PRIVACY POLICY — SIMPLYWOODPLAN

Effective as of May 12, 2026

This Privacy Policy describes how Simplywoodplan collects, uses, and protects its users’ personal data, in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act.

ARTICLE 1 — DATA CONTROLLER

The data controller for personal data collected via Simplywoodplan is:

Michel Guiot

Self-employed individual

SIRET: 941 722 324 00014

Address: Saussey (50200), Normandy, France

Contact email: simplywoodplan@gmail.com

If no Data Protection Officer (DPO) has been appointed, any requests regarding personal data may be sent directly to the data controller at the email address above.

ARTICLE 2 — PERSONAL DATA COLLECTED

Simplywoodplan collects the following data from the User, strictly for the purpose of providing the service:

— Email address (provided upon sign-up, used for authentication and transactional communications)

— Payment information (credit card number, expiration date, security code) is processed exclusively by Stripe and is never viewed, stored, or recorded by Simplywoodplan

— Technical details of the wood project entered by the User (dimensions, selected model, configuration options)

— Project name (a free-form field chosen by the user, included in the generated PDF drawing)

— Stripe transaction identifiers (customer ID, session ID, subscription ID) required for subscription tracking and billing

— Service usage metadata (subscription start date, expiration date, number of PDFs generated, subscription status)

No sensitive personal data as defined in Article 9 of the GDPR (racial or ethnic origin, political opinions, religious beliefs, health data, etc.) is collected.

ARTICLE 3 — PURPOSES OF THE PROCESSING

The personal data collected is used exclusively for the following purposes:

— To allow the User to access and use the Simplywoodplan app

— Generate and deliver the PDF drawings requested by the User

— Manage payments, subscription tracking, and billing

— Send transactional emails (payment confirmation, plan delivery, renewal or cancellation notifications)

— Respond to support requests and complaints

— Comply with the Publisher’s legal and accounting obligations (retention of invoices, tax returns)

Under no circumstances will the data be used for advertising, commercial profiling, or resale to third parties.

ARTICLE 4 — LEGAL BASIS FOR DATA PROCESSING

In accordance with Article 6 of the GDPR, the processing activities carried out by Simplywoodplan are based on the following legal grounds:

— Performance of the contract entered into with the User (subscription, provision of the service, generation of PDFs, billing)

— Compliance with the Publisher’s legal obligations (accounting records, tax filings, anti-fraud measures)

— The Publisher’s legitimate interest, particularly with regard to service security and the prevention of misuse

No processing is based on consent for advertising or commercial purposes.

ARTICLE 5 — DATA RECIPIENTS AND PROCESSORS

The User's personal data may be disclosed to the following technical service providers, strictly for the purpose of providing the service and based on contractual commitments that comply with the GDPR:

— Glide Apps (Glide, Inc., United States): web application hosting and user data storage

— Stripe (Stripe, Inc., United States): payment processing and subscription management

— SendGrid (Twilio Inc., United States): sending transactional emails

— PDF.co (ByteScout, United States): technical generation of floor plans in PDF format

— Squarespace (Squarespace, Inc., United States): marketing website hosting

— n8n (orchestration of data flows between the above services)

The Publisher undertakes to use only subcontractors that provide adequate safeguards regarding data protection and to disclose only the data strictly necessary for each specific purpose.

No data is resold, transferred, or shared with third parties for commercial purposes.

ARTICLE 6 — DATA TRANSFERS OUTSIDE THE EUROPEAN UNION

Several technical service providers listed in Article 5 are based in the United States (Glide, Stripe, Sendgrid, PDF.co, Squarespace). The User’s personal data may therefore be transferred outside the European Union.

These transfers are governed by the mechanisms set forth in the GDPR, including the Standard Contractual Clauses adopted by the European Commission and, where applicable, the processors’ adherence to the EU-U.S. Data Privacy Framework.

Users may obtain a copy of the applicable warranties by sending a request to simplywoodplan@gmail.com.

ARTICLE 7 — DATA RETENTION PERIOD

Personal data is retained for as long as necessary to fulfill the purposes for which it was collected, in accordance with the following timeframes:

— Account and usage data: for the duration of the active subscription

— After the subscription is canceled: three (3) years, in order to comply with the accounting, tax, and legal obligations applicable to self-employed individuals in France

— Invoices and accounting documents: ten (10) years, in accordance with the Commercial Code

— Payment data (Stripe): retained in accordance with Stripe’s own policy, available at https://stripe.com/fr/privacy

Once these time limits have expired, the data is permanently deleted or anonymized.

ARTICLE 8 — USER RIGHTS

In accordance with Articles 15 through 22 of the GDPR, the User has the following rights regarding their personal data:

— Right of access: to obtain confirmation that your data is being processed and to receive a copy of it

— Right to rectification: have inaccurate or incomplete data corrected

— Right to erasure (“right to be forgotten”): request the deletion of your data, subject to legal retention requirements

— Right to restriction of processing: request the suspension of processing in certain cases

— Right to data portability: to receive one’s data in a structured, machine-readable format

— Right to object: to object to the processing on legitimate grounds

— The right to establish end-of-life directives regarding the handling of one’s data after death

You may exercise these rights at any time by writing to simplywoodplan@gmail.com. We will respond within one (1) month of receiving your request.

ARTICLE 9 — DATA SECURITY

The Publisher implements appropriate technical and organizational measures to ensure the security, confidentiality, and integrity of the personal data processed, including:

— HTTPS encryption for all communications across the entire service

— Authentication via a magic link or one-time code (PIN)

— Payment data is stored exclusively with Stripe, in compliance with PCI-DSS standards

— Access to data is limited to what is strictly necessary for the data controller

— Selection of subcontractors that provide contractual guarantees regarding data protection

In the event of a data breach that could pose a risk to Users’ rights and freedoms, the Publisher undertakes to notify the CNIL of the incident within seventy-two (72) hours and to inform the affected Users in accordance with Article 34 of the GDPR.

ARTICLE 10 — COOKIES

The simplywoodplan.com website and the Simplywoodplan app use technical cookies that are essential for the service to function (session, authentication, Stripe payment). No advertising cookies, third-party audience measurement cookies, or profiling cookies are used.

A dedicated cookie policy specifies the types of cookies used, their duration, and their purpose.

ARTICLE 11 — COMPLAINTS TO THE CNIL

The User has the right to file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the French data protection supervisory authority:

CNIL — 3 Place de Fontenoy, P.O. Box 80715, 75334 PARIS CEDEX 07

Website: https://www.cnil.fr

Phone: 01-53-73-22-22

Before filing a complaint with the CNIL, the User is asked to first contact the Publisher at simplywoodplan@gmail.com to attempt to resolve the issue amicably.

ARTICLE 12 — CHANGES TO THE POLICY

This Privacy Policy may be amended at any time to reflect changes to the service, our service providers, or applicable regulations. The current version is the one published on the website on the date of access. In the event of a substantial change, the User will be notified by email.