Private preview is open to a few more founding customers.Apply
Legal · Privacy

Privacy
Policy.

How Sempleo collects, uses, and protects personal data — for the website, the monthly brief, and the Sempleo product. Written to be readable, not just compliant.

This Privacy Policy explains how Sempleo ApS(“Sempleo,” “we,” “us”) processes personal data when you visit sempleo.ai, request a demo, subscribe to our newsletter, or use the Sempleo product. It is written to be readable and to comply with the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act.

1. Who we are

Sempleo ApS is a Danish limited company (anpartsselskab) with registered office at Pakhusgarden 42-48, 5000 Odense C, Denmark. We are the data controller for personal data processed through our website and for account, billing, and support data of customers who use the Sempleo product. For personal data our customers upload or reference when using the product, our customer is the controller and we act as processor under a separate Data Processing Agreement (see /dpa).

Contact for privacy matters: privacy@sempleo.ai.

2. Data we collect and why

We only collect what we need for the purposes set out below. The categories differ depending on how you interact with us.

2.1 When you visit the website

We collect minimal technical data necessary to serve the site and protect it from abuse: IP address, user agent, requested URL, referrer, and response status. For aggregated visitor analytics on the marketing site we use Umami Cloud (EU region), a cookieless, privacy-preserving analytics tool that does not set tracking cookies, does not store personal identifiers, and does not track you across sites. We do not use advertising cookies or cross-site trackers. Legal basis: legitimate interest (GDPR Article 6(1)(f)) in operating, securing, and understanding usage of our website.

2.2 When you request a demo or apply as a founding customer

We collect the information you submit — typically your name, work email, company, role, and any message you include — together with the submission timestamp and the source page. We use this to reply to you, qualify the request, and schedule a conversation. Legal basis: pre-contractual measures at your request (Article 6(1)(b)) and legitimate interest in running our sales process (Article 6(1)(f)).

2.3 When you subscribe to the monthly brief

We collect your email address and the source of the subscription. We use it solely to send the monthly newsletter. You can unsubscribe at any time using the link in every email. Legal basis: your consent (Article 6(1)(a)), which you may withdraw at any time without affecting the lawfulness of prior processing.

2.4 When you use the Sempleo product

As a customer, we process:

  • Account and billing data— name, work email, role, company, billing address, and tax information. Legal basis: contract (Article 6(1)(b)) and legal obligation (Article 6(1)(c)) for accounting records.
  • Usage and audit data— timestamps, user IDs, agent runs, context edits, and system events that produce the audit log. Legal basis: contract (Article 6(1)(b)) and legitimate interest in platform integrity and security (Article 6(1)(f)).
  • Customer workspace data— the five-layer context your team curates (company, team, client, project, user), any files referenced or uploaded, and any personal data contained in them. We process this as your processor on your documented instructions under the DPA.

3. Who we share data with

We share personal data only with vendors we rely on to run the service, and only to the extent necessary for each vendor’s role. Each is bound by a written agreement and, where applicable, the EU Standard Contractual Clauses. Our current sub-processors for the product are listed in the DPA, Annex B.

For the website and marketing operations we rely on:

  • Resend— transactional and newsletter email delivery.
  • Our hosting provider— for website, database, and file storage in the EU.

We do not sell personal data. We do not share personal data with advertisers. We disclose data to public authorities only when legally required and after reviewing the request for validity.

4. International transfers

We store personal data in the European Union by default. Where a sub-processor operates outside the EU/EEA, we rely on the European Commission’s Standard Contractual Clauses and, where relevant, supplementary measures such as encryption in transit and at rest. A current list of sub-processors and their locations is maintained in the DPA.

5. How long we keep data

  • Website logs: up to 30 days for security diagnostics, then deleted or aggregated.
  • Demo and founding-customer requests: up to 24 months from last contact, then deleted unless you become a customer.
  • Newsletter subscribers: until you unsubscribe, plus a short suppression record so we do not email you again.
  • Customer account and billing records: for the term of your contract plus five years thereafter to meet Danish bookkeeping requirements.
  • Customer workspace data: retained per your instructions under the DPA and deleted or returned on termination.

6. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have data erased where we no longer have a lawful basis to keep it;
  • restrict or object to specific processing activities;
  • receive a copy of the data you provided in a portable format;
  • withdraw any consent you have given, at any time; and
  • lodge a complaint with the Danish Data Protection Agency (Datatilsynet, datatilsynet.dk) or your local EU supervisory authority.

To exercise any of these rights, email privacy@sempleo.ai. We respond within 30 days.

7. Security

We apply technical and organisational measures appropriate to the risk, including encryption in transit and at rest, scoped access controls, audit logging of administrative actions, vendor due diligence, and regular backups. A summary of the measures we apply to customer workspace data is set out in the DPA. No system is perfectly secure; if we become aware of a personal data breach that poses risk to you, we will notify you without undue delay as required by the GDPR.

8. Cookies and tracking

We use a small number of strictly necessary cookies for session handling on the Sempleo product, and for CSRF protection on forms. For marketing-site analytics we use Umami Cloud (EU region) in cookieless mode — it does not set cookies, does not use device fingerprinting, and does not track visitors across sites. We do not use advertising, targeting, or cross-site tracking cookies, and we do not load third-party pixels.

9. Children

Sempleo is a business-to-business product intended for use by employees of companies. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have inadvertently done so, contact us and we will delete the data.

10. Changes to this policy

We update this policy as our practices evolve. Material changes are announced on this page with a revised “last updated” date; where a change substantively affects how we process your data, we will notify you directly where we have your email.

11. Contact and complaints

Sempleo ApS · Pakhusgarden 42-48, 5000 Odense C, Denmark · privacy@sempleo.ai.

If you are not satisfied with our response, you may lodge a complaint with Datatilsynet at Carl Jacobsens Vej 35, 2500 Valby, Denmark — datatilsynet.dk.

Last updated: 23 April 2026

Shape the team-context
layer with us.

We're onboarding a small cohort of founding customers to deploy Sempleo on real workflows. A 45-minute call with the founder — you leave with a plan; we leave with the shape of how your team actually works.

Apply as a founding customerRead the thesis