Privacy Policy

This Privacy Policy explains how MB Pimperia, doing business as SimplYou (“we”, “us”, “our”), processes personal data in connection with our mobile applications, websites, and related services (collectively, the “Services”). It is written with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the ePrivacy Directive 2002/58/EC (as implemented by Member States), the UK GDPR/Data Protection Act 2018, and comparable global privacy laws in mind. Where local law affords stronger protection, we will comply with those standards.
If you reside in the EEA/UK/Switzerland, MB Pimperia is the “controller” of your personal data unless stated otherwise.

1) Scope & Definitions
  • “Personal data”: any information relating to an identified or identifiable natural person (GDPR Art. 4(1)).
  • “Special categories of personal data” (or “sensitive data”): includes health data such as menstrual cycle and fertility information (GDPR Art. 9).
  • “Processing”: any operation performed on personal data (GDPR Art. 4(2)).
  • “Controller” / “Processor”: as defined in GDPR Art. 4(7) and (8).

2) Categories of Data We Process
  • Account & Profile: name/alias, email, password (hashed), age range/date of birth, country, preferred language.
  • Health & Wellness (special category): cycle dates, symptoms, moods, sexual activity, contraception, medications, pregnancies, lifestyle inputs (sleep, nutrition), and notes you add.
  • Device/Technical: IP address, device model/OS, mobile ad identifiers (IDFA/GAID where permitted), app version, crash logs, diagnostics.
  • Usage & Interaction: feature usage, in-app events, notification preferences, referral codes.
  • Transaction & Subscription: purchase history, subscription status, renewal dates (processed by Apple App Store / Google Play; we receive confirmations and limited metadata).
  • Support & Communications: messages to support, survey responses, reviews.
  • Location: coarse location derived from IP; precise location only if you explicitly enable it.

3) Sources of Data
  • Directly from you when you create an account or input data.
  • Automatically via the app/website through cookies/SDKs (see Cookie Policy).
  • From app stores (limited purchase confirmations).
  • From third-party sign-in providers, if you choose to link them.

4) Purposes & Legal Bases (GDPR Art. 6 & 9)
We map each processing purpose to a lawful basis and, where applicable, an Art. 9(2) derogation for special-category data:

Purpose

Data Categories

Legal Basis (GDPR Art. 6)

Art. 9(2) Basis (if health data)

Core app functionality (tracking, reminders, insights)

Account; Health; Usage

Performance of a contract (6(1)(b))

Explicit consent (9(2)(a))

Personalization & recommendations

Health; Usage; Device

Consent (6(1)(a)) or Legitimate interests (6(1)(f)) where appropriate

Explicit consent (9(2)(a))

Analytics, quality, and product safety

Usage; Device; Crash logs

Legitimate interests (6(1)(f)) or Consent (6(1)(a)) for non-essential trackers

N/A

Customer support & communications

Account; Support

Contract (6(1)(b)) / Legitimate interests (6(1)(f))

N/A

Marketing (emails, push, in-app)

Account; Usage

Consent (6(1)(a)); you may withdraw anytime

N/A

Fraud prevention & security

Device; Usage; Account

Legitimate interests (6(1)(f)) / Legal obligation (6(1)(c))

N/A

Compliance (tax, accounting, legal claims)

Account; Transaction

Legal obligation (6(1)(c))

N/A


5) Consent for Special-Category (Health) Data
We rely on your explicit consent (GDPR Art. 9(2)(a)) to process health data you choose to input. You can withdraw consent at any time in Settings; this will not affect processing already performed, but we will cease further processing and can delete data upon request (subject to legal retention requirements).

6) Children & Teens
Our Services are not directed to children under the digital age of consent in their country. In the EEA, this is generally 16 but may be set by Member States between 13–16. We require verifiable parental consent where required and may restrict features or terminate accounts if consent cannot be obtained.

7) Cookies/SDKs & Similar Technologies
Our website uses cookies and similar technologies in line with the ePrivacy rules; non-essential cookies are used only with your consent. Our apps may integrate SDKs that serve similar purposes (analytics, crash reporting). For details, see our Cookie Policy and SDK list in Settings.

8) Sharing of Personal Data
  • Service providers (processors) for hosting, analytics, messaging, and support—bound by contracts and confidentiality.
  • App stores for payments and subscription management (independent controllers).
  • Healthcare or research partners only with separate consent and, where required, ethics approvals and safeguards (pseudonymization, aggregation).
  • Authorities, auditors, or legal counsel where required by law or to defend legal claims.
  • Business transfers (merger, acquisition); we will notify you of any material changes.

9) International Data Transfers
  • Where data is transferred outside the EEA/UK/Switzerland, we use approved safeguards such as EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum (IDTA).
  • We conduct transfer impact assessments and implement supplementary measures where necessary.
  • You may request a copy of relevant safeguards by contacting us (redactions may apply).

10) Data Retention
We retain personal data only for as long as needed for the purposes described or as required by law. Typical periods:

Data Type

Typical Retention

Account & Profile

For the life of the account; 24 months after last activity, then deletion or anonymization.

Health & Wellness inputs

Until you delete them or delete your account; backups cycle on a rolling basis.

Support communications

Up to 36 months after resolution.

Transaction records

7–10 years for tax/accounting (jurisdiction-dependent).

Analytics (aggregated)

Indefinite in de-identified form.


11) Your Rights (EEA/UK/Switzerland and others)
  • Access, rectification, erasure, restriction, portability, and objection (including to profiling).
  • Withdraw consent at any time for processing based on consent.
  • Lodge a complaint with your local supervisory authority (e.g., CNIL, ICO, DPC).
  • Opt out of marketing at any time (unsubscribe link; in-app toggle).
  • Opt out of non-essential cookies/SDKs via our consent banner or Settings.
  • To exercise rights, contact: [DPO/Privacy Email]. We may verify your identity and respond within one month (extendable by two months for complex requests).

12) Automated Decision-Making & Profiling
We may use limited profiling to tailor reminders and insights. We do not engage in solely automated decisions producing legal or similarly significant effects without your consent or where otherwise permitted by law.

13) Security
  • Encryption in transit and at rest for sensitive data.
  • Zero-knowledge or on-device processing for certain features where feasible.
  • Access controls, MFA for staff, least-privilege principles.
  • Secure development lifecycle, penetration testing, and vulnerability management.
  • Vendor security reviews and DPAs with processors.
  • Incident response and breach notification procedures (GDPR Arts. 33–34).

14) EU/UK Representative & DPO
If [Company Name] is not established in the EEA/UK, we appoint an EU/UK representative as required by Art. 27. Contact details: [EU Representative Address/Email]; [UK Representative Address/Email]. Our Data Protection Officer: [Name], [Contact].

15) Changes to This Policy
We will post updates here and notify you of material changes via the app/website or email. If changes require new consent, we will request it.

16) Contact:
  • MB Pimperia
  • Vilnius, Lithuania
  • Reg number: 307247999
  • subscribe@simplyou.ai
We use cookies to provide the best site experience.
Ok, don't show again