Home

Privacy Policy

Last updated: March 21, 2026

1. Data Controller

The data controller for your personal data is SimpleBoard, available at app.simpleboard.pl. For any privacy-related inquiries, contact us at: privacy@simpleboard.pl.

2. Data We Collect

Depending on how you use the service, we may collect the following categories of data:

  • Account data: name, email address, password (stored in hashed form).
  • Billing data: payment details processed by our payment provider (Stripe). SimpleBoard does not store credit card numbers.
  • Usage data: information about how you use the app (e.g. number of boards, activity), used to improve the service.
  • Technical data: IP address, browser type, operating system, session cookies.
  • User content: board names, tasks, comments, and other data you enter into the application.

3. Legal Basis and Purpose of Processing

PurposeLegal basis (GDPR)
Contract performance (providing the service)Art. 6(1)(b)
Payment processingArt. 6(1)(b)
Marketing communications (with consent)Art. 6(1)(a)
Legal obligations (invoices, accounting)Art. 6(1)(c)
Analytics and service improvementArt. 6(1)(f) (legitimate interest)

4. Data Storage

Your data is stored on servers located in the European Economic Area (EEA). Account data is retained for the duration of the contract and up to 12 months after termination for accounting and legal purposes. After this period, data is permanently deleted.

Workspace content (boards, tasks, files) is deleted 30 days after account closure or subscription expiry, unless you request a data export beforehand.

5. Data Sharing

We do not sell your data. We may share it only with:

  • Stripe — for payment processing.
  • Cloud infrastructure providers — for hosting and data storage (EEA).
  • Public authorities — only when required by law.

All sub-processors are bound by data processing agreements in accordance with GDPR.

6. Cookies

We use only strictly necessary cookies:

  • Session cookies: to maintain your logged-in session.
  • Preference cookies: e.g. selected interface language.

We do not use tracking or advertising cookies.

7. Your Rights

Under GDPR, you have the following rights:

  • Access — you may request a copy of your data.
  • Rectification — you may correct inaccurate data directly in account settings.
  • Erasure — you may delete your account and all associated data.
  • Portability — you may download your data in JSON/CSV format.
  • Objection — you may withdraw consent for marketing processing at any time.
  • Complaint — you may lodge a complaint with your local data protection authority.

To exercise any of these rights, write to privacy@simpleboard.pl.

8. Security

We apply TLS encryption for data in transit and encryption at rest for stored data. Access to production data is restricted and audited. We perform regular backups.

9. Policy Changes

We will notify you of material changes to this policy by email with at least 14 days advance notice. Continued use of the service after that date constitutes acceptance of the updated policy.

10. Contact

For any privacy-related questions, contact us at:
privacy@simpleboard.pl