Privacy Policy

SimpleSoft OÜ developed the SimpleSoft Security app to provide security and premium features. This SERVICE is provided by SimpleSoft OÜ at no cost (with optional premium upgrades) and is intended for use as is.

This page informs visitors about our policies regarding the collection, use, and disclosure of personal information by anyone deciding to use our Service.

By choosing to use our Service, you consent to the collection and use of information in accordance with this policy. The personal information we collect is used for providing and enhancing the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible within SimpleSoft Security, unless otherwise defined in this Privacy Policy.

Information Collection and Use

We collect certain information to improve your experience and the functionality of our app. Examples of data we collect include:

• App Usage Data: Such as the duration of a security scan, feature usage, and crash/error reports.
• Device Information: Such as device model, operating system version, and unique device identifiers for analytics purposes.
• Campaign Tracking Data: We utilize the Facebook SDK to understand how users discover our app and measure the effectiveness of advertising campaigns. This includes campaign source, medium, or similar non-personal details.
• Analytics Data: We use Google Analytics for Firebase (GA4) to understand general usage patterns of the app. This helps us improve the app’s features and user experience.

We do not sell your data. The collected data is used solely for providing our Service, enhancing its performance, and measuring campaign effectiveness.

RevenueCat ID and Purchase Restoration

Our app offers premium features through in-app purchases processed by RevenueCat. When you make a purchase, data about your transaction is handled by RevenueCat according to their own privacy policy. We additionally share your RevenueCat ID with our servers in order to:

• Facilitate purchase restoration
• Connect purchases or premium features to a previously used account

The RevenueCat ID is used strictly for verifying and restoring purchases and is never sold or shared with third parties beyond what is necessary to provide our Service.

Use of iPlocate.io for IP Geolocation

We use iPlocate.io to determine whether your IP address indicates you are in the European Union (or another region with specific data protection requirements such as GDPR). We send your full IP address to iPlocate.io, which returns geolocation data. We do not store this IP address on our own servers.

If you launch the app while offline, we cannot perform this check and will automatically apply GDPR-level data protection by default. For more information on how iPlocate.io handles IP addresses, please review their privacy policy .

Our legal basis for processing this data is our legitimate interest or legal obligation to determine and provide the appropriate privacy measures based on your region. You can disable analytics, marketing, and crash reporting at any time in the app’s settings, regardless of your detected region.

Data Collection and Storage

• EU Data Storage: All data collected through Amplitude is stored on servers located within the European Union.
• Anonymized Data: All data collected is anonymized and does not contain personally identifiable information.
• Installation and Conversion Tracking: We collect data on app installations and user conversions to measure the effectiveness of our features and marketing efforts.

Data Usage

The anonymized data collected through Amplitude is used to:

• Understand how users interact with our app
• Measure the effectiveness of our marketing campaigns
• Identify areas where we can improve user experience
• Track conversion rates for various features

User Control

You can opt out of Amplitude Analytics data collection at any time through the app's privacy settings. Opting out will not affect your ability to use any features of the app.

Third-Party Services

We use third-party services that may collect non-personally identifiable information to help us improve our Service. Below are the third-party services we utilize along with links to their privacy policies:

• Google Play Services
• Google Analytics for Firebase (GA4)
• Meta Platforms, Inc. (Facebook SDK)
• RevenueCat, Inc.
• Trustlook (for antivirus and security features)
• Amplitude, Inc.

Facebook SDK and Marketing Attribution

Our app uses the Facebook SDK solely to understand how users discover SimpleSoft Security through our external marketing campaigns. While we advertise our app on Facebook and Instagram platforms, we do not display any advertisements within the app itself.

External Marketing Attribution

We collect limited data through the Facebook SDK to measure the effectiveness of our promotional campaigns on Facebook and Instagram. This includes:

• Campaign source information (which advertisement led you to our app)
• Installation attribution (which platform you found us on)
• Basic conversion data (when you installed the app after seeing our advertisement)

Data Usage and Limitations

• This data is used exclusively for measuring our external marketing campaign performance
• We do not use this information for in-app advertising (as our app is ad-free)
• No personal Facebook profile information is collected
• This information is never sold or shared with third parties for advertising purposes

User Control

You can manage your data sharing preferences related to campaign attribution:

• In your device's privacy settings, you can limit ad tracking at the system level
• These settings will not affect your ability to use any features of our app
• Disabling tracking only affects our ability to measure marketing campaign effectiveness

For more information about how Facebook processes this data, you can review their privacy policy at Facebook's Privacy Policy .

User Control and Preferences

You have control over certain data-sharing preferences. You can:

• Disable Analytics: If you do not want to share usage data for analytics, you can disable this feature in the app’s settings. Disabling analytics will limit our ability to understand app performance and improve features, but it will not affect your ability to use the app.
• Opt Out of Campaign Attribution Tracking: You can disable tracking that helps us understand how you discovered our app in the settings if such an option is provided.

To access these settings, navigate to Settings > Privacy in the app.

Crash and Error Reporting

We use Crashlytics, a service provided by Google, to help diagnose and fix crashes or errors in the app. Crash reports include device details at the time of the crash (e.g., OS version, app version) but do not include personal information. You can learn more about Crashlytics' privacy policy here .

In-App Purchases

All in-app purchases are processed through RevenueCat. By making a purchase, you agree to RevenueCat’s privacy policy, which is available here , and their Data Processing Addendum (DPA) here .

We collect data related to your purchases only for enabling premium features and handling purchase restorations. As mentioned, we share your RevenueCat ID with our servers for restoring purchases and linking them to a previous account if needed.

Log Data

In the event of an error or crash, we collect data and information (via third-party services) on your phone called Log Data. This may include details such as your device’s IP address, device name, operating system version, app configuration, and other statistics. Log Data is retained for up to 12 months or as needed to diagnose and resolve issues.

Antivirus and Security Features

Our app includes antivirus features provided by Trustlook. To deliver this service, the app collects information about installed apps on your device (e.g., package names and signatures) to check for potential threats. Trustlook’s SDK processes this data locally and reports any findings without collecting personal information. For more information, see Trustlook’s privacy policy .

Data Breach Monitoring Feature

We offer an optional Data Breach Monitoring feature that utilizes haveibeenpwned (HIBP) to check if your email address has been involved in any known data breaches.

Information Collection and Use

• Email Address: If you choose to use this feature, we collect your email address solely to check it against the HIBP database.
• Optional Service: Providing your email address is entirely optional and based on your explicit consent.

Real-Time Monitoring

• Consent to Store Email: If you opt into real-time monitoring, we securely store your email address (in encrypted form) to periodically check it against new data breaches reported by HIBP.
• Withdrawal of Consent: You may withdraw your consent and disable real-time monitoring at any time in the app settings. Upon withdrawal, your email address will be deleted from our servers.

Data Sharing and Security

• Third-Party Service: We use HIBP to perform breach checks. Your email address is sent securely to HIBP for this purpose. You can review their privacy policy here .
• Data Protection: We encrypt your email address using industry-standard methods and implement appropriate technical and organizational measures to protect your data.

Legal Basis for Processing

The processing of your email address is based on your explicit consent, which you can withdraw at any time.

User Rights

• Access and Deletion: You have the right to access, correct, or request deletion of your email address. To exercise these rights, contact us at contact@simplesoft.ee.
• Opt-Out: You can disable the Data Breach Monitoring feature in the app settings at any time.

Data Retention

We retain your email address for as long as you have the real-time monitoring feature enabled. If you disable the feature or request deletion, your email address will be promptly removed from our servers.

International Data Transfers

haveibeenpwned may process data in countries outside of your own. We ensure that appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

Network Security Audit Feature

Our app offers an optional Network Security Audit feature to help you enhance your device security. It analyzes various device and network settings, such as Wi-Fi configurations, Bluetooth status, private DNS, and cellular settings, to provide feedback on potential security improvements.

Background Security Monitoring

• Always-on Security Checks: Validates your device’s network settings even when the app is not in use.
• Advanced Security Analysis: Additional security checks powered by Trustlook’s security technology.

Background monitoring is optional and can be disabled at any time.

Permissions Required

• Location Access (Precise and Coarse): Required by Android OS to access Wi-Fi network information. We only use it to identify Wi-Fi networks for security checks.
• Background Location Access: Required by Android OS to access Wi-Fi networks when the app is not in use. No GPS location tracking is performed.

Information Accessed

• Wi-Fi network names and identifiers
• Bluetooth status
• Private DNS settings
• Cellular network settings

Data Usage and Privacy

Most security validations are processed locally on your device. Some advanced checks may use Trustlook’s services but do not transmit personal data. No personal or location data is stored on our servers beyond what is needed to perform the feature’s functions.

Your Rights Under CCPA (for California Residents)

If you are a resident of California, you have the following rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal data is being collected about you.
• The right to request deletion of your personal data.
• The right to opt out of the sale of your personal data.

To exercise these rights, please contact us at contact@simplesoft.ee.

Opt-Out for California Residents (CCPA)

If you are a California resident, you have the right to opt out of the sale of your personal information. We do not sell personal information. If you have questions regarding your data rights, please email us at contact@simplesoft.ee.

Your Rights Under LGPD (for Brazilian Residents)

If you are a resident of Brazil, you have rights under the Brazilian General Data Protection Law (LGPD), such as:

• The right to access, correct, delete, or port your personal data.
• The right to withdraw consent or object to processing activities.

To exercise these rights, please contact us at contact@simplesoft.ee.

Your Rights as a Non-EU/Non-US User

If you are located outside of the European Union and the United States, you still have the following rights (and potentially others, depending on your country):

• Right to Delete Data: You can request the deletion of your personal data at any time.
• Disable Analytics: You can choose to disable analytics in the app’s privacy settings, stopping the collection of usage data.

To exercise any of these rights, you can contact us at contact@simplesoft.ee. We will respond within the legally required timeframe and may need to verify your identity before processing your request.

Your Rights Under GDPR (for EU Residents)

If you are located in the European Union, you have certain rights under the General Data Protection Regulation (GDPR), including:

• Right to Access: You can request access to your personal data and obtain a copy.
• Right to Rectification: You can request the correction of inaccurate personal data.
• Right to Erasure: You can request deletion of your personal data under certain circumstances.
• Right to Restriction of Processing: You can request limitations on how your data is processed.
• Right to Data Portability: You can request to receive your data in a commonly used format and have it transferred to another controller.
• Right to Object: You can object to data processing, for example, if done for direct marketing or other legitimate interests.

To exercise any of these rights, contact us at contact@simplesoft.ee. We will respond within the legal time limit (usually 30 days). We may need to verify your identity before processing your request.

Legal Basis for Processing Personal Data

We collect and process personal data under the following legal bases (as required by GDPR):

• Consent: When you explicitly consent (e.g., enabling analytics, sharing an email for breach monitoring).
• Performance of a Contract: Processing necessary to fulfill contractual obligations, such as handling in-app purchases.
• Legal Obligation: We may process your data to comply with legal requirements (e.g., tax, fraud prevention).
• Legitimate Interests: To enhance security, improve our Service, and measure campaign performance.

Data Retention

We retain your personal data only as long as necessary to fulfill the purposes described in this policy or as required by law. Specifically:

• Purchase Data: Retained as long as necessary for legal and transactional obligations.
• Analytics Data: Retained for up to 24 months unless you request deletion earlier.
• Account-Related Data: Retained for the duration of your use of the app and up to one year after you delete your account, unless otherwise required by law.

International Data Transfers

We may transfer your personal data outside of the European Economic Area (EEA) to provide our Service. When doing so, we ensure appropriate safeguards (e.g., Standard Contractual Clauses) are in place to protect your data in line with GDPR requirements.

Cookies and Tracking Technologies

Our app may use cookies or similar tracking technologies to analyze usage patterns and improve functionality. You can manage your preferences regarding these technologies in the app’s settings. Because we do not serve ads, no personalized ad tracking cookies are utilized.

Data Breach Notification

In the unlikely event of a data breach, we will notify affected users without undue delay and report the breach to relevant authorities within 72 hours if it poses a risk to users’ rights and freedoms.

Lodging a Complaint

If you believe your personal data has been processed unlawfully, you have the right to lodge a complaint with your local data protection authority. EU users can find information on their rights and relevant authorities at this link .

Security

We value your trust in providing your personal information and use commercially acceptable means of protecting it. However, no method of transmission or electronic storage is 100% secure, and we cannot guarantee its absolute security.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. You are advised to review this page periodically for any changes. We will notify you of updates by posting the new Privacy Policy here and/or via an in-app notification. Changes take effect immediately after they are posted.

Contact Us

If you have any questions or suggestions regarding our Privacy Policy, please contact us at contact@simplesoft.ee.