Privacy Policy
Last updated: March 5, 2026
Simple Onboarding ("we", "our", or "us") operates the Simple Onboarding platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
1. Information We Collect
Account Information: When you sign in via Google OAuth, we receive your name, email address, and profile picture from your Google account.
Google API Data: With your explicit consent, we access the following Google services on your behalf:
- Google Calendar (read-only) — to display your upcoming meetings and events within the platform.
- Gmail (read-only) — to monitor client communication activity for reporting purposes.
- Google Drive — to access and organize shared client documents and files.
- Google Analytics (read-only) — to pull website performance data for client reports.
- Google Search Console (read-only) — to retrieve search performance data for SEO reporting.
- Google Ads (read-only) — to pull advertising performance metrics for client reports.
- Google Business Profile — to retrieve local business performance data for client reports.
- Google Tag Manager — to read and manage tag configurations for client websites.
Usage Data: We collect information about how you interact with the Service, including pages visited, features used, and timestamps.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Authenticate your identity and manage your account
- Display relevant data from connected Google services within the platform
- Generate client reports using data from connected services
- Send you service-related notifications (e.g., NPS surveys, task reminders)
- Monitor and analyze usage to improve the Service
3. Google API Services User Data Policy
Simple Onboarding's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We only use Google user data for the purposes described in this Privacy Policy and as consented to by the user.
- We do not use Google user data for serving advertisements.
- We do not allow humans to read Google user data unless: (a) we have your explicit consent, (b) it is necessary for security purposes, (c) it is necessary to comply with applicable law, or (d) the data has been aggregated and anonymized for internal operations.
- We do not transfer Google user data to third parties except as necessary to provide or improve the Service, as required by law, or as part of a merger/acquisition with adequate data protection.
4. Data Storage and Security
Your data is stored on secure servers. We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encrypted data transmission (HTTPS/TLS)
- Secure session management with HTTP-only cookies
- Multi-tenant data isolation ensuring each organization's data is separate
- OAuth 2.0 token management with encrypted storage
5. Data Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:
- Service Providers: With trusted third-party services that assist us in operating the platform (e.g., hosting, error monitoring).
- Legal Requirements: When required by law, regulation, or legal process.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with adequate data protection measures.
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you the Service. You may request deletion of your data at any time by contacting us. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.
7. Your Rights
You have the right to:
- Access — Request a copy of the personal data we hold about you.
- Correction — Request correction of any inaccurate data.
- Deletion — Request deletion of your personal data.
- Revoke Consent — Disconnect Google services or revoke access at any time through your Google Account permissions.
- Data Portability — Request an export of your data in a machine-readable format.
8. Cookies
We use essential cookies for authentication and session management. These cookies are necessary for the Service to function and cannot be disabled. We do not use tracking or advertising cookies.
9. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
11. Contact Us