Sima Labs, Inc. Privacy Policy
Effective date: September 21, 2024
This Privacy Policy is designed to help you, as a website visitor or user of our services, understand how Sima Labs, Inc. (“Sima Labs”) collects, uses, and shares your information to operate, improve, develop, and protect our services.
Introduction
Sima Labs, Inc. helps businesses align with HIPAA, SOC 2, and other compliance frameworks. Our B2B SaaS platform guides customers through compliance processes and may include audit management, virtual CISO services, and more.
About this Policy
This policy explains the data Sima Labs, Inc. collects, uses, and shares. It only applies to our services — not to third-party websites, platforms, or services. It also doesn’t apply to Sima Labs employees, contractors, or job candidates.
Data We Collect
Identifiers
Full name, business legal name, business address, email, and phone number.
Service provider authentication data
Logins or tokens (e.g. GitHub, AWS) to allow integration.
Device data
IP address, location, hardware, OS, browser data, network info, preferences, and settings.
User activity
Time spent on pages, buttons clicked, platform usage data.
Data from service providers
Identifiers and commercial info shared by your tools to help Sima Labs operate.
Derived data
Inferred info like geolocation or income estimates.
Cookies
May be collected/shared with third parties for better web experience. See the “Cookies” section below.
Social networks and other sources
Info from marketing campaigns, social platforms, referrals, or third-party datasets.
How We Use Your Data
To provide Sima Labs’ services
Communicate with you
Support and troubleshooting
Prevent fraud and verify identity
Assist legal and compliance professionals
Improve existing services
Develop new features
Respond to your support or survey requests
Keep business records
Handle referrals and audits
Conduct marketing
Notify you of new products/services
Investigate misuse
Legal purposes (e.g., claims, mergers)
Any use you authorize or consent to
How We Share Your Data
We do not sell data. We share it with third parties only as permitted:
With service providers to integrate tools like GitHub, AWS, etc.
To deliver services using cloud hosting, etc.
With auditors or consultants for your compliance process
To prevent fraud or abuse (with law enforcement, if needed)
Cookies and tracking tools for analytics and UX
To improve services (e.g. ChatGPT or analytics tools)
Anonymized or aggregated data for research and insights
Data Protection
We use encryption (in transit and at rest), access controls, monitoring, backups, and strict internal access rules to protect your data. Our third-party partners are required to meet equivalent standards.
Notes for EEA and UK End Users
We only process personal data when there’s a legal basis:
To fulfill contracts
To comply with legal obligations
For legitimate business interests
Based on your consent (which you can withdraw anytime)
Information Retention and Deletion
We retain data only as long as necessary. Periodic reviews ensure it’s still needed. Exceptions include:
Continued service delivery
Legal requirements
Preventing fraud or abuse
Support or privacy protection
If you consent to longer retention
If data is anonymized
For deletion, refer to the “How to Exercise Rights” section.
How to Exercise Rights in Your Data
You may request to:
Access your data
Learn what we’ve collected in the last 12 months
Correct or update your data
Delete or restrict your data (in some cases)
Object to processing (if legally allowed)
Withdraw consent
Get your data in a portable format
You’ll need to verify your identity. Some data may be exempt due to legal obligations. You can also file a complaint with relevant data protection authorities (e.g. ICO, EDPB, or Canada’s OPC).
Children
We don’t knowingly collect data from children under 16. If you believe a child provided info, please contact us to have it deleted.
Contacting Sima Labs, Inc.
Sima Labs, Inc.
185 Channel St., San Francisco, CA 94158
If you believe your privacy rights were violated, contact us. We will investigate and respond. You may need to verify your identity.
Policy Changes
We may update this policy. New versions will be posted at the same URL with the updated effective date.
Policy Changes
We may update this policy. New versions will be posted at the same URL with the updated effective date.