Privacy Policy

Last updated: June 26, 2026

1. General provisions

1.1. This Privacy Policy describes how simdrop collects, processes, shares, and secures Personal Data tied to Customers (“Users”).

1.2. Continuing to browse, authenticate, integrate via API, or otherwise obtain services signifies acceptance absent mandatory opt-out regimes.

1.3. Controller: SHERLOCK ANALYTICS LTD (UK company 16152550), Suite 9545, 61 Bridge Street, Kington, United Kingdom, HR5 3DJ.

1.4. Undefined capitalized phrases align where possible with Terms of Use definitions.

2. Categories of data

2.1. Account/contact fields: emails, Telegram handles when voluntarily linked, support ticket contents.

2.2. Device/network telemetry:

IP addresses plus coarse geo-derived risk signals;
browser fingerprints (user agent strings), hardware class data provided by endpoints;
session tokens, authentication cookies/similar trackers.

2.3. Operational logs: API/web traffic metadata, provisioning events, SKU outcomes, antifraud breadcrumbs — sized to lawful necessity;

2.4. Payment metadata such as PSP references/receipt statuses while card/bank payloads remain at processors;

2.5. API credentials issuance plus usage trails per security dashboards.

3. No promise of anonymity

3.1. We never market “full anonymity”; operators must retain attributable signals for lawful operations, AML/compliance overlays, contractual enforcement, investigations.

3.2. Lawful disclosures to regulators, processors, plaintiffs, courts may occur when warranted.

4. Lawful bases and purposes

4.1. Legal bases encompass contract fulfillment, legitimate interests (security/product integrity/antifraud), consent where regimes demand it distinctively, statutory duties.

4.2. Purposes encompass service delivery/support, invoicing settlements, safeguarding infrastructure, policing Terms/AUP thresholds, cooperating with PSP risk teams, iterating analytics minimally necessary, enabling rate limits & automated risk modeling.

4.3. Nothing herein authorizes circumventing downstream platform bans—see Acceptable Use Policy.

5. Sharing and processors

5.1. We engage subprocessors spanning hosting, CDN, observability tooling, transactional email/push gateways, PSD2-style acquirers, fraud scoring vendors contingent on SKU.

5.2. Cross-border transfers rely on SCCs, adequacy decisions, or equivalents when EU/UK/CH export rules arise.

5.3. Governments receive data only pursuant to lawful, documented process.

6. Retention

6.1. Financial ledgers/long-lived security logs obey multi-year horizons when statute demands;

6.2. Ephemeral infra logs purge on rolling schedules absent hold orders;

6.3. Deleted accounts might retain fingerprints blocking evasion/abuse recurrence or satisfying litigation freezes.

7. Cookies

7.1. Deployment covers auth persistence, UX preferences, instrumentation for reliability — manage via browser controls or CMP surfaces when presented.

7.2. Strictly necessary cookies persist even if auxiliary categories decline; degraded UX may ensue.

8. Security safeguards

8.1. Layered defenses: ACLs on production datasets, TLS in transit where applicable, alerting on anomalies, vendor due diligence;

8.2. Absolute immunity from breaches is impossible—notify us ASAP when you suspect unauthorized account access.

9. Individual rights

9.1. Depending on jurisdiction invoke access/rectification/erasure/restriction/object/export—email threads begin via Telegram @simdrop_support with subject line “Privacy Rights”.

9.2. Identity corroboration may precede sensitive exports; exclusions exist for privileged investigations/defense doctrines.

10. Complaints routing

10.1. Security/abuse escalation pipeline references Abuse Policy for scope;

10.2. Privacy/abuse/general front door: Telegram @simdrop_support. We endeavor to acknowledge within commercially reasonable horizons and may solicit clarifiers;

10.3. Responses may entail technical remediation, clarification memos, or account-level enforcement when misconduct surfaces.

11. Updates

11.1. Revised policies post to the legal portal;

11.2. Mandatory notifications abide local consumer-protection ordinances;

11.3. Continuing use following material alterations may signify assent absent required opt-ins.