Privacy Policy

Last updated June 13, 2026

This policy explains what data Simple Approvals collects, how we use it, who we share it with, and the choices and rights you have.

01Who we are

Simple Approvals is a document-approval service operated by Mir Hasan Siddique, a sole proprietor based in Bangladesh ("we", "us", "our"). We are the data controller for the personal data described in this policy. Payments are handled by Paddle as Merchant of Record (see "Payments"). For any privacy question or request, email support@simpleapprovals.com.

02Information we collect

Account data: your name and email address (we sign you in with a one-time magic link, so we never collect or store a password). Workspace content: the files, submissions, form responses, comments, and approval decisions you and your collaborators create or upload. People you invite: the names and email addresses of the team members and external reviewers you add. Usage and technical data: your IP address, browser and device information, and server logs generated as you use the service. Billing data: a limited record of your plan, subscription status, and invoices. We never receive or store full card numbers.

03How we use your information

We use your data to provide and operate the service; to sign you in (magic-link emails); to send transactional and notification emails such as approval requests, status changes, and reminders; to process subscriptions and payments through Paddle; to secure the platform and prevent abuse (including rate limiting); to provide support; and to meet our legal obligations. We do not sell your personal data, and we do not use your uploaded content to train AI models.

04Legal bases (EEA / UK users)

Where the GDPR or UK GDPR applies, we process personal data on these bases: performance of our contract with you (to provide the service you sign up for); our legitimate interests (to keep the service secure, prevent abuse, and communicate with you about your account); your consent where we ask for it; and compliance with legal obligations. You can object to or withdraw consent for processing based on those grounds where applicable.

05Payments

Billing is handled by our payment provider, Paddle, which acts as the Merchant of Record for purchases. Paddle is the seller of record on your invoice and card statement, and it collects and processes your payment details under its own privacy policy. We never receive or store full card numbers, only the billing metadata needed to manage your subscription (plan, status, and invoice records).

06File storage

Files you upload are stored as private objects in Cloudflare R2 and are served only to people authorised in your workspace, through access-controlled URLs. We retain stored files while your account is active and remove them when you delete the related content or your account (subject to routine backup cycles).

07Service providers (sub-processors)

We share data only with the providers that help us run the service, each processing it solely to deliver its part: Vercel (application hosting, infrastructure, and scheduled jobs); Neon (managed PostgreSQL database); Cloudflare R2 (file storage); Resend (delivery of transactional and notification email); Upstash (Redis used for rate limiting and short-lived caching); Sentry (error monitoring and diagnostics, with data stored in the EU); and Paddle (payments). We will keep this list current as our providers change.

08International transfers

We operate from Bangladesh, and the providers above may process your data in other countries, including the United States and the European Union. Where required, we rely on appropriate safeguards (such as the providers' standard contractual clauses and equivalent mechanisms) to protect data transferred across borders.

09Data retention & deletion

We keep your account and content data for as long as your account is active. You can delete individual files and submissions from within the app, and you can request deletion of your entire account and its content by emailing us. We retain billing and invoice records for as long as required by law and tax rules. Residual copies in encrypted backups are cycled out on a rolling basis.

10Your rights

Depending on where you live, you may have the right to access, correct, export (port), delete, or restrict the processing of your personal data, and to object to certain processing or withdraw consent. To exercise any of these, email support@simpleapprovals.com from your account address. EEA and UK users also have the right to lodge a complaint with their local data-protection authority.

11Cookies

We use first-party functional cookies only: a sign-in session cookie that keeps you logged in, and small preference cookies that remember settings like your light/dark theme and sidebar state. We do not use third-party advertising or cross-site tracking cookies.

12Security

We protect your data with encryption in transit (HTTPS), scoped access controls so content is visible only to authorised workspace members, access-controlled file URLs, and short-lived, single-use sign-in tokens. No method of transmission or storage is completely secure, but we work to protect your information and to respond promptly to any issue.

13Children

Simple Approvals is a tool for businesses and is not directed to children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.

14Changes to this policy

We may update this policy as the service evolves. If we make a material change, we will notify you by email or within the app and update the effective date. Continued use of the service after an update means you accept the revised policy.

15Contact

Questions or requests about your data? Email support@simpleapprovals.com. The data controller is Mir Hasan Siddique, operating from Bangladesh.

Last updated June 13, 2026. Questions? See our contact page.