Privacy notice
How SIMEZU collects, uses and protects personal data. SIMEZU is the identity layer for the Atypisch ecosystem; this notice covers the data we process on behalf of you and the apps you use.
Who we are
SIMEZU is operated by Atypisch, established in the Netherlands. For privacy questions, contact privacy@simezu.com. Where SIMEZU processes data on behalf of an app, that app is the controller and SIMEZU is the processor.
What we collect
We keep the data needed to verify and protect your identity and process payments:
- Account data: name, email, hashed password, MFA enrolment.
- Identity and session data: sign-in events, device and IP, active sessions.
- Payment profile: a tokenised reference only. We never store full card numbers.
- Usage and security logs: actions taken, kept in a tamper-evident audit log.
How we use it
To authenticate you across the apps you connect, to process payments and payouts, to prevent fraud and abuse, and to meet legal and tax obligations. We do not sell personal data, and nothing leaves the platform without a lawful basis.
Legal bases
We rely on performance of a contract (providing the service), legitimate interest (security and fraud prevention), legal obligation (tax and accounting) and, where required, your consent (optional communications).
Sharing
We share data with payment providers (Mollie, Stripe, PayPal) strictly to process a transaction, and with apps you explicitly authorise, limited to the scopes you approve. All processors are bound by data-processing agreements.
Where data lives
SIMEZU runs on European infrastructure and your data stays in the EU. Sub-processors are EU-based or covered by appropriate safeguards.
Your rights
Under the GDPR you can access, correct, export or erase your data, restrict or object to processing, and withdraw consent. Manage most of this from your account, or email privacy@simezu.com. You may also lodge a complaint with the Autoriteit Persoonsgegevens.
Retention
We keep account data while your account is active and for as long as legally required afterwards (invoices: 7 years for tax). Security logs are retained on a rolling basis, then anonymised.