Privacy Policy

Last updated: 23 June 2026 · Version 1.0

At Content Simplify, your privacy is not a checkbox — it is a design principle. This policy explains exactly what data we collect, why we collect it, and what you can do about it.

1. Who We Are

Content Simplify is a digital products and content business operated from Kathmandu, Nepal. We build marketing analytics tools for SMEs, solopreneurs, and marketers globally under the Analytics Forge Simplified brand.

2. Data We Collect

We collect only what is necessary. Here is every category of data we process:

Data type How collected Why Retention
Name, email address, message Contact form Respond to your enquiry 24 months
Page views, referrer URL, browser type, device type, country Umami Analytics (cookieless) Understand which content helps people 24 months, aggregated
Purchase data (name, email, product purchased) Creem (payment processor — Merchant of Record) Order fulfilment, tax compliance 7 years (legal obligation)

We do not collect: IP addresses (Umami does not store them), passwords, payment card numbers (handled entirely by Creem), biometric data, or any sensitive personal data.

3. Legal Basis for Processing (GDPR)

For EU/EEA visitors, every processing activity has a lawful basis under GDPR Article 6:

  • Contact enquiries — legitimate interests (responding to a request you initiated)
  • Analytics — legitimate interests (privacy-safe, cookieless; no consent required)
  • Purchase data — contract performance + legal obligation (tax)

We do not process any data on the basis of consent, because our analytics are cookieless and we do not conduct email marketing without explicit opt-in.

4. Cookies and Tracking

We do not use cookies, tracking pixels, or browser fingerprinting on contentsimplify.com. Our primary analytics tool (Umami) is cookieless by design — it does not set any cookies, does not collect personally identifiable information, and does not track users across websites.

We also use Google Analytics 4 in cookieless mode. Consent Mode v2 is configured with all four signals (analytics_storage, ad_storage, ad_user_data, ad_personalization) denied by default for all visitors globally. In this mode, GA4 does not set _ga cookies, does not collect personally identifiable data, and sends only anonymous aggregate measurement pings to Google for traffic modeling.

You will not see a cookie consent banner on this site because none is legally required — no cookies are set and no personal data is collected through our analytics tools.

We do not embed third-party content (YouTube videos, social share buttons, advertising widgets) that would set cookies on your device.

5. Analytics in Detail

We use Umami Analytics (cloud.umami.is, hosted by Umami Software Inc.) to understand how people use this website.

  • What Umami collects: page URL, referrer, browser name, device type, operating system, country (derived from an anonymised IP address — the IP itself is not stored)
  • What Umami does not collect: personal identifiers, cross-site tracking data, session recordings, or any data that would identify you as an individual
  • GDPR status: no personal data collected; no consent banner required

Umami's privacy policy is available at umami.is/privacy.

We also use Google Analytics 4 (analytics.google.com, operated by Google LLC) in cookieless mode:

  • Mode: Cookieless — Consent Mode v2 with analytics_storage denied globally
  • What GA4 collects in this mode: anonymous aggregate pings (page URL, event type — no user identifiers, no IP addresses stored, no cookies set)
  • What GA4 does not collect: personal identifiers, cross-site user data, _ga cookies, or any data that would identify you as an individual
  • GDPR status: no personal data collected; no consent banner required

Google's privacy policy is available at policies.google.com/privacy.

6. AI Tools and Disclosure (EU AI Act 2026)

Our Analytics Forge Simplified bundles include AI prompt libraries — pre-written prompts authored and curated by humans, designed to work with third-party AI tools such as Google Gemini, Claude, and ChatGPT.

We use AI assistance in content creation (blog posts, product documentation). No customer data is shared with or used to train any AI model.

Under the EU AI Act, our use of AI tools is classified as limited-risk (general-purpose AI assistance for content creation). We do not deploy high-risk or unacceptable-risk AI systems as defined by the Act, and we do not make automated decisions that affect you.

When you use AI prompts from our products with a third-party AI tool, you are the operator of that tool — not Content Simplify. That tool's own privacy policy governs how it processes your data.

7. Third-Party Services

We share data with third parties only where necessary to provide our service:

Service Purpose Data shared Privacy policy
Creem.io Payment processing (Merchant of Record) Name, email, purchase amount creem.io/privacy
Umami Analytics Website analytics (cookieless) Anonymised usage data only umami.is/privacy
Google Analytics 4 Aggregate traffic modeling (cookieless mode — consent denied by default) Anonymous aggregate pings only — no cookies, no PII policies.google.com/privacy
Google Tag Manager Tag container for future Google Ads (no tags currently active) None (no active tags) policies.google.com/privacy
GitHub / cPanel Site hosting and deployment (infrastructure only) None github.com/privacy

We do not sell, rent, or share personal data with advertisers, data brokers, or any party not listed above.

8. International Data Transfers

Content Simplify operates from Nepal. Data submitted through our contact form is processed in Nepal. Payment data is processed by Creem, an EU-based entity subject to GDPR. Umami's cloud analytics instance is hosted in the EU.

For EU/EEA users: Creem processes data under GDPR with appropriate safeguards. The only personal data transferred to Nepal is contact form enquiries that you voluntarily submit directly to us. Nepal is not an EU adequacy country; for transfers requiring safeguards, we rely on standard contractual clauses or the nature of the direct contact relationship.

9. Your Rights

GDPR Rights (EU/EEA residents)

  • Access: request a copy of personal data we hold about you
  • Rectification: correct inaccurate or incomplete data
  • Erasure: request deletion of your personal data ("right to be forgotten")
  • Restriction: request that we limit processing of your data
  • Portability: receive your personal data in a machine-readable format
  • Objection: object to processing based on legitimate interests
  • No automated decisions: we make no automated decisions about you; this right is not currently triggered but is acknowledged

CCPA Rights (California residents)

  • Right to know: what personal information we collect and how we use it (see §2 and §7)
  • Right to delete: request deletion of personal information we have collected
  • Right to opt-out of sale: we do not sell personal information — no opt-out mechanism is needed
  • Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights

How to Exercise Your Rights

Email contents@contentsimplify.com with "Privacy Request" in the subject line. We will respond within 30 days. We may ask you to verify your identity before acting on your request.

Complaints

  • EU/EEA: if you believe we are processing your data unlawfully, you may lodge a complaint with your national Data Protection Authority
  • Nepal: you may contact the Department of Information Technology under the Electronic Transaction Act 2063

10. Children's Privacy

This website is not directed at children. We do not knowingly collect personal data from anyone under 13 years old (US COPPA) or under 16 years old (EU GDPR Article 8). If you believe a minor has submitted personal data to us, please contact contents@contentsimplify.com and we will delete it promptly.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

  • SSL/TLS encryption on all data in transit
  • Contact form processed via server-side mailer (no data stored on-server after delivery)
  • No payment card data stored by us — Creem handles all payment security as a PCI-DSS compliant Merchant of Record
  • No sensitive personal data collected beyond what is described in this policy

No system is perfectly secure. If you believe there has been a security incident affecting your data, contact us immediately at contents@contentsimplify.com.

12. Data Retention Schedule

Data Retention period Reason
Contact form submissions 24 months from submission Reasonable business record period
Analytics data (aggregated, anonymised) 24 months Product and content improvement
Purchase records 7 years from purchase date Tax and legal compliance (Nepal Companies Act 2063)

After retention periods expire, data is deleted or permanently anonymised.

13. Updates to This Policy

We will update this policy when our practices change. The "Last updated" date at the top of this page reflects the most recent revision. For material changes, we will post a notice on the website before the change takes effect. Continued use of the site after an updated policy is posted constitutes acceptance of the new terms.

14. Contact

For all privacy enquiries, rights requests, or complaints:

Common Questions

Does Content Simplify use cookies?
No. We use two analytics tools, both cookieless. Umami Analytics does not set any cookies. Google Analytics 4 runs in cookieless mode — consent is denied by default globally, so GA4 never sets _ga cookies or collects personally identifiable data. You will not see a cookie consent banner because none is required.
Does Content Simplify sell personal data?
No. Content Simplify does not sell, rent, or share personal data with advertisers or data brokers. The only third parties we share data with are our payment processor (Creem), our cookieless analytics tools (Umami and Google Analytics 4 in denied mode), and our hosting infrastructure — all listed in this Privacy Policy.
What personal data does Content Simplify collect?
We collect name, email address, and message when you use our contact form. Our analytics tool collects anonymised usage data (page views, browser type, country — no personal identifiers). Payment data is handled directly by Creem, our payment processor.
How can I delete my data?
Email contents@contentsimplify.com with 'Privacy Request' in the subject line. We will respond within 30 days and delete your data from our systems, except where retention is required by law (for example, purchase records for tax compliance).
Is Content Simplify GDPR compliant?
Yes. We process EU/EEA personal data under GDPR lawful bases: legitimate interest for contact enquiries and analytics; contract performance for purchases. Our analytics are cookieless so no consent banner is needed. You have full GDPR rights exercisable at contents@contentsimplify.com.