Privacy Policy

Last updated: January 26, 2026

This Privacy Policy describes how SimAudience ("we", "us", or "our") collects, uses, and protects your information when you use our Service. By using the Service, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide Directly

Email address: Required to deliver your results link and password, and for transactional communications related to your tests.
Message content: The text variants you submit for testing. This content is stored securely alongside your results for 30 days, then permanently deleted.
Payment information: Processed securely through Stripe. We do NOT store, access, or have visibility into your payment card details. See Stripe's Privacy Policy for how they handle payment data.
Newsletter subscription: If you subscribe to our newsletter, we collect your email address for that purpose.

1.2 Information Collected Automatically

Server logs: Basic technical information including IP address, browser type, operating system, referring URL, and access times. This is standard web server logging used for security, debugging, and abuse prevention.
Analytics: We use Google Analytics to understand aggregate site usage patterns. This may involve cookies. For users in the EU/UK, we respect cookie consent requirements — analytics cookies are only set after consent where required by law. You can opt out using browser settings, the Google Analytics Opt-out Browser Add-on, or by declining non-essential cookies when prompted.
Essential cookies: We may use essential session cookies for Service functionality.

1.3 Categories of Personal Information (CCPA Notice at Collection)

For California residents, we collect the following categories of personal information:

Identifiers: Email address, IP address
Internet/electronic activity: Browser type, pages visited, access times
Commercial information: Transaction history, services purchased

2. How We Use Your Information

We use collected information for the following purposes:

Service delivery: To process your test requests, generate results, and store them for your 30-day access period
Communication: To send you your results link, password, and completion notifications
Payment processing: To complete transactions via Stripe
Marketing (with consent): To send newsletter updates if you have subscribed
Support: To respond to your inquiries and support requests
Security: To detect, prevent, and address fraud, abuse, security issues, and technical problems
Legal compliance: To comply with applicable laws and legal processes

SimAudience does NOT:

Sell your personal information to third parties
Share your personal information for cross-context behavioral advertising
Use your submitted content to train our own AI models
Share your data with advertisers
Create user profiles for behavioral targeting

Note: While SimAudience does not engage in the above practices, your submitted content is transmitted to third-party AI providers who may have different data practices. See Section 5 for details.

3. Marketing Communications / Newsletter

If you subscribe to our newsletter through the signup form on our website:

What we collect: Your email address
Purpose: To send you product updates, tips on message testing, and AI audience insights
Lawful basis: Your explicit consent when you subscribe
Unsubscribe: Every marketing email includes an unsubscribe link. You can also email support@simaudience.com to unsubscribe
Service provider: We use Resend as our email delivery service. Your email address is shared with Resend solely for email delivery purposes. See Resend's Privacy Policy.

Newsletter subscription is entirely optional and separate from transactional emails about your test results.

4. Data Retention and Deletion

Message content and results: Stored for 30 days from test completion, then permanently and automatically deleted. This allows you to access and export your results during this period.
Email addresses (test users): Retained while you have active results or pending tests. Deleted upon request or after 90 days of inactivity.
Email addresses (newsletter): Retained until you unsubscribe or request deletion.
Payment records: Retained as required by law for tax and accounting purposes (typically 7 years for financial records).
Server logs: Automatically deleted after 30 days.

5. Data Security

We implement reasonable technical and organizational measures to protect your data:

All data transmitted between your browser and our servers is encrypted using TLS/HTTPS
Results passwords are stored using industry-standard one-way hashing (bcrypt)
Database access is restricted and monitored
We use reputable cloud infrastructure providers with strong security practices

Important: While we implement reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You acknowledge this risk when using the Service.

6. Third-Party Services

We use the following third-party services, each with their own privacy policies:

Stripe: Payment processing. Your payment information is handled directly by Stripe and subject to Stripe's Privacy Policy. We receive only transaction confirmation, not card details.
OpenRouter: AI model routing service. Your submitted message content is transmitted to OpenRouter, which routes requests to various large language model (LLM) providers. See OpenRouter's Privacy Policy.
Underlying LLM Providers: OpenRouter routes requests to various AI model providers (such as Anthropic, OpenAI, Google, Mistral, and others). Each provider has their own data handling practices.
Railway: Cloud hosting and infrastructure. Data is hosted in the United States.
Resend: Email delivery service for transactional and marketing emails. See Resend's Privacy Policy.
Google Analytics: Website analytics. See Google's Privacy Policy.

6.1 Important Notice About Third-Party AI Data Handling

Please read carefully:

SimAudience does NOT: Sell your data, use your submitted content for AI training, or share your data with advertisers.
However, we cannot control or guarantee how third-party AI providers (OpenRouter and underlying LLM providers) handle your submitted content after transmission.
OpenRouter states they have "opted out of model training where possible" but individual LLM providers may have different policies regarding data retention, logging, and model training.
Third-party providers may: Log, retain, or use transmitted content according to their own terms of service, which may include using data for model improvement or training.
We encourage you to review OpenRouter's privacy policy and terms of service, as well as the policies of any underlying LLM providers, if third-party data handling is a concern for you.

By using SimAudience, you acknowledge and accept these third-party data handling practices.

7. Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal information to third parties. We do NOT share your personal information for cross-context behavioral advertising.

We disclose information to the following categories of service providers for business purposes:

Payment processors (Stripe)
Cloud hosting providers (Railway)
AI model providers (OpenRouter and underlying LLMs)
Email delivery services (Resend)
Analytics providers (Google Analytics)

We may also share information in the following limited circumstances:

Legal requirements: If required by law, court order, or governmental request, or to protect our rights, property, or safety
Business transfers: In connection with a merger, acquisition, bankruptcy, or sale of assets, with notice to affected users
With your consent: For any other purpose with your explicit prior consent

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

Access: Request a copy of personal information we hold about you
Correction: Request correction of inaccurate information
Deletion: Request deletion of your personal information (subject to legal retention requirements)
Restriction: Request restriction of processing in certain circumstances
Portability: Request your data in a portable format
Objection: Object to processing based on legitimate interests
Withdraw consent: Withdraw consent where processing is based on consent

To exercise these rights:

Email us at support@simaudience.com, or
Use the contact form on our website

We will respond within 30 days (or sooner if required by applicable law). We may request verification of your identity before processing requests.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to know: What personal information is collected, used, shared, or sold
Right to delete: Request deletion of personal information held by businesses
Right to correct: Request correction of inaccurate personal information
Right to opt-out of sale/sharing: We do NOT sell personal information. We do NOT share personal information for cross-context behavioral advertising.
Right to limit use of sensitive personal information: We do not collect sensitive personal information as defined by CPRA
Right to non-discrimination: You will not be discriminated against for exercising your privacy rights

Categories of PI disclosed for business purposes in the past 12 months:

Identifiers (email, IP) — to service providers for email delivery, hosting, analytics
Commercial information (transaction records) — to payment processor
User-generated content (message variants) — to AI providers for processing

We have NOT sold personal information in the past 12 months.

We have NOT shared personal information for cross-context behavioral advertising in the past 12 months.

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and similar laws:

10.1 Lawful Bases for Processing

We process your personal data under the following lawful bases:

Contract: Processing necessary to fulfill our contract with you (delivering test results you purchased)
Consent: For marketing communications/newsletter — you may withdraw consent at any time
Legitimate interests: For security, fraud prevention, and service improvement, balanced against your rights
Legal obligation: Where required by law (e.g., tax records)

10.2 International Data Transfers

The Service is operated in the United States. If you access the Service from outside the US, your information will be transferred to, stored, and processed in the US.

For transfers from the EEA/UK to the US, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission where applicable
Service providers who participate in recognized data transfer frameworks

By using the Service, you acknowledge and consent to the transfer of your information to the United States.

10.3 Right to Lodge a Complaint

If you believe we have violated your privacy rights, you have the right to lodge a complaint with your local data protection supervisory authority. However, we encourage you to contact us first at support@simaudience.com so we can address your concerns.

11. Children's Privacy

The Service is NOT intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will delete that information promptly. If you believe we have collected information from a child, please contact us.

12. Do Not Track Signals

We do not currently respond to "Do Not Track" browser signals. We use Google Analytics for aggregate site analytics but do not engage in cross-site tracking for advertising purposes.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated effective date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

We encourage you to review this Privacy Policy periodically.

14. Contact Us

Questions, concerns, or requests regarding this Privacy Policy or your personal data?