Privacy Policy

Last updated: May 24, 2026

Draft for attorney review. This is a template prepared as a working draft. Not legal advice. Have a licensed attorney review and adapt before publishing.

Effective date: May 24, 2026

Last updated: May 24, 2026

Simplifier is operated by Vice Robotics LLC, a Florida limited liability company ("Vice Robotics," "we," "us," or "our"). This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to the Simplifier browser extension, the Simplifier add-in for Outlook, and our website at emailsimplifier.app (collectively, the "Service").

If you do not agree with this policy, please do not install or use Simplifier.

1. Summary

Simplifier renders a cleaner reader-view of email threads entirely on your device.
We never see, store, or transmit your email content. Not subject lines, not senders, not attachments.
We do process a small amount of account information on our backend so you can sign in and so we can validate your subscription. That data is described below.

2. What Simplifier does

Simplifier is a browser extension and Outlook add-in that reads the email thread you are currently viewing in Gmail Web or Outlook Web and renders a cleaner version of it in an overlay on the same page. The overlay is generated entirely on your device using the parsing logic shipped with the extension.

No email content is sent to Vice Robotics servers, stored by Vice Robotics, or shared with any third party. We maintain an automated guard (pnpm check:email-privacy) in our source code that programmatically prevents email content from being included in any backend network request.

3. Information we collect

3.1 Information you provide

Email address — when you sign in to Simplifier to associate your subscription with your device. We use this only for authentication and to associate your subscription with your account.
Payment information — collected and processed directly by Stripe. We do not see or store your full card number, CVV, or bank account number. We receive only a Stripe customer ID and subscription status.
Support correspondence — if you email us, we receive whatever you choose to send, including any screenshots or redacted email fixtures you attach. We ask that you not send raw email HTML unless we explicitly request it.

3.2 Information collected automatically

Device metadata — a generated device ID, an app surface identifier (e.g., "chrome", "outlook-mac"), and a device label you can set. This is used to enforce Free and Pro plan device limits.
Subscription status — maintained by Stripe and synced to our backend.
Standard request metadata — IP address, user agent, and timestamp, retained in Cloudflare logs for security, rate limiting, and abuse prevention.

3.3 Information we do not collect

Email content, subject lines, sender or recipient addresses, attachments, or any other data from your inbox.
Which emails you simplify, when, or how often.
Any content from web pages outside Gmail Web and Outlook Web.
Precise geolocation, advertising identifiers, contact lists, or any third-party tracking signals.

4. How we use information

We use the information described above to:

Authenticate you and provide access to your Simplifier subscription.
Process payments and manage subscriptions through Stripe.
Enforce Free and Pro plan device limits.
Maintain the security, integrity, and reliability of the Service, including detecting and preventing abuse.
Respond to support requests.
Comply with legal obligations and enforce our Terms of Service.

We do not use your information for advertising, do not build advertising profiles, and do not sell or share your personal information for cross-context behavioral advertising.

5. Legal bases for processing (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for processing your personal data are:

Performance of a contract (Article 6(1)(b) GDPR) — to provide the Service you have signed up for.
Legitimate interests (Article 6(1)(f) GDPR) — to keep the Service secure, prevent fraud and abuse, and improve our product. We have assessed these interests against your rights and freedoms.
Legal obligation (Article 6(1)(c) GDPR) — to comply with tax, accounting, and other legal requirements.
Consent (Article 6(1)(a) GDPR) — for any optional processing where we ask for your consent. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

The data controller is Vice Robotics LLC. We do not have an EU establishment and rely on the derogation in Article 27(2) GDPR where applicable; if a representative becomes required, we will appoint one and update this policy.

6. Chrome Web Store Limited Use

Simplifier's use and transfer of information received from Chrome APIs complies with the Chrome Web Store User Data Policy, including the Limited Use requirements. We use Chrome extension permissions only to provide the visible reader overlay, save your preferences, and validate account or subscription status. We do not sell user data, use email content for advertising, or allow humans to read email content unless you explicitly send it to us for support.

7. Service providers (subprocessors)

We use the following third parties to operate the Service. Each has its own privacy policy that governs its handling of your data:

Provider	Purpose	What they receive	Privacy policy
Stripe, Inc.	Payment processing and subscription management	Email, payment information, billing address	stripe.com/privacy
WorkOS, Inc.	Hosted sign-in via AuthKit	Email, authentication events	workos.com/legal/privacy
Cloudflare, Inc.	Hosting, CDN, and backend request handling	IP address, user agent, request metadata	cloudflare.com/privacypolicy

We do not authorize these providers to use your data for their own purposes other than as described in their respective policies.

8. International data transfers

Vice Robotics LLC is based in the United States. Our service providers may process data in the United States, the European Union, and other regions. Where personal data of EEA, UK, or Swiss data subjects is transferred to the United States, transfers are made under the Standard Contractual Clauses approved by the European Commission (and the UK Addendum where applicable) or another approved transfer mechanism implemented by our service providers.

9. Data retention

We retain personal data only as long as needed for the purposes described in this policy:

Account data (email, device records, subscription status) — retained while your account is active and for up to 30 days after deletion, after which it is removed from our active systems. Backups containing the data are purged within 90 days.
Billing and tax records — retained by Stripe according to its retention practices and by us for up to 7 years to comply with U.S. tax and accounting law.
Request logs (IP, user agent, timestamps) — retained for up to 30 days for security and abuse prevention.
Support correspondence — retained for up to 2 years from the last interaction.

When personal data is no longer needed, we delete or anonymize it.

10. Your rights

Depending on where you live, you may have some or all of the following rights:

Access — request a copy of the personal data we hold about you.
Correction — ask us to correct inaccurate or incomplete data.
Deletion — ask us to delete your data. We will delete unless retention is required by law or for legitimate business purposes such as resolving disputes or enforcing agreements.
Portability — receive your data in a machine-readable format.
Restriction or objection — restrict or object to certain processing.
Withdraw consent — where processing is based on consent.
Complain — lodge a complaint with your local data protection authority. EU/EEA users can find their authority at edpb.europa.eu. UK users can complain to the ICO at ico.org.uk.

To exercise any of these rights, email [email protected]. We will respond within 30 days (or up to 45 days for complex requests, with notice). We will not discriminate against you for exercising any of these rights.

11. California privacy rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you specific rights regarding your personal information.

Categories of personal information we collect. In the past 12 months, we have collected the following categories (as defined in Cal. Civ. Code § 1798.140):

Category	Examples	Collected?
Identifiers	Email address, device ID, IP address	Yes
Customer records (Cal. Civ. Code § 1798.80(e))	Name (if provided in support), billing information via Stripe	Yes
Commercial information	Subscription history	Yes
Internet or network activity	Request metadata, user agent	Yes (limited)
Geolocation	Approximate location from IP	Yes (limited, via Cloudflare)
Sensitive personal info	None	No
Protected classifications	None	No
Biometric, audio, visual	None	No
Inferences	None	No

Sources. Directly from you, automatically from your device, and from our service providers (Stripe, WorkOS, Cloudflare).

Purposes. To provide the Service, process payments, enforce plan limits, prevent abuse, and comply with law.

Sale or sharing. We do not sell your personal information and do not share it for cross-context behavioral advertising. We have not done so in the preceding 12 months.

Your California rights.

Right to know what personal information we collect, use, disclose, and (if applicable) sell or share.
Right to delete personal information we have collected.
Right to correct inaccurate personal information.
Right to opt out of sale or sharing (not applicable — we do neither).
Right to limit use and disclosure of sensitive personal information (not applicable — we do not collect sensitive PI).
Right to non-discrimination for exercising your rights.

To exercise these rights, email [email protected]. You may use an authorized agent to submit a request on your behalf; we will verify the agent's authority.

12. Children's privacy

Simplifier is not directed to children. We do not knowingly collect personal information from anyone under 13 years of age (or under 16 in the EEA and UK). If you believe a child has provided us personal information, please contact [email protected] and we will delete it.

13. Security

We protect personal data with industry-standard technical and organizational safeguards, including:

TLS encryption in transit for all backend requests.
Encryption at rest for data stored in our service providers' systems.
Access controls limiting backend data access to authorized personnel (currently only the sole developer of Vice Robotics LLC).
Source-code-level automated checks that block email content from being included in backend requests.

No system is completely secure. If you believe your account has been compromised, contact us immediately at [email protected].

14. Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. There is no industry-standard interpretation. We do not currently respond to DNT signals because we do not perform cross-site tracking for advertising in any case. We respect Global Privacy Control (GPC) signals where applicable.

15. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (using the address associated with your account) at least 14 days before the change takes effect, and we will update the "Last updated" date above. Continued use of Simplifier after the effective date constitutes acceptance of the updated policy.

16. Contact us

Vice Robotics LLC

15414 SW 25th Terrace

Miami, Florida 33185

United States

Email: [email protected]

Phone: +1 (305) 492-2854

For privacy-rights requests, please include the email address associated with your Simplifier account so we can verify your identity.

Draft prepared as a template for attorney review. Not legal advice.