy@semplo.com

See also our Terms of Service and About pages.