Skip to content

Trust & Security Center

Connecting you to our latest security, compliance, privacy and legal information.


Like security in the cloud, privacy in the cloud is a shared responsibility between you and us. While you are a client, we become a custodian of your data. That means we store and ensure that only those with the correct permissions have access to the data you store within your SmartSimple Cloud solution.

SmartSimple's role in privacy

Our role is to be your trusted SaaS provider, hosting and managing your data securely.

We will never move, alter, edit or delete any of the data in a client’s system. While we can be engaged to assist you with such activities, our role is simply to store the data you upload to your system. While we will accommodate your organization’s privacy policies, we are not in the position to properly govern or moderate them for you.

The client's role

As a SmartSimple client, you have complete control of your data and your data access policies. For that reason, it’s important that you have and can enforce your privacy policy. And, since you know exactly how you gather your data and what kind of data you collect from your community, you will need to decide how accessible it should be and who can have access to it.


This means you’re required to manage the integrity of your data, making sure that what is being shared with us is only what needs to be, or should be, shared. Based on the sensitivity of the data you collect - for example, if you collect banking information, employment details, or intellectual property, you will also need to decide who has permission to access, amend or remove any data from within your system, and whether you will need a dedicated server as opposed to shared server hosting.

Client data

We do not own Client Data, information, or material that you submit, store, or process within the system. You authorize our staff to access your system, including its Data, only to respond to service or technical problems. We do not monitor, retain beyond the terms of their service agreement, manipulate, use, or disclose any Data or any information regarding you, your account, or your users, without your prior written permission.


During the lifespan of your engagement with us, you are responsible for the integrity of your data. You may elect to cleanse, delete or remove data, where we can provide guidance in the proper steps to perform the task. We will not delete or remove data at your request.


You are responsible for providing notice to users related to data collection, processing, data sharing, openness & data access, international transfer, responsibility, and accountability.

Data collection

Clients use our solutions to directly collect information from their staff and communities (communities as defined by the Client).


We collect two types of data:


Data required to support the Client’s use of the system through the SmartSimple support desk as expressly requested by the Client.
Aggregated, anonymized, non-demographic usage required to optimize service availability.

Notice & processing

Processes related to your Data are defined and managed by you, not SmartSimple. We do not process data. Our solutions act solely as a collection system for the Client.


Choices such as opt-in and opt-outs that are provided to users of the system are defined and managed by you.

Data sharing

We never share data with any other organization or person.

Openness & data access

You have full control of matters related to the configuration of your system to implement your corporate openness and data access policies. We are neutral to client policies.

International transfer

You have the flexibility to activate your system in the jurisdiction of their choice (ie. EU, US, or Canada). Where international transfer of data is envisaged by you, we recommend that you seek legal advice as to the appropriate hosting location and approach.


Internal SmartSimple responsibilities related to the system and service delivery are defined in the Operational Procedures Guide. You are responsible for defining your internal responsibilities.


The Operation Procedures Guide defines internal SmartSimple accountability related to system and service delivery. You are responsible for defining your internal accountability.