Plain-English summary of how Simplexicity handles your data. We collect what we need to run the product, we don't sell your data, and we let you delete it whenever you want.
What we collect
Account data. Email address, hashed password (or one-time code if you signed up that way), display name if you set one, avatar if you uploaded one.
Conversation data. The messages you send, the answers Simplexicity returns, any files you upload, any files generated for you, and the agent traces showing which specialists worked on each turn.
Memory. If you have memory enabled (default on), we extract structured facts and summary embeddings from your conversations so future turns can recall context. You can toggle memory off globally in Settings or per-thread (incognito).
Usage events. One row per LLM call / search / sandbox run / file generation, with timestamps, agent type, capability tier, and billed credits. Powers the /usage page.
Billing data. Plan, subscription status, current period end. The actual payment instrument (card details) is held by Paddle, not us.
Operational telemetry. Standard server logs: request times, error rates, IP address (transient — used for rate-limiting, not stored long-term).
What we don't collect
Tracking cookies. We use a single auth cookie + localStorage for your session and composer drafts. No third-party trackers.
Cross-site behavioral data.
Information sold to advertisers, data brokers, or anyone else.
How we use it
To run the product — answer your questions, persist your threads, recall memory, bill your plan.
To prevent abuse — rate limits, quota gating, spike detection.
To improve the product — aggregated, de-identified metrics on which features get used. Never tied back to individual conversations.
To contact you about your account — billing receipts, security notices, plan changes. We never send marketing email without explicit opt-in.
Subprocessors we share data with
To deliver the product, we share specific pieces of data with these vendors. Each has their own privacy practices.
Supabase — managed database, authentication, storage, Edge Function hosting.
Vercel — frontend hosting and CDN.
Fly.io — sandbox proxy for code execution.
Paddle — payment processing and subscription management.
LLM and search providers (via gateway). When you send a message, the message text is sent to one or more inference providers via our LLM gateway, and to web search providers if your turn requires research. Provider identity is an internal implementation detail and rotates over time.
None of these subprocessors are permitted to use your data to train their models or for any purpose beyond fulfilling the request you sent.
Your rights
Access. Your data is visible to you in the product — every thread, every message, every memory fact, every usage event. The /memory page lets you read and edit individual facts.
Delete. You can delete individual threads, individual memory facts, or your entire account from Settings. Account deletion removes everything — threads, files, memory, usage history. Backups are retained for 30 days for disaster recovery, then purged.
Export. Email us if you want a full export of your conversations as JSON or markdown.
Opt out of memory. Settings → Memory toggle. Or per-thread incognito.
Correction. Edit your profile in Settings. Edit memory facts on the /memory page. Email us for anything else.
Complaint. If you're in the EU/UK, you have the right to lodge a complaint with your local data protection authority. We hope you'll write to us first.
Data retention
Conversations and memory: retained until you delete them or delete your account.
Usage events: 90 days of granular records, longer for aggregated billing summaries.
Server logs: 30 days, then purged.
Backups: 30 days, encrypted at rest.
Security
Data in transit is TLS 1.2+. Data at rest is encrypted by our hosting providers. Application-level access uses Supabase Row-Level Security so one user can't read another user's data even with a compromised account.
Children
Simplexicity is not intended for use by anyone under 13. We do not knowingly collect data from children under 13.
Changes
If we update this policy, we'll bump the "Last updated" date above and email account holders if the change is material. Continued use after a material change means you accept the updated policy.