Privacy Policy

We are committed to protecting your personal data and being transparent about how we collect, use, and store it. This Privacy Policy explains what information we collect, why we collect it, and how we handle it. We may update this Privacy Policy from time to time to reflect changes in our business, services, or legal obligations. Any updates will be posted on this page with the revised effective date shown at the top. Where appropriate, we will notify registered users of material changes by email.

If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please contact us:

Email: hello@gosimless.com
Post: IO Microservices Ltd, 9 Goshawk Court, Ridding Lane, London, UB6 0FL

We aim to respond to all data protection enquiries within a reasonable timeframe and in accordance with applicable data protection laws.

Summary

The following is summary which provides key points from our Privacy Notice - review the Privacy Policy in full if you want to learn more about what we do with any information we collect.

What data we collect: We collect information such as your name, contact details, address, purchase or subscription information, payment details (via secure third parties), technical data (like IP address), and communication records. When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.
How we collect your data: We collect data directly from you when you use our Website, create an account, or make a purchase. We also collect some data automatically through cookies and analytics, and may receive data from third-party services.
How we use your data: We use your information to process purchases and subscriptions, manage payments, provide customer support, improve our services and, if you consent, send you relevant marketing. We do not process sensitive personal information.
Legal basis for processing your data: We process your data where it is necessary to fulfil a contract with you, where we have your consent, to comply with legal obligations, or for our legitimate business interests.
Sharing your information: We share your data with vetted Service Providers to deliver services and with trusted third parties like payment processors and IT providers. We do not sell your data. We do not collect any personally-identifiable information from third parties, unless required and consent has been collected.
International transfers: If your data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place to protect your rights.
How long we keep your data: We retain personal data only as long as necessary for legal, operational, and customer service reasons, after which it is securely deleted.
How we protect your data: We use encryption, secure servers, and access controls to safeguard your personal information from unauthorised access or misuse. We have adequate organisational and technical processes and procedures in place to protect your personal information.
Your rights: You have rights under UK data protection laws, including the right to access, correct, delete, or restrict your data, as well as to object to certain uses.
Cookies: We use cookies to enhance your browsing experience, understand usage patterns, and personalise content. You can manage your preferences in our Cookies Policy.
Third-party links: Our Website may contain links to other websites. We are not responsible for their privacy practices or content.
Changes to this policy: We may update this Privacy Policy from time to time. Significant changes will be communicated clearly on our Website.
Contact us: For questions, requests, or complaints regarding your data, you can contact us at hello@gosimless.com or by post at our registered address.

1. What Data We Collect

We collect different types of personal data to help us operate our platform, process your purchases and subscriptions, and provide you with a smooth and secure experience. The data we collect includes:

1.1 Information You Provide to Us

When you interact with our Website, make a purchase, or contact us, you may provide:

Contact details – such as your name, email address, phone number, and billing address
Account information – such as your username, password, and preferences (if you create an account)
Communication data – including emails, messages, reviews, and customer service queries

Sensitive information: We do not process sensitive information.

We do not knowingly collect personal data from anyone under the age of 18. If we become aware that a child has provided us with personal information, we will take steps to delete it promptly.

1.2 Payment Information

When you make a purchase, your payment details are processed securely by our third-party payment providers. We do not store your full card details, but may retain limited information such as the last four digits of your card or transaction references for fraud prevention, customer support, and record-keeping.

All payment data is handled and stored by Stripe. You may find their privacy notice link here: https://stripe.com/gb/privacy.

1.3 Automatically Collected Data

When you use our Website, we may automatically collect:

Technical information – This includes data transmitted by your browser or device when you access our Website. It may include your IP address, browser type and version, operating system, language settings, time zone, device identifiers, referring website or URL, and the date and time of each request. This information helps us understand how the Website is accessed and used, and is also used for troubleshooting and security purposes.
Usage data – Such as which pages you visit, the actions you take on the Website, how long you stay on each page, and interactions with forms or links. This helps us optimise the user experience and assess the performance of our services.
Cookies and tracking technologies – We use cookies and similar technologies to recognise you, analyse traffic, remember your preferences, and personalise content. For full details, see our Cookies Policy.

1.4 Optional and Marketing Information

If you opt in, we may also collect:

Marketing preferences – such as your consent to receive promotional emails or SMS updates
Referral information – if you use a referral code or take part in a promotion

2. How We Collect Your Data

We collect personal data in a number of ways, depending on how you interact with our Website and Services. This includes:

2.1 Data You Provide Directly

You may provide personal data when you:

Create an account or update your profile
Make a purchase or subscription
Contact us by phone, email, or through our Website
Leave a review or complete a feedback form
Enter a promotion, referral scheme, or subscribe to marketing communications

2.2 Data We Collect Automatically

When you access or use the Website, we automatically collect certain technical and usage information, including:

Device and browser information
IP address and location (approximate)
Log files and interaction data (e.g. pages visited, time spent on site)
HTTP header data from your device
Cookies and similar tracking technologies (see our Cookies Policy)

2.3 Data We Receive from Third Parties

We may receive data from trusted third-party services, including:
Payment processors, for transaction-related information
Marketing partners or referral platforms (if you arrive via a tracked link or promotion)
Identity verification providers (in limited cases, such as fraud prevention)

3. How We Use Your Data

We use your personal data to operate our platform, provide services, improve user experience, and fulfil our legal obligations. The way we use your data depends on how you interact with us and the services you use.

3.1 Performance of a Contract

We process your personal data when it is necessary to perform our contract with you or to take steps at your request before entering into a contract. This includes:

Provide services you request through our Website
Manage subscriptions, payments, and communications with you
Facilitating payment transactions
Sending purchase confirmations and service-related updates

3.2 Legitimate Interests

We may process your data when it is necessary for our legitimate business interests, provided your rights and freedoms are not overridden. This includes:

Improving and optimising our Website and services
Communicating with you for customer service purposes
Handling customer support and resolving disputes
Monitoring usage and customer satisfaction
Preventing fraud and ensuring the security of our platform from unauthorised or malicious activity
Sending service-related notifications
Using anonymised data for statistical analysis and business planning
Analysing anonymised data to assess trends and improve operations

Where we rely on legitimate interests, we always balance our interests with your privacy rights and only use data in ways you would reasonably expect.

3.3 Legal Obligations

We process certain data to comply with our legal and regulatory obligations, including:

Tax, accounting, and financial reporting
Responding to lawful requests from authorities, law enforcement or regulators
Retaining purchase, subscription and/or transaction records in accordance with applicable regulations

We rely on your consent to:

Send you marketing communications by email or SMS
Use non-essential cookies or analytics tools (as detailed in our Cookies Policy)

You can withdraw your consent at any time by adjusting your settings or contacting us.

3.5 Payment Processing

Payments are securely processed via Stripe, a trusted third-party payment processor. We do not store your full payment details, but Stripe may collect and process payment information in accordance with their privacy policy:
https://stripe.com/gb/privacy

3.6 Automated Decision-Making and Profiling

We may use limited automated decision-making (e.g. for fraud detection or payment verification) where necessary to protect our platform and users. We may also use anonymised data for profiling and large-scale trend analysis to help improve our services. We do not make any fully automated decisions that have legal or similarly significant effects without your explicit consent or unless required by law.

3.7 To Provide and Manage Our Services

We use your data to:

Process and manage purchase and subscriptions
Communicate with you about your purchases, subscriptions and account
Manage payments and send confirmations
Fulfil legal obligations

3.8 To Improve Our Website and Services

We use technical and usage data to:

Understand how users interact with our Website
Monitor and improve performance, security, and functionality
Develop new features and enhance user experience

3.9 For Customer Support and Dispute Resolution

We use communication and transaction data to respond to enquiries, complaints, or support requests.

3.10 For Internal Business Operations

We may use your data to:

Maintain internal records and audit logs
Support training, quality assurance, and compliance monitoring
Analyse business performance and trends

We only share your personal data where necessary and in accordance with applicable data protection laws. We do not sell your personal data to third parties.

4.1 Data Disclosures

We may share your personal data with the following types of third parties, but only for specific and legitimate purposes:

With Service Providers – We share limited data with suppliers, partners, and other professionals solely for the purpose of fulfilling the service you have purchased. This includes only the information necessary to carry out the service and service instructions.
With third-party providers that support our operations – This includes:
- Payment processors (e.g. Stripe) for secure payment handling
- IT and hosting providers to maintain our Website infrastructure
- Email and SMS platforms to communicate purchase and subscription confirmations and updates
- Customer support tools and analytics platforms to improve our services
With legal, regulatory, or public authorities – Where required by law or to comply with legal obligations, court orders, or regulatory requests. We may also disclose your data to prevent fraud, enforce our Terms of Service, or protect our rights and the safety of others.
With group companies – Where necessary, we may share data with our holding company, subsidiaries, or affiliated entities to manage and deliver our services.
In connection with business transactions – If we undergo a merger, acquisition, restructure, or asset sale, your data may be shared with prospective buyers, subject to appropriate confidentiality agreements.

All third parties are required to handle your data securely, only process it for the purposes we instruct, and comply with applicable data protection legislation.

We store most of our customer and transactional data on secure servers located in the United Kingdom. However, in some cases, we may store or process data on servers within the European Economic Area (EEA), depending on our infrastructure partners and service providers.

4.2 International Transfers

We aim to keep your personal data within the UK and EEA wherever possible. However, some of our third-party providers may process data in other countries, including the United States.

Where your data is transferred outside of the UK or EEA, we ensure that appropriate safeguards are in place to protect your privacy rights. These safeguards may include:

The use of Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO) or the European Commission
Ensuring the recipient is in a country deemed to have adequate data protection standards by the UK or EU
Where applicable, transfers to the United States may be covered by participation in the EU-U.S. Data Privacy Framework (formerly Privacy Shield), or equivalent safeguard mechanisms

We only transfer personal data internationally when necessary and always ensure that your data is protected to the same standard required under UK and EU data protection laws.

5. How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to provide our services, comply with legal and regulatory requirements, resolve disputes, and enforce our agreements.

The specific retention period depends on a number of factors, such as:

The type and sensitivity of the data
The nature of our relationship with you
Legal, tax, and regulatory obligations
Our need to defend or establish legal claims
The operational and administrative needs of our business
The level of risk associated with retaining or deleting the data (e.g. risk of fraud, unauthorised access, or harm)

We regularly review the personal data we hold and assess whether it is still necessary for the purposes outlined in this policy. Where retention is no longer necessary, we securely delete or anonymise your data. If you close your account, we will delete or anonymise your profile and restrict access to your data where possible. However, we may retain certain information where required for legal, regulatory, or legitimate business purposes. Where retention is no longer necessary, we securely delete or anonymise your data.

In some circumstances, you may have the right to request the deletion of your personal data (see Section 7: Your Rights). Please note that we may need to retain certain data even after a deletion request where we have a lawful reason to do so.

We may retain anonymised or aggregated data (which does not identify you) for analytics, research, or business reporting purposes indefinitely.

6. How We Protect Your Data

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, misuse, alteration, or disclosure.

6.1 Technical Security Measures

All data transmitted between your device and our Website is encrypted using HTTPS and TLS (Transport Layer Security) protocols.
We use firewalls, intrusion detection systems, and access controls to protect our systems and servers.
Passwords and sensitive data are stored using secure hashing and encryption techniques.
Our Website is hosted with reputable service providers who maintain secure infrastructure and data centres.

6.2 Organisational Measures

Access to personal data is strictly limited to authorised personnel and service providers who need it to perform their duties.
Our staff and contractors are trained in data protection and required to adhere to internal confidentiality and security policies.
We regularly review and update our data protection and security practices.

6.3 Third-Party Safeguards

We carefully vet third-party service providers (e.g. payment processors, email and hosting providers) to ensure they meet appropriate security standards.
Where personal data is shared, it is done securely and under contractual agreements that require those parties to protect your data.

6.4 Limits and Caveats

While we use our best efforts to secure your data, no system can be guaranteed 100% secure. You are responsible for keeping your account credentials confidential and should notify us immediately of any suspected unauthorised access.

We cannot be held responsible for the security of any information you choose to transmit via unprotected channels (e.g. email) or for breaches that occur due to events outside our control (see our Terms of Service for more on this).

If we become aware of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant authorities in accordance with applicable data protection laws.

7. Your Rights

Under the UK General Data Protection Regulation (UK GDPR), you have a number of rights in relation to your personal data. We are committed to respecting these rights and providing you with transparency and control over how your information is used.

7.1 Your Data Protection Rights

You have the following rights:

Right to access – You can request a copy of the personal data we hold about you.
Right to rectification – You can ask us to correct or complete any inaccurate or incomplete data we hold.
Right to erasure ("right to be forgotten") – Also known as the "right to be forgotten", you can ask us to delete your personal data in certain circumstances.
Right to restrict processing – You can ask us to restrict or suspend the processing of your data in certain situations (e.g. if you contest its accuracy).
Right to data portability – You can request a copy of your data in a commonly used format to reuse it with another service.
Right to object – You can object to processing of your data based on our legitimate interests, or for direct marketing purposes.
Right to withdraw consent – Where we rely on your consent to process your data (e.g. for marketing), you can withdraw that consent at any time.

7.2 How to Exercise Your Rights

To exercise any of your rights, please contact us by email: hello@gosimless.com

We may ask you to verify your identity before we respond. We aim to respond to all valid requests within one month, but may extend this if the request is complex or numerous.

7.3 Complaints

If you are unhappy with how we have handled your personal data, please contact us first so we can try to resolve your concern. You also have the right to lodge a complaint with the UK's data protection authority: Information Commissioner's Office (ICO) https://ico.org.uk/

8. Third-Party Links

Our Website may contain links to third-party websites, plug-ins, or services that are not operated or controlled by us. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.We are not responsible for the privacy practices, content, or security of those third-party websites. We encourage you to read the privacy policies of any external sites you visit before providing any personal data. This Privacy Policy applies only to personal data collected by or on behalf of gosimless via our Website or related services.