Frequently Asked Questions

Simpli-Fi Automation, Inc. (“Simpli-Fi,” “we,” “our,” or “us”) is committed to protecting the privacy, confidentiality, integrity, and availability of personal, financial, and sensitive data entrusted to us. This Data Privacy Policy describes how we collect, use, protect, and manage information in accordance with industry best practices, payment processing requirements, and U.S. government and military contracting standards, including NIST and CMMC frameworks.

1. Scope

This policy applies to all customers, partners, vendors, government entities, and users of Simpli-Fi Automation products, platforms, websites, and services. It covers personal data, payment-related data, and controlled or sensitive information handled in commercial and government contracting contexts.

2. Information We Collect

We may collect personal identification information (name, business name, email address, phone number), billing and shipping information, technical usage data, and limited payment-related metadata. Simpli-Fi does not store full credit card numbers or sensitive authentication data.

3. Payment Processing (Stripe Compliance)

All payment transactions are processed through Stripe, a PCI-DSS Level 1 certified payment processor. Payment data is transmitted directly to Stripe using encrypted channels. Simpli-Fi receives only limited transaction metadata necessary for accounting and customer support purposes.

4. Use of Information

Information is used to process payments, deliver services, comply with legal and contractual obligations, maintain security, prevent fraud, and support audits and compliance reviews. Simpli-Fi does not sell personal or financial data.

5. Data Security Controls

Simpli-Fi implements administrative, technical, and physical safeguards aligned with NIST SP 800-53, NIST SP 800-171, and CMMC (Cybersecurity Maturity Model Certification) Level 2 practices, including:
- Encryption of data in transit and at rest where applicable
- Role-based access control and least-privilege principles
- Multi-factor authentication
- Continuous monitoring and vulnerability management
- Incident response and breach notification procedures

 

6. NIST and CMMC Compliance Statement

Simpli-Fi Automation supports compliance with applicable NIST cybersecurity frameworks and CMMC requirements for the protection of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI). Security controls are implemented proportionate to contractual requirements and risk assessments. Where required by contract, Simpli-Fi maintains documented security policies, access logs, and audit trails.

7. Data Retention

Data is retained only for as long as necessary to fulfill business, legal, accounting, and contractual requirements. Data associated with government or defense contracts is retained and disposed of in accordance with applicable federal regulations and contract terms.

8. Data Sharing

Information may be shared with authorized service providers, payment processors, or government authorities as required by law or contract. All third parties are subject to confidentiality and security obligations.

9. Individual Rights

Where applicable, individuals may request access, correction, or deletion of personal data, subject to legal and contractual limitations. Requests may be submitted to support@simplifiautomation.com.

10. Policy Updates

This policy may be updated periodically. Material changes will be reflected by an updated effective date.