SimUserAI

Privacy Policy

Last updated: March 2026

SimUser AI LLC ("SimUser AI", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Data We Collect

We collect information you provide directly to us, including your name, email address, company name, and team size when you sign up for our waitlist or create an account. When you use our service, we collect your application URLs and credentials (encrypted with AES-256), screenshots and video recordings of AI persona sessions, experience reports and quality scores generated by our AI, and usage metrics to improve our service.

2. How We Use Your Data

We use collected data to provide and improve our AI persona testing service, generate experience reports, NPS scores, and quality grades for your applications, communicate with you about service updates and new features, and ensure the security and integrity of our platform. We never use your application data, screenshots, or test results to train AI models.

3. Data Protection

We implement industry-standard security measures including AES-256 encryption at rest via AWS Secrets Manager, TLS 1.3 encryption in transit for all data, per-tenant data isolation with dedicated encryption keys, automatic PII detection and masking in screenshots before LLM processing, and AWS PrivateLink for private connectivity to AI model endpoints.

4. Data Retention

We retain your data for a default period of 30 days, with customizable retention policies available for all plans. You can request shorter retention periods or immediate deletion at any time. Credential data is automatically purged when you disconnect an application.

5. Third-Party Services

We use AWS (Amazon Web Services) for infrastructure, including AWS Bedrock for AI model inference. AWS Bedrock ensures that AI model providers (including Anthropic) have zero access to your prompts and completions, in compliance with ISO/IEC 42001 certification. We do not sell, trade, or otherwise transfer your data to third parties for marketing purposes.

6. Your Rights

You have the right to access, correct, or delete your personal data, request a copy of your data in a portable format, opt out of non-essential communications, and request information about how your data is processed. For LGPD (Brazil): data subject requests are processed within 15 days, with breach notification within 72 hours.

7. Cookies & Tracking

We use essential cookies to maintain your session and preferences. We do not use third-party tracking cookies or advertising pixels. Analytics data is collected in aggregate and cannot be used to identify individual users.

8. Children's Privacy

Our service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the 'Last updated' date.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at privacy@simuser.ai.