Privacy Policy

Effective 2026-07-08. Last updated 2026-07-08. This Policy describes how Simple Intelligence Group, Inc. (“Simple Atlas,” “we,” “us”) collects, uses, shares, and protects information when you or your organization uses the Simple Atlas product at atlas.simpleintelligence.io (the “Service”). It also explains the choices you have about how we handle your information and the rights you can exercise.

1. Scope and roles

Simple Atlas is a business-to-business product. When your employer or organization creates a Simple Atlas workspace, that organization is the “Customer” and acts as the data controller for information its users add to the workspace. We act as the data processor on the Customer’s behalf under our Master Subscription Agreement and Data Processing Addendum. This Policy applies to the Service itself, our marketing website, and communications we send about the Service.

2. Information we collect

We collect four categories of information.

3. How we use information

4. AI features and providers

The Service is a multi-tenant AI platform. Downstream Simple Intelligence products and customer-authored agents call Simple Atlas endpoints that route to large language models on your behalf. When these features run, we send the relevant prompt (which may contain workspace content passed in by the calling product) to our AI provider and receive a response.

Our AI provider is Microsoft Azure AI Foundry, which routes requests to Anthropic Claude Sonnet models running inside the Microsoft Azure boundary. Anthropic serves as the model supplier under Microsoft’s Azure AI Foundry program; prompts and completions do not leave the Microsoft-managed infrastructure to reach Anthropic’s public API. When SimpleForge (the SIG ZDR gateway) ships, this routing changes and we will update this Policy accordingly.

We do not use Customer Data to train, retrain, or fine-tune AI models. Our contract with our AI provider prohibits the provider from using our submissions to train its models. Every AI-generated record in the product carries provenance metadata (an “AI” badge, plus fields recording the model, the confidence score, and the reasoning). You are responsible for reviewing AI output before relying on it for material business decisions.

5. Sharing and sub-processors

We share information only with sub-processors necessary to operate the Service. The current list as of 2026-07-08:

We do not sell, rent, or trade personal information to third parties. We disclose information to government or law enforcement only where legally required and, where lawful, will notify the affected Customer before disclosure.

6. Data retention

We retain workspace content for the duration of your subscription plus a 90-day grace period after the subscription ends. During the grace period, workspace administrators can export Customer Data through the export API and self-service export tools in the product. After the grace period, we permanently delete the data from our production systems and age it out of encrypted backups according to the backup retention schedule, which does not exceed 180 days.

Audit logs, security event records, and billing records may be retained longer where required by law, tax rules, or to exercise or defend legal claims. Aggregated analytics (workspace counts, feature usage counts, no individual content) may be retained indefinitely.

7. Data subject rights and portability

Depending on where you live, you have rights to access, correct, delete, restrict, or object to processing of personal information, and to receive a portable copy of your data. You can exercise most of these rights directly in the product: review and edit your profile in workspace settings, download your data through the export API, and request deletion via the workspace admin.

For rights you cannot exercise directly in the product, send a request to privacy@simpleintelligence.io. We respond within the timeframe required by applicable law (typically 30 to 45 days). If your organization is the Customer, we will route your request to the workspace admin because the Customer is the controller of that data.

Lifeboat commitment. Enterprise Customers receive a contractually binding data portability commitment as part of the Master Subscription Agreement: zero exit fees, an on-demand export API that returns the full record graph with audit, relationships, and attachments preserved, and Customer-owned schema documentation. This commitment mirrors the EU Data Act (Regulation (EU) 2023/2854) portability expectations and applies regardless of the Customer’s jurisdiction. Non-Enterprise Customers receive the same technical export capability without the contractual exit-fee clause.

8. International transfers

Your information may be processed in any country where Microsoft Azure operates the regions we deploy to, including the United States, the European Union (Ireland, Netherlands, France), and Australia (New South Wales). Where required by law, cross-border transfers rely on the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent legal mechanisms in other jurisdictions. Enterprise Customers can request data residency in a specific Azure geography as part of their contract.

9. Security

We use industry-standard technical and organizational measures to protect information.

No method of transmission or storage is perfectly secure. We work continually to improve, and we will notify affected Customers of a security incident that materially affects their data within the timeframes required by applicable law.

10. Children

Simple Atlas is a business-to-business product not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at privacy@simpleintelligence.io and we will delete it.

11. Regulatory framework references

This Policy is drafted with reference to the following frameworks. It does not replace the legal obligations those frameworks impose on us or on the Customer as a controller.

12. Changes to this Policy

We revise this Policy as practices evolve and as regulations change. Material changes will be communicated by email to workspace administrators at least 30 days before they take effect. The current version and last-updated date always appear at the top of this page.

13. Contact

Questions about this Policy, our data practices, or to exercise a data subject right: privacy@simpleintelligence.io. For organizations that need a signed Data Processing Addendum, contact us at the same address.

Simple Intelligence Group, Inc. is registered in the State of Delaware, United States. Our EU representative and UK representative details will be published here when Enterprise Customers in those regions have signed contracts that require appointment of a local representative.


Version 1.0, 2026-07-08. For questions, contact privacy@simpleintelligence.io.