We summarized all the GDPR elements that should matter to you and your customer in a simplified sheet.
GDPR Control and links
Individual Responsible for GDPR Compliance
Laurent Lemaire, Data Controller
Purpose of Processing
We process data to continuously improve our products and services, log data about performance and overall backup activities. Our systems also process data for security and monitoring purposes.. Notice regarding the collection and use of Personally Identifiable Information (PII) can be found here: https://simplebackups.com/privacy/#GDPR
AI Agent (MCP) Connections
SimpleBackups offers an optional MCP server you may connect to a third-party AI agent of your choice. SimpleBackups does not operate or provide any AI model. When you connect an agent, it retrieves account data through the MCP server at your instruction, and the AI provider you choose acts as your own processor, under your control and governed by its own terms. See https://simplebackups.com/privacy/ for details.
Lawful Basis for Collection & Processing
All PII collected and processed within SimpleBackups is in accordance with an agreement between SimpleBackups and the Data Controller
Data Subject Access Requests (DSAR)
Requests for data access, modification or deletion may be sent to info@simplebackups.com
Customer Data, including PII, is securely deleted from SimpleBackups systems within ninety (90) days of service termination or upon customer request. SimpleBackups-controlled PII is deleted in accordance with internal policy, when it no longer has business value, or upon Data Subject request
Data Protection & Information Security
SimpleBackups maintains a comprehensive information security management system to protect and preserve the confidentiality, integrity and availability of Customer Data.
Breach Notification
Any breach of PII will be promptly reported to Customers, Data Subjects and Data Authorities in accordance with our Incident Response Policy and all applicable regulatory requirements.
