Privacy Policy

Who We Are and How to Contact Us

Cimpleit, Inc. ("Cimpleit," "we," "us," or "our") is a United States-based software company that develops enterprise financial control and data intelligence software. Our two core products are:

• LicenseIQ — A contract-to-cash execution platform used by finance teams at mid-market manufacturing and distribution companies to manage contract-driven revenue, rebates, royalties, and channel incentives. LicenseIQ uses AI to extract and interpret contract terms, runs financial calculations, and produces audit-ready journal entries and accruals.
• DataIQ — A data ingestion and intelligence platform that connects to ERP systems, distributor portals, and partner data sources to ingest, normalize, and map transaction data — including sales records, purchase orders, point-of-sale (POS) data, and EDI documents — for use in financial calculations and reporting.

DataIQ and LicenseIQ are designed to work together: DataIQ delivers clean, structured data into LicenseIQ, which then performs the financial calculations and settlement workflows.

Data We Collect

The data we collect falls into two broad categories: Customer Data (data you upload, connect, or generate within our platforms) and Platform Data (data we collect to operate and improve our services).

2.1 Customer Data

Customer Data is data that you and your organization provide to us, or that our platforms receive on your behalf from third-party systems. This includes:

• Contract and agreement documents. Executed contracts, amendments, pricing schedules, rebate agreements, royalty agreements, and other commercial documents uploaded into LicenseIQ or connected via document repositories.
• Financial transaction data. Sales records, purchase orders, invoices, credit memos, payment records, accrual data, and settlement histories.
• ERP and system data. Data pulled from your enterprise resource planning (ERP) systems, including product master data, customer and supplier records, pricing data, and general ledger structures.
• Distributor and partner data. Data received from your distributors, channel partners, and trading partners — including point-of-sale (POS) data, sell-through reports, and inventory data — typically provided in structured formats such as EDI transactions, CSV files, or portal exports.
• EDI documents. Electronic Data Interchange documents (such as 850 purchase orders, 867 POS data, 810 invoices, and 820 payment remittances) received from your trading partners and ingested via DataIQ.
• Outputs and calculation results. Journal entries, accrual schedules, rebate settlements, royalty statements, and reports generated by LicenseIQ based on your data.

2.2 Account and User Data

We collect basic account information for the individuals at your organization who access our platforms:

• Name and business email address
• Job title and department
• Account credentials (passwords are hashed and never stored in plaintext)
• User roles and access permissions within the platform

2.3 Usage and Technical Data

We collect data about how the platforms are used to support operations, troubleshoot issues, and improve the product:

• Log data (pages accessed, features used, timestamps, error events)
• Device and browser information
• IP addresses
• Session identifiers

We do not use this data to build behavioral profiles for advertising or to sell to third parties.

How We Use Your Data

We use Customer Data exclusively to provide the LicenseIQ and DataIQ services you have subscribed to. Specific uses include:

• Ingesting and normalizing transaction data from your ERP systems, partner portals, and EDI feeds (DataIQ)
• Extracting and interpreting contract terms using AI-assisted document processing (LicenseIQ)
• Running financial calculations for rebates, royalties, revenue recognition, and channel incentives
• Generating audit-ready journal entries, accrual schedules, and settlement statements
• Presenting financial data in dashboards and reports for your finance and operations teams
• Providing customer support, troubleshooting, and platform maintenance
• Sending product and service communications relevant to your account (including release notes, maintenance notifications, and support responses)

AI and Automated Processing

Both LicenseIQ and DataIQ use artificial intelligence and machine learning techniques to assist with data processing tasks. We want to be transparent about how this works.

Contract term extraction

LicenseIQ uses AI to read contract documents and extract key terms — such as rebate thresholds, royalty rates, effective dates, and eligible product categories. The AI identifies and structures this information to reduce manual data entry. AI-extracted terms are presented to users for review and confirmation before they are used in any financial calculation. Humans are in the loop before extracted terms become executable.

Data mapping and normalization

DataIQ uses AI-assisted logic to map incoming transaction data — from EDI files, ERP exports, and partner portals — to a normalized data model. This allows data from disparate sources and formats to be used consistently in LicenseIQ calculations. Mapping rules are reviewed and approved by your team before they are applied to production data.

In both cases, AI is used to assist human reviewers, not to make autonomous financial decisions. No financial output becomes authoritative until it has been reviewed and approved by an authorized user in your organization.

EDI and Partner Data Handling

DataIQ is designed to receive and process Electronic Data Interchange (EDI) documents and structured data files transmitted by your distributors, channel partners, and trading partners. This includes transaction sets such as:

• 850 – Purchase Orders
• 867 – Product Transfer and Resale (POS/sell-through data)
• 810 – Invoices
• 820 – Payment Orders and Remittance Advice
• 856 – Ship Notices
• Other EDI and flat-file formats specific to your industry and trading relationships

This partner data is received on your behalf, pursuant to your trading agreements with those partners. Cimpleit processes it solely to provide the DataIQ and LicenseIQ services to you.

We do not contact your trading partners directly, use their data for any purpose beyond delivering your contracted services, or share their data with any other customer or third party. Your trading partner data is treated with the same confidentiality obligations as all other Customer Data.

If a trading partner transmits data to Cimpleit infrastructure on your behalf, you are responsible for ensuring that your agreements with that partner authorize such transmission and processing.

Customer Data vs. Cimpleit Data

Cimpleit acts as a data processor with respect to all Customer Data. This means:

• Customer Data belongs to you. You retain full ownership of your contracts, financial records, transaction data, and all other data you bring into the platforms.
• We process Customer Data only on your instructions and in accordance with our agreement with you.
• We do not use Customer Data for our own commercial purposes, including advertising, resale, or benchmarking studies, without your explicit consent.

Cimpleit owns and controls Platform Data (aggregated, anonymized usage statistics and telemetry data that cannot be traced back to any individual customer or record). We may use this data to improve platform performance and reliability.

If your agreement with Cimpleit ends, your Customer Data will be made available for export and then deleted in accordance with our retention schedule described in Section 8.

How We Store and Protect Your Data

7.1 Infrastructure

Our platforms are hosted in cloud environments operated by enterprise cloud providers. All infrastructure is located in the United States unless otherwise agreed in writing.

7.2 Encryption

• Data in transit is encrypted using TLS 1.2 or higher.
• Data at rest is encrypted using AES-256 or equivalent standards.
• Encryption keys are managed using industry-standard key management practices.

7.3 Access Controls

• Access to Customer Data within Cimpleit's infrastructure is restricted to personnel who require it to perform their job functions.
• Production access requires multi-factor authentication and is logged.
• Role-based access controls within the platforms allow your administrators to control which users can view, edit, or export data.

7.4 No Data Sold

7.5 Incident Response

We maintain an incident response program. In the event of a data security incident that affects your Customer Data, we will notify you in accordance with applicable law and the terms of our agreement with you.

Data Retention and Deletion

We retain Customer Data for as long as your account is active, plus any additional period required to fulfill our legal obligations or resolve disputes.

Upon termination of your subscription:

• You will have a reasonable period (as specified in your agreement, typically 30 to 60 days) to export your Customer Data.
• After that export window, we will delete or irreversibly anonymize your Customer Data from our production systems.
• Backup copies are purged on a rolling schedule consistent with our backup retention policy.

You may request deletion of specific records or user accounts at any time by contacting info@cimpleit.com. We will fulfill such requests in accordance with our contractual obligations and applicable law. Note that some records may need to be retained for a defined period to satisfy audit, tax, or legal requirements.

Third-Party Services and Subprocessors

We engage third-party service providers (subprocessors) to help us deliver and operate our services. These providers process Customer Data only on our instructions and are contractually bound to confidentiality and data protection obligations consistent with this policy.

Categories of subprocessors we use include:

• Cloud infrastructure providers (hosting, storage, and compute)
• Database and data warehouse services
• Identity and authentication providers
• Customer support and ticketing systems
• Security monitoring and logging services

We do not permit subprocessors to use Customer Data for their own purposes. We will maintain a current list of subprocessors and make it available upon request. We will notify you of any material changes to our subprocessor relationships in accordance with our agreement with you.

GDPR and CCPA Considerations

10.1 Our Primary Customer Base

Cimpleit's customers are primarily U.S.-based enterprises. The data we process is primarily commercial and financial business data, not personal data in the consumer sense. However, some Customer Data (such as named individuals in contracts, user account information, or contact data in transaction records) may constitute personal data under applicable law.

10.2 GDPR (EU and UK Users)

If you are a customer subject to the General Data Protection Regulation (GDPR) or its UK equivalent (UK GDPR), Cimpleit acts as a data processor with respect to any personal data you upload or transmit through our platforms. You remain the data controller for that data.

As a processor, we:

• Process personal data only on your documented instructions
• Will enter into a Data Processing Agreement (DPA) with you upon request
• Maintain appropriate technical and organizational security measures
• Assist you in fulfilling data subject rights requests to the extent technically feasible
• Notify you of personal data breaches without undue delay

To request a DPA or ask questions about GDPR compliance, contact info@cimpleit.com.

10.3 CCPA (California Residents)

If you are a California resident or if your employees using our platform are California residents, the California Consumer Privacy Act (CCPA) may apply.

Cimpleit does not sell personal information as defined under the CCPA. We process personal information only as a service provider on your behalf. California residents interacting with our platforms through their employer's account should direct privacy rights requests to their employer, who is the business responsible for that data under the CCPA framework.

For any direct inquiries, contact info@cimpleit.com.

Cookie and Tracking Policy

Our platforms use a minimal set of cookies and tracking technologies, limited to what is necessary to operate the service securely and effectively.

• Session cookies. Used to maintain authenticated sessions within the platform. These are temporary and expire when you close your browser or log out.
• Security cookies. Used to detect and prevent fraud and unauthorized access.
• Preference cookies. Used to remember user settings (such as display preferences) within the platform.
• Analytics. We may use limited analytics to understand how our platform is used in aggregate, to improve the product. This data is not used for advertising. Where third-party analytics tools are used, they are configured to minimize data collection and are covered by our subprocessor agreements.

How We Notify You of Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or industry practices. When we do:

• We will post the updated policy on our website and within the platform with a revised effective date.
• For material changes — changes that meaningfully affect how we collect, use, or share your data — we will notify you by email to the address on file for your account at least 30 days before the change takes effect.
• For non-material updates (such as clarifications of existing practices or minor corrections), we may update the policy without advance notice, though we will always display the updated effective date.

Your continued use of our services after a policy change takes effect constitutes your acknowledgment of the updated policy. If you have concerns about a change, please contact us at info@cimpleit.com before the change takes effect.

Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or how we handle your data, please contact us:

This Privacy Policy is effective as of January 25, 2026 and supersedes all prior versions.