Privacy Policy

1. Introduction

This Privacy Policy explains how Simplifyterm (operated by Yinovise ApS, Denmark) collects, processes, shares, and protects personal data in the course of providing its services. Simplifyterm is a legaltech service provider offering AI-powered tools to legal professionals, and it takes privacy, confidentiality, and professional secrecy obligations with the highest level of seriousness.

Simplifyterm complies with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the French Data Protection Act, the Danish Data Protection Act, and applicable CNIL and EDPB guidance. This Privacy Policy applies to all processing of personal data by Simplifyterm in the context of the operation of its services, including SmartQuery, contract drafting platforms, and Prompt Smarter training modules.

This policy is supplemented by any specific service-level agreements, data processing agreements, or acceptable use policies entered into between Simplifyterm and its Clients.

2. Identity and Contact Details of the Data Controller

The data controller is:

Yinovise ApS (operating under the brand "Simplifyterm"), CVR 43584404, Copenhagen, Denmark

Contact: www.simplifyterm.com

DPO: gabriela@simplifyterm.com

Where required under GDPR Art. 27, a local representative may be appointed.

3. Scope and Categories of Personal Data Processed

Simplifyterm may process the following categories of personal data:

Identity and contact details (e.g., full name, business email, professional role)
Account information (e.g., login credentials, user preferences, metadata)
Communication data (e.g., contact forms, chat history, training interactions)
Prompt input/output data submitted through AI tools (SmartQuery, contract generator, clause builder)
Uploaded content, including documents, clauses, or templates
Log data, device/browser information, usage analytics, cookies (see Section 11)

Simplifyterm does not request nor intend to process:

Special category data under Art. 9 GDPR, unless specifically contracted and covered by a DPA
Criminal data under Art. 10 GDPR

4. Lawful Bases for Processing

Simplifyterm processes personal data lawfully, fairly, and transparently. The legal bases relied upon include:

Art. 6(1)(b) GDPR: Contractual necessity to provide services
Art. 6(1)(c): Compliance with legal obligations (e.g., security logs, retention)
Art. 6(1)(f): Legitimate interest in operating and improving secure AI tools
Art. 6(1)(a): Consent (where required, e.g., for cookies or email campaigns)

5. Processing Activities and Purposes

Purpose	Legal Basis	Description
Account registration and authentication	Contract	To allow Clients to access and use services
Operation of AI tools	Contract / Legitimate Interest	To process user inputs, generate outputs, support document automation
Usage analytics, performance monitoring	Legitimate Interest	To ensure the platform functions securely and efficiently
Anonymized model training (proprietary only)	Legitimate Interest / Consent	Improve private models without identifying users
Communication, support, legal notices	Contract / Legal Obligation	Responding to inquiries, legal notifications, incident alerts

No automated decisions with legal or similarly significant effects are made without human oversight.

6. AI Processing Specifics

Simplifyterm uses proprietary and/or third-party large language models to deliver AI services. By default:

AI prompts and outputs are transient, processed in-memory, not stored long-term unless explicitly authorized
Clients may opt out of anonymized prompt usage for product improvement
No prompts are used to train public foundation models (e.g., OpenAI, Claude, Mistral) without express consent
All beta features (e.g., clause builder) are clearly labeled and provided "as-is" with no warranty of legal validity

7. Data Transfers and Hosting

Simplifyterm hosts production data exclusively within the European Economic Area (EEA). If subprocessors operate outside the EEA, Simplifyterm ensures GDPR compliance through:

Execution of Standard Contractual Clauses (SCCs) approved by the European Commission
Additional contractual, technical, and organizational safeguards
Assessments of third-country legal environments in accordance with EDPB guidelines

8. Subprocessors and Third Parties

Simplifyterm engages trusted subprocessors to support infrastructure, email delivery, cloud hosting, and optional AI-related features (e.g., language models such as OpenAI and Claude). These subprocessors are contractually required to:

Maintain confidentiality and data protection obligations aligned with this Policy
Limit access to and use of Client Content strictly to what is necessary for providing their services

While Simplifyterm takes reasonable steps to ensure these subprocessors uphold appropriate data protection standards, some subprocessors (e.g., providers of third-party AI APIs) operate under their own privacy policies and terms. An up-to-date list of subprocessors is available upon request or on our website.

9. Security Measures

Simplifyterm implements commercially reasonable and risk-adapted security controls, including:

Encryption at rest and in transit (TLS 1.2)
Role-based access controls (RBAC)
Audit logging and anomaly detection
Internal employee access restriction by need-to-know
Incident response plans aligned with GDPR Art. 33–34

Clients remain responsible for ensuring user-side confidentiality and secure integration of our tools within their environment.

10. Data Retention

Data is retained only for the period strictly necessary for the purposes stated above, unless otherwise required by law:

Account and billing data: 3 years post termination
Uploaded documents: until deleted by user or contract expiry

11. Cookies and Web Tracking

Simplifyterm uses cookies for:

Security and session control (strictly necessary)
Analytics (optional, via Matomo or similar tools)
Performance improvements

You may manage cookie preferences via our banner or browser settings. We do not use tracking cookies for profiling or behavioral advertising.

12. User Rights Under GDPR

Users may exercise the following rights:

Right of access (Art. 15)
Right to rectification (Art. 16)
Right to erasure (Art. 17)
Right to restriction (Art. 18)
Right to portability (Art. 20)
Right to object (Art. 21)
Right to lodge a complaint with the CNIL (France) or Datatilsynet (Denmark)

To exercise your rights, please contact: privacy@simplifyterm.com

13. Contact and Data Protection Officer

Simplifyterm's DPO may be reached at:

Email: gabriela@simplifyterm.com

Website: www.simplifyterm.com

14. Changes to this Policy

Simplifyterm may update this Privacy Policy to reflect changes in applicable law or service evolution. Substantive changes will be communicated in advance. Continued use of the services constitutes acceptance of the updated Policy.

15. Supplemental Terms for French Clients

In accordance with French professional secrecy obligations (Code pénal Art. 226-13), Clients are reminded to:

Avoid uploading sensitive or privileged content without anonymization
Ensure compliance with bar rules and ethical frameworks
Activate on-prem or EU-residency-only settings for regulated content

Clients may request a specific Confidentiality Addendum or DPA.

SIMPLIFYTERM

Table of Contents