Privacy
Policy.
Simplify IS is designed for security-conscious teams and handles personal information in line with the Australian Privacy Principles (APPs), strict least-privilege access, and data isolation between organisations.
Data Collection
We collect only the minimum data required to provide account access and assessment functionality. This includes your name, business email address, and organisational context you provide during onboarding.
Assessment conversations with Cypher are stored securely to enable session continuity and historical maturity tracking. No data is shared with third parties for commercial purposes.
How We Use Data
Platform Operations
Account authentication, session management, and assessment delivery. Your data powers your product experience, nothing else.
Product Quality
Anonymised, aggregated telemetry and analytics are used for reliability and service improvement — never linked to individual users.
Security Monitoring
Access logs and audit trails are maintained for platform security and to satisfy Australian compliance requirements.
Compliance Reporting
Your assessment outputs and maturity scores are yours alone. We do not share, sell, or license your assessment data to any party.
Data Isolation
“No assessment data provided to Cypher is used to train the underlying AI models. Your organisational intelligence is your sovereign asset.”
Each organisation's data is stored in an isolated namespace within our Supabase infrastructure with row-level security enabled on all tables. Cypher's context is scoped strictly to your organisation's sessions.
We do not perform cross-tenant data analysis. Your assessment conversations, scores, and uploaded documents are logically and technically separated from all other customers at all times.
Retention
Retention Schedule
Data is retained for the duration of your active subscription. Upon account cancellation or termination, your data is held for the statutory minimum period required under Australian law before secure deletion.
| Data Type | Retention Period |
|---|---|
| Account Data | Duration of subscription + 90 days |
| Assessment Conversations | Duration of subscription |
| Billing Records | 7 years (statutory requirement) |
| Security Audit Logs | 12 months rolling |
Your Rights
Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), you may request access to and correction of personal information we hold about you, subject to exceptions provided by law. You may request account deletion through the product account management flow at any time.
For privacy enquiries or requests relating to your personal information, use the . We aim to acknowledge requests within three working days. Taking further action on a request — including verification and fulfilling access, correction, or deletion — may take up to 30 days where permitted by law.
Privacy questions?
Reach out to our privacy team for any data-related enquiries.