Data Controller
data-controller@simplydocs.cloud
KoCreate, Tapasya Corp. Heights, Sector - 126, Noida - 201303, Uttar Pradesh, India
As part of our ongoing efforts to protect the security and privacy of our users, we are working to meet or exceed the GDPR (General Data Protection Regulation). This site contains information on what steps we are taking, their progress, and who to contact for any security concerns. Please see our FAQ for more information.
If you need a signed DPA, please use the button below to cross sign and download your copy of our DPA.
We rely on a number of trusted 3rd parties to assist with our operations. Depending on the exact nature of your account and what you've requested we do, your data may be shared with one of these partners. We carefully evaluate each to make sure they're handling your personal data with the utmost of respect, security, and privacy.
Services | ||||
---|---|---|---|---|
Partner | Locale | Data Shared | Purpose | |
Amazon AWS | ![]() |
Name Email Address Email Content | Transaction emails and file storage |
|
CDN JS | ![]() |
IP Address | CloudFlare's CDN with popular javascript frameworks available. |
|
![]() |
Clipboard.js | ![]() |
IP Address | Copy text to clipboard framework. |
![]() |
Cloudflare | ![]() |
IP Address | Automatically optimizes the delivery of your web pages so your visitors get the fastest page load times and best performance. |
![]() |
Cloudflare JS | ![]() |
IP Address | Loads content from Cloudflare CDN. |
![]() |
DigitalOcean | ![]() |
Application Hosting | Server infrastructure hosting |
Google Workspace | ![]() |
Internal Emails | For internal emails |
|
![]() |
Helpwise | ![]() |
Name Email Address | Customer support |
jsDelivr | ![]() |
IP Address | A free CDN (Content Delivery Network) where Javascript developers can host their files. |
|
![]() |
Mailjet | ![]() |
Name Email Address | Newsletter services |
![]() |
Parsley.js | ![]() |
IP Address | Javascript forms validation script. |
![]() |
reCAPTCHA | ![]() |
IP Address | Anti-bot CAPTCHA widget from Google. |
![]() |
reCAPTCHA v3 | ![]() |
IP Address | eCAPTCHA v3 returns a score for each request without user friction. |
![]() |
Sentry | ![]() |
Client OS Client browser URL User Action | Performance, error and exceptions reporting |
![]() |
StackPath BootstrapCDN | ![]() |
IP Address | StackPath's Bootstrap CDN system - encompasses MaxCDN and NetDNA. |
![]() |
Stripe | ![]() |
IP Address | Stripe makes it easy for developers to accept credit cards on the web. |
![]() |
SweetAlert | ![]() |
IP Address | A replacement for error messages. |
![]() |
URI.js | ![]() |
IP Address | URI.js is a javascript library for working with URLs. |
GDPR Compliance requires maintenance and ongoing work. We are tracking our efforts here.
Application Site Security | |
---|---|
Status | Name |
Completed | Ensure Intrusion Detection Systems are in Place |
Completed | Added External Javascript Files to Data Partners |
Completed | Ensure internal employees and contractors behaviors around personal data are documented. |
Completed | Affirmative Consent mechanism added to User Signup |
Completed | HSTS (HTTP Strict Transport Security) added to SSL/TLS of App Site |
Completed | Establish Stale Data and User Policies |
Completed | Inform Users about the GDPR Page |
Completed | Ensure Web Application Firewall enabled and blocking common attacks |
Completed | Redact Logs from Writing Unneeded Personal or Sensitive Data |
Completed | Registered with HaveIBeenPwned Domain Notification |
Completed | Ensure Access to Backups is Restricted |
Completed | Ensure Backups are Stored in on Encrypted File Storage |
Completed | Ensure Database Backups of Personal Data are working |
Completed | Establish Development Environment Data Handling Guidelines |
Completed | Personal Data in File Storage is Encrypted |
Completed | Personal Data in Databases is Encrypted |
Completed | Restrict Personal Data at Signup to the Minimum Necessary |
Completed | SSL (TLS) Deployed on App Site |
Data Mapping | |
---|---|
Status | Name |
Completed | Add Performance Monitoring Applications to Data Providers |
Completed | Add Exception/Error Reporting Services to Data Partners |
Completed | Add Internal Email Service to Data Partners |
Completed | Add Hosting Provider to Data Partners |
Completed | Add Customer Support (Helpdesk) Service to Partners |
Completed | Add Transactional Email Service to Partners |
Completed | Add Email Newsletter Service to Partners |
Completed | Add CDN Provider to Data Partners |
Privacy Procedures | |
---|---|
Status | Name |
Completed | Briefed all Staff on GDPR Impact to the organization |
Completed | Informed all Employees and Contractors about GDPR Compliance |
Completed | Privacy Policy Updates |
Completed | Procedure established to allow for people to request that inaccuracies in their data are fixed. |
Completed | Process established for subject data requests |
Completed | Get Management Approval for GDPR Efforts |
Completed | Data Protection Policy Created |
Completed | Developed a Data Processing Agreement |
Completed | Nominate a Data Protection Lead or Data Protection |
Security Procedures | |
---|---|
Status | Name |
Completed | Data Breach Notification Policy has been established |
Completed | Publish statement on public website on how to report security and data issues. |
If you have any concerns not answered here, please reach out to our contact (listed above) and we'll be happy to assist.
The General Data Protection Regulation (GDPR) is a new piece of privacy legislation enacted by the European Union. It represents a significant change in how personal (IP Addresses, Emails, Names) and sensitive (religion, ethnic origin, health, orientation) data is handled by companies.
We take all security reports seriously. Please email our security contact (information listed above) with any information you have regarding any potential data breaches, vulnerabilities or concerns.
While it remains to be seen if the EU has the legislative power to levy fines and enforcement against organizations around the globe, GDPR compliance is being sought by non EU companies for a variety of reasons.