Data Privacy Policy
Last updated: May 2026
SimpleAddins add-ins are designed with privacy by default: your document content never leaves your local machine, and we collect only the minimum data required to provide the service.
Overview: What Stays Local
The vast majority of your interaction with SimpleAddins happens entirely on your device:
| Activity | Location | Internet Required? |
|---|---|---|
| Scanning document fields | Your computer | No |
| Filling in field values | Your computer | No |
| Applying changes to documents | Your computer | No |
| Colour coding text | Your computer | No |
| Saving and inserting clips | Your computer (Office settings) | No |
| Restoring scan sessions | Your computer (Office settings) | No |
| Saving user profile | Your computer (Office settings) | No |
Bottom line: Your document content, field values, and clips never leave your machine.
What Data is Stored
1. User Profile Data
Stored in your Office roaming settings (synced across your Office devices):
| Data | Purpose | Encrypted? |
|---|---|---|
| Name | Display in UI, licence association | Yes (AES-256) |
| Licence verification, SSO identity | Yes (AES-256) | |
| User ID | Unique identifier for support | Yes (AES-256) |
| Licence status | Feature gating | No (boolean flag) |
2. Application Data
Stored in your Office roaming settings:
| Data | Purpose | Encrypted? |
|---|---|---|
| Clips | Reusable text snippets | Yes (AES-256) |
| SSO tokens (MSAL) | Microsoft authentication | Yes (AES-256) |
| Profile Fields | Auto-fill personal details | Yes (AES-256) |
| EULA acceptance | Terms agreement tracking | No (boolean flag) |
| About overlay seen | First-run experience | No (version key) |
3. Per-Document Data
Stored in document settings (saved within each Word file):
| Data | Purpose | Encrypted? |
|---|---|---|
| Scan sessions | Field values and state | No (ephemeral work data) |
This means if you send a document to a colleague, your saved session goes with it — they can restore your field values if they have Template Helper installed.
What Data is Transmitted
SimpleAddins communicates with servers only for these specific purposes:
Licence Verification
When: On sign-in, periodically while using Pro features
What is sent:
- Licence key (if Pro user)
- SSO token hash (if Microsoft sign-in)
- Timestamp
What is NOT sent:
- Document content
- Field values
- User behaviour data
Feedback Submission
When: Only when you explicitly click "Submit Feedback"
What is sent:
- Your feedback message
- User ID (for follow-up if needed)
- Add-in version and diagnostic info (if you include it)
What is NOT sent:
- Document content
- Field data
Stripe Payment (Pro Upgrades)
When: When purchasing a Pro licence
What happens:
- Stripe.js loads directly from Stripe's servers
- Payment card details are entered in Stripe's secure iframe
- Card data never touches SimpleAddins servers
- We receive only a licence token from Stripe
Data Retention
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| User profile | Until you delete the add-in or clear Office settings | Click "Logout" in Profile tab |
| Clips | Until deleted or add-in removed | Delete individual clips or click "Logout" |
| Sessions | 30 days of inactivity | Automatic expiration |
| Licence status | Duration of licence subscription | Expires with subscription |
| Feedback messages | 2 years for support purposes | Contact support to request deletion |
Your Rights
Under GDPR and similar privacy regulations, you have the right to:
- Access — Request a copy of all data we hold about you
- Rectification — Correct inaccurate data (do this in the Profile tab)
- Erasure — Delete all your data (click "Logout" and check "Clear all data")
- Portability — Export your clips and sessions via the built-in Export buttons
- Object — Opt out of non-essential data collection (we don't do any, so this is automatic)
To exercise these rights, email privacy@simpleaddins.com or use the in-app feedback form.
Security Measures
Encryption
- At rest: AES-256 encryption for all sensitive data in Office settings
- In transit: TLS 1.3 for all server communications
- Key management: Encryption keys are derived from your Office identity; we cannot decrypt your data
Access Controls
- No SimpleAddins employee can access your stored clips, sessions, or profile
- Server logs contain only licence check hashes and timestamps, never document data
- Database access is restricted to senior engineers with hardware key 2FA
Third-Party Processors
| Service | Purpose | Location | Privacy Policy |
|---|---|---|---|
| Microsoft Office 365 | Add-in hosting & settings storage | EU/US (your choice) | Microsoft Privacy |
| Stripe | Payment processing | US | Stripe Privacy |
| Azure | Licence API hosting | EU (Ireland) | Microsoft Privacy |
All processors are GDPR-compliant with Standard Contractual Clauses for any US data transfer.
Ejudiciary-Specific Privacy
For users signing in with @ejudiciary.net accounts:
- Your email domain is checked locally after Microsoft SSO completes
- No special tracking or profiling occurs
- Enhanced Export and LLM Import features are unlocked without additional data collection
- Your judicial network affiliation is not logged on our servers
Changes to This Policy
We will notify you of material privacy policy changes via:
- In-app notification on the Profile tab
- Email to registered users (if you've shared an email)
- Update to this documentation page with a new "Last updated" date
Contact
Data Protection Officer: privacy@simpleaddins.com
Response time: Within 48 hours
For urgent security issues: security@simpleaddins.com (GPG key available on request)
Next Steps
- Architecture & Security — technical details of how we protect your data
- Signing In — authentication and account management
- Troubleshooting — privacy-related issues and fixes