SmplCo

Privacy Policy

Last updated: 24 April 2026

1. Who we are

SmplCo AS (“SmplCo”, “we”, “us”) is a digital product studio registered in Norway. Our registered office is at Ryfylkegata 9, 4014 Stavanger, Norway.

For any privacy-related question, contact us at hello@smpl.as.

SmplCo is the data controller for personal data collected through this website (smpl.as) and associated services.

2. What this policy covers

This policy describes how we handle personal data when you:

  • Visit smpl.as or any of our subdomains.
  • Submit a contact, booking, lead-magnet, or quiz form on our site.
  • Interact with our content via third-party platforms where we run advertising (including Meta, LinkedIn, and Google).
  • Engage with SmplCo as a client, partner, or supplier.

3. What information we collect

Information you give us

  • Contact details you provide in forms: name, email address, company, role, and phone number where supplied.
  • Message content you send via forms or email.
  • Answers and preferences you provide in interactive content such as the Founder Quiz (/investorready) or the Designer Quiz (/yggdrasil).

Information collected automatically

  • Browser, device, referrer, and page-view data via Vercel Analytics. This data is anonymous and cookie-free.
  • IP address (transiently, for rate-limiting, anti-abuse, and delivery of content).
  • Standard server logs (response codes, timing, errors).

Information from third parties

  • Aggregated and pseudonymous campaign performance data from advertising platforms including Meta, LinkedIn, and Google.
  • Publicly available business information when researching prospective clients or partners.

4. How we use your data

  • To respond to your enquiry and deliver the services or resources you request.
  • To send you relevant marketing communications, where permitted by law and where you have opted in.
  • To run, measure, and optimise advertising campaigns on Meta, LinkedIn, Google, and other platforms.
  • To improve our website and services using aggregated usage patterns.
  • To keep our systems secure and prevent fraud or abuse.
  • To meet legal, regulatory, and tax obligations.

Under the EU/UK GDPR, the lawful bases we rely on are: contract (to deliver services you request), legitimate interest (for analytics, security, and business operations), consent (for marketing and certain advertising activities, which you can withdraw at any time), and legal obligation (for tax and regulatory compliance).

5. Cookies and similar technologies

Smpl.as uses minimal cookies. Our primary analytics tool, Vercel Analytics, is cookie-free and collects only anonymised information.

When you engage with SmplCo content on third-party platforms such as Meta, LinkedIn, or Google, those platforms may place cookies or use similar technologies. Their own privacy policies govern those interactions:

6. Advertising and Meta integration

SmplCo uses Meta's advertising tools, including Meta Ads Manager and the Meta Marketing API, to run advertising campaigns on Facebook, Instagram, and other Meta-owned properties. Through these integrations:

  • We may receive aggregated and pseudonymous performance data about our campaigns, including reach, impressions, clicks, and conversions.
  • We may upload hashed email addresses to create Custom Audiences, Lookalike Audiences, or suppression lists, only where we have a lawful basis to do so.
  • We use Meta's business tools to measure campaign effectiveness and reach audiences likely to be interested in SmplCo's services.

This integration is governed by Meta's data-processing terms. We do not sell personal data. We apply Meta's data-matching requirements and follow the principle of data minimisation — we upload only the minimum information necessary to run a campaign.

7. Service providers and sharing

We share personal data with a limited set of trusted service providers:

  • Vercel, Inc. — website hosting and performance analytics.
  • Google (Workspace, Calendar, Gmail SMTP) — email delivery, calendaring, and business communications.
  • Meta Platforms, Inc. — advertising and campaign measurement.
  • LinkedIn Corporation — advertising and professional outreach.
  • Our internal CRM, hosted on SmplCo infrastructure at go.smpl.as, used for lead and relationship management.
  • Payment and invoicing providers (used only where a commercial engagement requires it).
  • Professional advisors (accountants, lawyers) under confidentiality obligations.

We do not sell personal data to third parties.

8. International data transfers

SmplCo is based in Norway, within the EEA. Some of our service providers (including Vercel, Google, and Meta) process data in the United States and other jurisdictions. Where personal data is transferred outside the EEA, we rely on Standard Contractual Clauses, Data Processing Agreements, and the relevant provider's own compliance programmes.

9. How long we keep data

  • Contact form enquiries and lead-magnet submissions: up to 24 months unless an active commercial engagement follows.
  • Client relationship data: for the duration of the engagement plus up to seven years to meet Norwegian tax and accounting requirements.
  • Marketing email lists: until you unsubscribe or after 24 months of inactivity.
  • Advertising and analytics data: per the retention windows set by the relevant platforms (typically 90–180 days).

10. Your rights

Under the GDPR and comparable laws, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion, subject to legal retention obligations.
  • Object to certain processing, including direct marketing.
  • Restrict processing in specific circumstances.
  • Request data portability.
  • Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Lodge a complaint with a supervisory authority. In Norway, this is Datatilsynet.

California residents have additional rights under the CCPA, including the right to know what personal information is collected, to delete it, and to opt out of its sale or sharing (we do not sell personal information).

To exercise any of these rights, email hello@smpl.as. We will respond within 30 days.

11. Children's privacy

Our site and services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected such data in error, contact us and we will delete it.

12. Security

We apply appropriate technical and organisational measures to protect personal data, including:

  • TLS encryption on all traffic — smpl.as serves HTTPS only.
  • Encrypted email transport (STARTTLS) for business email delivered via Gmail.
  • Access controls and least-privilege principles for internal systems.
  • Regular software updates and dependency patching.

No online system is perfectly secure. If you believe your data may have been compromised, contact hello@smpl.as immediately.

13. Changes to this policy

We may update this policy from time to time. Material changes will be reflected at smpl.as/privacy with an updated “Last updated” date. Where required by law, we will notify affected users directly.

14. Contact us

Questions or requests about this policy, or about the personal data we hold about you:

  • Email: hello@smpl.as
  • Post: SmplCo AS, Ryfylkegata 9, 4014 Stavanger, Norway