PRIVACY POLICY — SIMPLYWOODPLAN
Effective as of May 13, 2026
This Privacy Policy describes how Simplywoodplan collects, uses, and protects the personal data of its users, in accordance with the European General Data Protection Regulation (GDPR) and the French Data Protection Act.
ARTICLE 1 — DATA CONTROLLER
The data controller responsible for the personal data collected through Simplywoodplan is:
Michel Guiot
Sole proprietorship (French micro-enterprise)
French business registration number (SIRET): 941 722 324 00014
Address: Saussey (50200), Normandy, France
Email: simplywoodplan@gmail.com
If there is no designated Data Protection Officer (DPO), any request regarding personal data may be sent directly to the data controller at the email address provided above.
ARTICLE 2 — PERSONAL DATA COLLECTED
Simplywoodplan collects the following data from the User, strictly for the purpose of providing services:
Email address (provided upon subscription, used for authentication and transactional communication); payment data (card number, expiration date, security code) processed exclusively by Stripe and never visible to, stored by, or recorded by Simplywoodplan; technical data of the wood project entered by the User (dimensions, selected model, configuration options); project name (free-text field chosen by the User, included in the generated PDF plan); Stripe transaction identifiers (customer ID, session ID, subscription ID) necessary for subscription monitoring and billing; service usage metadata (subscription date, expiration date, number of PDFs generated, subscription status).
No sensitive data as defined in Article 9 of the GDPR (racial or ethnic origin, political opinions, religious beliefs, health data, etc.) is collected.
ARTICLE 3 — PURPOSES OF PROCESSING
The personal data collected is used exclusively for the following purposes: enabling the User to access and use the Simplywoodplan application; generating and delivering the PDF plans requested by the User; managing payments, subscription tracking, and billing; sending transactional emails (payment confirmation, plan delivery, renewal or termination notifications); responding to support requests and complaints; and complying with the Publisher’s legal and accounting obligations (retention of invoices, tax returns).
Under no circumstances is data used for advertising purposes, commercial profiling, or resale to third parties.
ARTICLE 4 — LEGAL BASES FOR PROCESSING
In accordance with Article 6 of the GDPR, the processing operations carried out by Simplywoodplan are based on the following legal grounds: performance of the contract entered into with the User (subscription, provision of services, PDF generation, billing); compliance with the Publisher’s legal obligations (accounting records, tax returns, fraud prevention); and the Publisher’s legitimate interests, particularly in relation to service security and the prevention of misuse.
No processing is based on consent for advertising or commercial purposes.
ARTICLE 5 — DATA RECIPIENTS AND PROCESSORS
The User's personal data may be shared with the following technical processors, strictly for the purpose of providing services and in accordance with GDPR-compliant contractual agreements:
Glide Apps (Glide, Inc., United States): hosting of the web application and storage of user data;
Stripe (Stripe, Inc., United States): payment processing and subscription management;
SendGrid (Twilio Inc., United States): delivery of transactional emails;
PDF.co (ByteScout, United States): technical generation of plans in PDF format;
Squarespace (Squarespace, Inc., United States): hosting of the marketing website;
n8n: orchestration of data flows between the above services.
The Publisher agrees to use only processors that provide sufficient safeguards regarding data protection, and to disclose only the data strictly necessary for each purpose.
No data is resold, transferred, or shared with third parties for commercial purposes.
ARTICLE 6 — TRANSFERS OUTSIDE THE EUROPEAN UNION
Several technical processors mentioned in Article 5 are based in the United States (Glide, Stripe, SendGrid, PDF.co, Squarespace). The User's personal data may therefore be transferred outside the European Union.
These transfers are governed by the mechanisms provided for in the GDPR, in particular the Standard Contractual Clauses adopted by the European Commission and, where applicable, the processors’ adherence to the EU-U.S. Data Privacy Framework.
The User may obtain a copy of the applicable safeguards by sending a simple request to simplywoodplan@gmail.com.
ARTICLE 7 — DATA RETENTION PERIODS
Personal data is retained for as long as necessary to fulfill the purposes for which it was collected, in accordance with the following timeframes:
Account and usage data: for the entire duration of the active subscription;
After the subscription is terminated: three (3) years, in order to comply with the accounting, tax, and legal obligations applicable to French micro-entrepreneurs;
Invoices and accounting documents: ten (10) years, in accordance with the French Commercial Code;
Payment data (Stripe): retained in accordance with Stripe's policy, available at https://stripe.com/privacy.
At the end of these periods, the data is deleted or irreversibly anonymized.
ARTICLE 8 — USER RIGHTS
In accordance with Articles 15 through 22 of the GDPR, the User has the following rights regarding their personal data:
Right of access: to obtain confirmation that their data is being processed and to receive a copy;
Right to rectification: the right to have inaccurate or incomplete data corrected;
Right to erasure ("right to be forgotten"): to request the deletion of their data, subject to legal retention requirements;
Right to restriction of processing: to request the suspension of processing in certain cases;
Right to data portability: to receive their data in a structured, machine-readable format;
Right to object: the right to object to processing on legitimate grounds;
The right to establish end-of-life directives regarding the disposition of their data after death.
You may exercise these rights at any time by writing to simplywoodplan@gmail.com. We will respond within one (1) month of receiving your request.
ARTICLE 9 — DATA SECURITY
The Publisher implements appropriate technical and organizational measures to ensure the security, confidentiality, and integrity of the personal data processed, including: encryption of communications via HTTPS throughout the entire service; authentication via a magic link or single-use code (PIN); storage of payment data exclusively with Stripe, in compliance with PCI-DSS standards; access to data limited to what is strictly necessary for the data controller; and selection of processors that provide contractual guarantees regarding data protection.
In the event of a data breach likely to pose a risk to the rights and freedoms of Users, the Publisher agrees to notify the French Data Protection Authority (CNIL) within seventy-two (72) hours and to inform the affected Users in accordance with Article 34 of the GDPR.
ARTICLE 10 — COOKIES
The simplywoodplan.com website and the Simplywoodplan app use technical cookies that are essential for the service to function (session, authentication, Stripe payment). No advertising, third-party audience measurement, or profiling cookies are used.
A dedicated cookie policy specifies the types of cookies used, their duration, and their purpose.
ARTICLE 11 — COMPLAINT TO THE CNIL
The User has the right to file a complaint with the French Data Protection Authority (Commission Nationale de l'Informatique et des Libertés — CNIL), the supervisory authority for personal data protection in France:
CNIL — 3 Place de Fontenoy, P.O. Box 80715, 75334 PARIS CEDEX 07, France
Website: https://www.cnil.fr
Phone: +33 1 53 73 22 22
Before filing a complaint with the CNIL, the User is encouraged to first contact the Publisher at simplywoodplan@gmail.com to attempt to reach an amicable resolution.
ARTICLE 12 — CHANGES TO THIS POLICY
This Privacy Policy may be modified at any time to reflect changes to the service, its processors, or applicable regulations. The version in effect is the one published on the website on the date of access. In the event of a substantial modification, the User will be notified by email.