Skip to content

Data Privacy Policy

Last updated: May 2026

SimpleAddins add-ins are designed with privacy by default: your document content never leaves your local machine, and we collect only the minimum data required to provide the service.


Overview: What Stays Local

The vast majority of your interaction with SimpleAddins happens entirely on your device:

ActivityLocationInternet Required?
Scanning document fieldsYour computerNo
Filling in field valuesYour computerNo
Applying changes to documentsYour computerNo
Colour coding textYour computerNo
Saving and inserting clipsYour computer (Office settings)No
Restoring scan sessionsYour computer (Office settings)No
Saving user profileYour computer (Office settings)No

Bottom line: Your document content, field values, and clips never leave your machine.


What Data is Stored

1. User Profile Data

Stored in your Office roaming settings (synced across your Office devices):

DataPurposeEncrypted?
NameDisplay in UI, licence associationYes (AES-256)
EmailLicence verification, SSO identityYes (AES-256)
User IDUnique identifier for supportYes (AES-256)
Licence statusFeature gatingNo (boolean flag)

2. Application Data

Stored in your Office roaming settings:

DataPurposeEncrypted?
ClipsReusable text snippetsYes (AES-256)
SSO tokens (MSAL)Microsoft authenticationYes (AES-256)
Profile FieldsAuto-fill personal detailsYes (AES-256)
EULA acceptanceTerms agreement trackingNo (boolean flag)
About overlay seenFirst-run experienceNo (version key)

3. Per-Document Data

Stored in document settings (saved within each Word file):

DataPurposeEncrypted?
Scan sessionsField values and stateNo (ephemeral work data)

This means if you send a document to a colleague, your saved session goes with it — they can restore your field values if they have Template Helper installed.


What Data is Transmitted

SimpleAddins communicates with servers only for these specific purposes:

Licence Verification

When: On sign-in, periodically while using Pro features
What is sent:

  • Licence key (if Pro user)
  • SSO token hash (if Microsoft sign-in)
  • Timestamp

What is NOT sent:

  • Document content
  • Field values
  • User behaviour data

Feedback Submission

When: Only when you explicitly click "Submit Feedback"
What is sent:

  • Your feedback message
  • User ID (for follow-up if needed)
  • Add-in version and diagnostic info (if you include it)

What is NOT sent:

  • Document content
  • Field data

Stripe Payment (Pro Upgrades)

When: When purchasing a Pro licence
What happens:

  • Stripe.js loads directly from Stripe's servers
  • Payment card details are entered in Stripe's secure iframe
  • Card data never touches SimpleAddins servers
  • We receive only a licence token from Stripe

Data Retention

Data TypeRetention PeriodDeletion Method
User profileUntil you delete the add-in or clear Office settingsClick "Logout" in Profile tab
ClipsUntil deleted or add-in removedDelete individual clips or click "Logout"
Sessions30 days of inactivityAutomatic expiration
Licence statusDuration of licence subscriptionExpires with subscription
Feedback messages2 years for support purposesContact support to request deletion

Your Rights

Under GDPR and similar privacy regulations, you have the right to:

  1. Access — Request a copy of all data we hold about you
  2. Rectification — Correct inaccurate data (do this in the Profile tab)
  3. Erasure — Delete all your data (click "Logout" and check "Clear all data")
  4. Portability — Export your clips and sessions via the built-in Export buttons
  5. Object — Opt out of non-essential data collection (we don't do any, so this is automatic)

To exercise these rights, email privacy@simpleaddins.com or use the in-app feedback form.


Security Measures

Encryption

  • At rest: AES-256 encryption for all sensitive data in Office settings
  • In transit: TLS 1.3 for all server communications
  • Key management: Encryption keys are derived from your Office identity; we cannot decrypt your data

Access Controls

  • No SimpleAddins employee can access your stored clips, sessions, or profile
  • Server logs contain only licence check hashes and timestamps, never document data
  • Database access is restricted to senior engineers with hardware key 2FA

Third-Party Processors

ServicePurposeLocationPrivacy Policy
Microsoft Office 365Add-in hosting & settings storageEU/US (your choice)Microsoft Privacy
StripePayment processingUSStripe Privacy
AzureLicence API hostingEU (Ireland)Microsoft Privacy

All processors are GDPR-compliant with Standard Contractual Clauses for any US data transfer.


Ejudiciary-Specific Privacy

For users signing in with @ejudiciary.net accounts:

  • Your email domain is checked locally after Microsoft SSO completes
  • No special tracking or profiling occurs
  • Enhanced Export and LLM Import features are unlocked without additional data collection
  • Your judicial network affiliation is not logged on our servers

Changes to This Policy

We will notify you of material privacy policy changes via:

  • In-app notification on the Profile tab
  • Email to registered users (if you've shared an email)
  • Update to this documentation page with a new "Last updated" date

Contact

Data Protection Officer: privacy@simpleaddins.com
Response time: Within 48 hours
For urgent security issues: security@simpleaddins.com (GPG key available on request)


Next Steps

SimpleAddins — Professional add-ins for Microsoft Word