Privacy
Privacy Policy
Last updated: 5 June 2026
This policy explains how SimpleRemote / Avakiam processes personal data in connection with SimpleRemote. You can contact us through the form on the SimpleRemote website.
1. Controller
The data controller is the provider operating SimpleRemote. Customers using SimpleRemote to access devices or support users may act as independent controllers for their own users, employees or customers.
2. Data We Process
We may process company name, billing details, tax ID, admin name and email, user emails, OTP login events, organisation and subscription status, device identifiers, device names where provided, technical logs, IP addresses, security events, payment identifiers and support communications. Payment card data is processed by Stripe and is not stored by us.
3. Remote Session Content
SimpleRemote is designed so screen frames, input, clipboard and file transfer traffic travel directly between peers where technically possible and are not intentionally relayed or stored by our server. Users remain responsible for the data they access, display, transfer or copy during sessions.
4. Purposes and Legal Bases
We process data to provide the service, manage subscriptions and billing, authenticate users, prevent abuse, maintain security, provide support, comply with tax and accounting obligations, and improve reliability. Legal bases include performance of a contract, legitimate interest in security and service operation, legal obligations, and consent where required.
5. Processors and Recipients
We use service providers such as hosting/infrastructure providers, PostgreSQL database hosting, EmailJS for contact-form delivery, Google reCAPTCHA for human verification, Cloudflare Turnstile for checkout verification and Stripe for payment processing. Data may be disclosed to authorities where legally required.
6. International Transfers
Some providers may process data outside the European Economic Area. Where this occurs, transfers should rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses or equivalent mechanisms under GDPR.
7. Retention
Account and subscription data is kept while the account is active and for the limitation periods required for contractual, tax, security and legal purposes. Billing records may be retained for statutory accounting periods. Security logs are retained only as long as reasonably necessary for security and diagnostics.
8. Security
We apply technical and organisational measures including OTP login, subscription-based access control, encrypted transport where applicable, access limitation and operational monitoring. No system is completely risk-free; customers must maintain their own endpoint, password and user-management security.
9. Your Rights
Under GDPR and Spanish data protection law, you may request access, rectification, erasure, restriction, portability and objection where applicable. You may also lodge a complaint with the Spanish Data Protection Agency (AEPD). Use the website contact form to exercise your rights.
10. Cookies and Similar Technologies
The marketing site is designed to be minimal. Local storage may be used to remember language preference and checkout session state. Google reCAPTCHA, Stripe and Cloudflare may use cookies or similar technologies necessary for human verification, payment and security. EmailJS processes the contact-form data required to deliver the message.
11. Changes
We may update this Privacy Policy to reflect legal, technical or service changes. The updated version will be published on this page.
Plain language notes
How this page applies to SimpleRemote users
This section expands Privacy Policy with a practical explanation for customers and users evaluating SimpleRemote. The clauses above remain the legal reference; these notes help explain how they apply in daily use of remote control software.
In remote access, clarity matters because a session can show a screen, move files or allow actions on a Windows computer. The user or company using the service must therefore be authorized to connect and should inform employees, customers or third parties when required.
The SimpleRemote workflow separates authentication, subscription, device registration and remote-session signaling. That separation helps the service manage users and permissions without intentionally turning the server into a store for session content.
When a company adds users, it also takes responsibility for keeping the list current. If someone changes role, leaves the organization or no longer needs access, an administrator should remove permissions and review saved devices.
Billing and the business plan are intended for recurring professional use. Personal or light use can start without checkout, but continued commercial use, address-book management and team administration justify an active subscription.
External services such as Stripe, EmailJS, Cloudflare or Google reCAPTCHA are used for specific functions: payments, forms, human verification and security. Each provider may process the technical data needed to deliver that function.
Customers should also maintain their own controls: protect the email account receiving OTP messages, use strong endpoint passwords, avoid sharing credentials, review who has access to the company device book and document when a remote connection is allowed.
If an organization has internal, regulatory or sector-specific requirements, it should review these pages alongside its own policies. SimpleRemote provides tools to connect and manage access, but the customer remains responsible for the systems and data it chooses to display, copy or transfer during a session.
In practice, the customer controls the context of each session. SimpleRemote provides the technical tool, but it does not decide which computer is opened, which documents are visible or which file is transferred. That difference matters for privacy, security and internal compliance.
Technical logs may be necessary to diagnose errors, prevent abuse, review authentication or maintain availability. They should be understood as operational data, not as a complete recording of work performed on the remote computer.
Data minimization remains a good practice. Administrators should save only necessary devices, invite only users who genuinely need access and remove permissions when they no longer add value.
If a security incident occurs, the company should review users, devices, access email accounts, recent sessions and any shared credential. Contacting support can help, but the first internal response should protect affected computers.
Cancelling a subscription can affect business functions such as users, administration or managed access. Before cancelling, review which processes depend on those functions and communicate the change to people using the tool.
Data retention should be understood together with tax, contractual and security obligations. Some records may remain for legal periods even after an account is no longer active, especially when they relate to billing or abuse prevention.
These pages should be reviewed when the product, external providers, payment flow or applicable legal requirements change. Keeping them current helps users and search engines find a coherent explanation of the service.
For business customers, these pages also work as a reference point during rollout. Before inviting users, confirm who accepts the terms, who manages the subscription, who receives communications and who may make decisions about shared devices.
In an environment with employees or end customers, transparency should be part of the procedure. A short notice before starting support, an explanation of what will be done and a confirmation when the session ends can prevent misunderstandings and reinforce trust.
Using human-verification or payment tools does not mean all data passes through all providers. Each integration has a specific purpose. That is why the pages mention payments, forms, security and verification as separate categories.
When a customer acts as controller for its own users, it should combine SimpleRemote features with its internal obligations. That may include legal basis, employee notices, access records, support policies and rules for transferring files.
If a legal page is updated, the visible date helps readers understand which version is published. Keeping clear content, frequently asked questions and structured schema improves comprehension for people, search engines and systems that summarize web information.
This also gives future reviewers a stable place to check product, privacy and billing explanations before publishing changes.
Frequently asked questions
Do these notes replace the legal terms?
No. They help explain practical use of SimpleRemote, but the legal clauses on this page remain the primary reference.
Who may start a remote session?
Only people authorized by the owner, administrator or legitimate user of the computer. Unauthorized access is not allowed.
Does SimpleRemote store screen content?
The service is designed so screen frames, input, clipboard and files travel between devices where possible and are not intentionally stored on the server.
What should a company review when adding users?
It should review roles, permissions, saved devices, access email accounts, employee departures and any internal policy that applies.
Which external providers are involved?
Payment, form, human-verification, infrastructure and security providers may be involved, each for the function required.
When should someone contact SimpleRemote?
Contact SimpleRemote for support, billing, privacy, subscription or business-use questions that are not clear from the page.
