Privacy Policy

Simplon — Smart NFC tags & public bio pages
Last updated: 4 July 2026 · Effective immediately · URL: simplon.ai/privacy
Contents
  1. Who we are & how to contact us
  2. What data we collect & why
  3. How NFC writing uses your data
  4. What we share & with whom
  5. How we store & protect your data
  6. How long we keep your data
  7. Your rights & how to exercise them
  8. How to delete your account & data
  9. Children's privacy
  10. Changes to this policy

1. Who we are & how to contact us

Simplon is the developer and operator of the Simplon mobile app (available on Google Play) and the website simplon.ai. Simplon lets you create a personal "bio page" (a public profile at simplon.ai/[username]) and write that page's URL onto an NFC card or tag, so anyone who taps the card opens your profile.

The entity responsible for your data under this Privacy Policy is Simplon (the developer name shown on the Google Play Store listing).

For any privacy question, request, or complaint, contact our privacy point of contact:

You may also use this email to request access, correction, or deletion of your data, or to ask any question about how your information is handled.

2. What data we collect & why

We only collect the data needed to create and run your account and your public bio page. Below is a complete list of what we collect, why, and whether it is required.

2.1 Account registration & login

Note: Simplon identifies accounts by phone number only. We do not verify your phone number by SMS/OTP at registration, and we do not collect an email address.

2.2 Your public bio page content

This content is user-generated content that you choose to publish on your public profile.

2.3 Session & technical data

2.4 Analytics & performance data

2.5 What we do NOT collect

For transparency, Simplon does not collect or process:

Location (precise or approximate) Financial / payment info Purchase history Health & fitness Email / SMS / MMS messages Device contacts Calendar Web browsing history Audio files Files & documents

The WhatsApp / Instagram / etc. "links" on your profile are URLs you type in yourself — we do not access your messaging apps or your device's contact list.

2.6 Summary table

DataCollected?Shared?PurposeRequired?
Phone numberYesYes (public profile, if you add a call/WhatsApp link)Account management / loginRequired
Username (User ID)YesYes (public URL)Account management / App functionalityRequired
Password (hashed)YesNoAuthenticationRequired
Display nameYesYes (public profile)App functionality (profile)Optional
Bio textYesYes (public profile)App functionality (profile)Optional
Avatar photoYesYes (public profile)App functionality (profile)Optional
Social links (WhatsApp, Instagram, etc.)YesYes (public profile)App functionality (profile)Optional
Session token (hash only)YesNoKeep you logged inRequired
Analytics data (GA4 / Cloudflare Insights)YesYes (to Google / Cloudflare)Usage & performance measurementRequired (on by default)

3. How the NFC writer uses your data

The core function of Simplon is to write the URL of your public bio page onto your NFC card/tag. When you use the app's Write feature, the app encodes your public profile URL (https://simplon.ai/[username]) into the NFC tag's memory. Anyone who then taps or scans your card with their phone is sent to that URL.

This means:

The app does not write any other personal data to the tag — only the public URL.

4. What we share & with whom

4.1 Your public profile is PUBLIC

Your bio page at simplon.ai/[username] is viewable by anyone — no login required. This means the display name, bio, avatar, and social links you publish are shared with the public, including anyone who scans your NFC card. This is the intended purpose of the app, but you should be aware that anyone can see this information and that sharing a public profile page is itself a form of sharing your data.

4.2 Third parties we share data with

4.3 What we do NOT share

We do not sell your data, and we do not share your phone number, password, or account information with advertisers or data brokers. Your password is never shared with anyone (not even us in readable form — see Section 5).

5. How we store & protect your data

We take reasonable technical measures to protect your personal and sensitive data:

Things you should know:
  • We do not currently rate-limit login or registration attempts at the application layer. Choose a strong, unique password.
  • The mobile API endpoints allow cross-origin requests from any origin (Access-Control-Allow-Origin: *). Sensitive operations still require a valid Bearer token, but this is broader than strictly necessary.
  • No email verification or phone-number OTP verification is performed at registration; accounts are identified by phone number alone.
  • Inline uploaded avatars are stored as base64 text inside our database alongside your other page data.

6. How long we keep your data

Because Simplon does not currently perform automatic deletion of accounts after any fixed period, your data will remain until you ask us to delete it. We will then remove it as described in Section 8.

7. Your rights & how to exercise them

You have the following rights regarding your personal data:

To exercise any of these rights, email privacy@simplon.ai and include your username and the phone number on your account so we can verify your identity.

8. How to delete your account & data

You have the right to delete your Simplon account and the data associated with it. Account deletion is currently handled on request — there is not yet an automated one-click deletion button in the app or on the website.

8.1 In-app

Inside the app, you can request account deletion by contacting us from the app's Contact / Privacy entry (which links to this page and to privacy@simplon.ai). Selecting "Request account deletion" opens an email pre-addressed to privacy@simplon.ai — simply send it and we will process your request.

8.2 Web

Outside the app, you can request deletion at any time by emailing privacy@simplon.ai (or by using the contact route on simplon.ai/privacy). The dedicated web deletion request URL for Google Play purposes is: https://simplon.ai/delete, which provides a form/email link to submit your deletion request.

8.3 What we delete

When you request account deletion, we will permanently delete:

Deletion is permanent and cannot be undone. Your public bio URL (/[username]) will stop working and your username will become available to others.

Data we may retain for limited purposes:

We may retain minimal data where we have a legitimate need — for example, to prevent fraud or repeated abuse, to comply with legal obligations, or to keep records required by Iraqi law. We will inform you of any such retention when responding to your request. Temporary deactivation or freezing of your account does not qualify as deletion.

Note: Because deletion is handled manually on request, it may take up to 30 days from the date we receive and verify your request. You may also edit or blank out your public page content yourself at any time if you want it removed quickly while your request is processed.

9. Children's privacy

Simplon is not directed to children and is not intended for use by anyone under the age of 13 (or the minimum age required in your country to provide consent to process personal data). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact privacy@simplon.ai and we will take steps to delete such data.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will change the "Last updated" date at the top of this page and, for material changes, we will also notify you in the app or by other means. We encourage you to review this page periodically.

Continued use of Simplon after a change means you accept the updated policy.