Simulaited logo Simulaited
Privacy notice

Privacy Notice

This notice explains how Simulaited collects, uses, shares, stores, and protects information across the website, application, support flows, billing operations, exports, and related services.

Scope and role

This Privacy Notice applies to Simulaited websites, applications, simulations, generated reports, downloadable exports, support workflows, billing interactions, and operational communications. Depending on the service context, Simulaited may act as a controller, business, or equivalent primary decision-maker for account, billing, marketing, and support information, and may act as a processor or service provider for certain customer-submitted workspace data processed on behalf of a customer organization.

Information we collect

  • Account and identity data: name, email address, organization, workspace affiliation, authentication data, login history, and security preferences such as two-factor configuration.
  • Customer content: study inputs, uploaded assets, scenario settings, generated outputs, reports, exports, comments, and support attachments.
  • Commercial and billing data: subscription status, plan tier, transaction references, invoicing metadata, seat counts, payment processor identifiers, and refund-review information. Simulaited does not intentionally store full payment card numbers where a third-party processor handles payment collection.
  • Technical and device data: IP address, browser type, device characteristics, diagnostic logs, crash information, cookie or local storage identifiers, session events, and anti-abuse telemetry.
  • Support and communications data: messages sent to support, product feedback, affiliate applications, and responses related to account, legal, privacy, or security issues.

How we use information

We use information to provide and secure the service, authenticate users, process simulations, generate exports, administer subscriptions, manage workspaces, prevent fraud and abuse, troubleshoot service issues, respond to support requests, maintain audit records, improve product quality, communicate about service changes, and comply with legal or regulatory obligations.

Lawful bases and regional privacy expectations

Where required by applicable law, Simulaited relies on one or more lawful bases such as contract necessity, legitimate interests, consent, legal obligation, or protection against fraud and misuse. For users in the European Economic Area, Simulaited intends this notice to align with core GDPR concepts such as transparency, lawful basis, data minimization, purpose limitation, and rights of access, correction, deletion, portability, restriction, and objection where applicable. For California residents and other eligible U.S. consumers, Simulaited also describes categories of information collected, business purposes for use and disclosure, and methods for submitting privacy requests. For African jurisdictions with privacy statutes, including where applicable South Africa’s POPIA, Nigeria’s Data Protection Act, and Kenya’s Data Protection Act, Simulaited aims to support notice, lawful processing, security, and data subject request handling consistent with mandatory local requirements.

Cookies, local storage, and similar technologies

Simulaited uses essential cookies and browser storage for authentication, session continuity, security, fraud prevention, and core functionality. We may also store usability preferences such as theme or consent selections. If we introduce optional analytics, personalization, or advertising technologies, we may provide additional notice or consent options where required by law.

How we share information

Simulaited does not sell personal information for money. We may disclose information to hosting providers, infrastructure partners, communications vendors, support tools, analytics or security vendors, and payment processors when reasonably necessary to operate the service. We may also disclose information to professional advisers, auditors, affiliates involved in service delivery, counterparties in a corporate transaction, or authorities where required by law, to enforce agreements, or to protect rights, safety, and platform integrity.

International transfers

Simulaited may process or store information in countries other than the user’s home jurisdiction. Where cross-border transfer rules apply, we may use appropriate safeguards such as contractual protections, vendor due diligence, access controls, and other reasonable transfer mechanisms recognized by applicable law.

Retention

We retain information for as long as reasonably necessary to provide the service, maintain security, preserve records, enforce agreements, resolve disputes, comply with tax, accounting, consumer, or privacy laws, and support legitimate business operations. Retention periods vary by category of information. For example, account and billing records may be kept longer than transient diagnostic logs, and backup copies may persist for a limited period after deletion events.

Security

We use administrative, technical, and organizational safeguards intended to protect information against unauthorized access, disclosure, alteration, and destruction. These measures may include role-based access controls, authentication controls, transport security, audit logging, vendor review, and environment-level protections. No method of transmission or storage is perfectly secure, and Simulaited cannot guarantee absolute security.

Privacy rights and requests

Depending on applicable law, you may have rights to request access, correction, deletion, restriction, objection, portability, consent withdrawal, or information about disclosure practices. To submit a request, use the Support Center and identify the request as privacy-related. We may verify identity before acting on a request and may deny or limit requests where permitted by law, including when rights of others, legal obligations, fraud controls, or security concerns would be affected.

Children’s data

Simulaited is intended for business and professional users and is not directed to children. If we learn that personal information has been collected from a child in a manner not permitted by applicable law, we will take reasonable steps to delete or de-identify it.

Changes to this notice

We may update this Privacy Notice from time to time to reflect product, operational, legal, or regulatory changes. Material updates may be posted on the site or communicated through the service. Continued use of the service after an update takes effect is subject to the revised notice, except where additional consent is required.

Stable V26.8.0