Privacy Policy

1. Controller and Contact Information

The controller within the meaning of Art. 4(7) of the General Data Protection Regulation (GDPR) is:

IT and More Systems
Sascha Dämgen
Am Neumarkt 22
45663 Recklinghausen
Germany / EU

Email: privacy@simplego.dev
Website: simplego.dev

We have not appointed a Data Protection Officer (DPO), as we are not required to do so under Art. 37 GDPR in conjunction with § 38 BDSG. Our business regularly employs fewer than 20 persons involved in automated processing of personal data.

2. Scope of This Privacy Policy

This Privacy Policy covers the processing of personal data in connection with the operation of SimpleGo's public SMP (SimpleX Messaging Protocol) relay servers, accessible via both clearnet (TLS) and Tor onion v3 (.onion) endpoints.

This Privacy Policy also covers the processing of personal data when visiting the simplego.dev website (see Section 13).

This Privacy Policy does not cover third-party SMP relay servers, the SimpleX Chat application, other SimpleX Protocol client implementations, or any other third-party services. Users should review the privacy policies of the specific client software and relay servers they use.

3. Fundamental Design Principle: Privacy by Architecture

SimpleGo's SMP relay servers implement the principle of data protection by design and by default (Art. 25 GDPR) at the deepest possible level: the protocol architecture itself. Unlike most services that minimize data collection through policy, our servers are structurally incapable of collecting most categories of personal data.

3.1 The SimpleX Protocol collects no identity

The SimpleX Messaging Protocol does not use persistent user identifiers of any kind. There are no usernames, phone numbers, email addresses, device identifiers, or public keys used as identity. Each message queue is identified by a randomly generated, single-use cryptographic key pair that cannot be linked to any person.

3.2 The SimpleX Protocol prevents traffic analysis

Communication occurs through pairs of unidirectional message queues. A single server never sees both sides of a conversation. All messages are padded to a fixed 16 KB block size, preventing length-based traffic analysis. Queue identifiers are random and cannot be correlated across servers.

3.3 End-to-end encryption prevents content access

All messages are encrypted with multiple layers of end-to-end encryption before reaching our servers. The SimpleX Protocol implements up to seven cryptographic layers per message. Encryption keys are generated and stored exclusively on users' devices. Our servers process messages at the transport layer only and never possess decryption keys. This is an immutable architectural property, not a reversible policy decision.

3.4 Practical implications

This means we cannot: identify any user, read any message, determine who is communicating with whom, count unique users, build user profiles, track usage patterns, target advertisements (we do not display advertisements), sell user data (we have no user data), or respond to most law enforcement requests with useful information.

4. Data We Do Not Collect

For full transparency, the following is an explicit list of personal data categories that we do not collect, store, process, or have access to:

• Names (real names, usernames, display names, pseudonyms)
• Email addresses
• Phone numbers
• Physical addresses
• Date of birth or age
• Gender, ethnicity, or any demographic data
• Account credentials (no accounts exist)
• Payment or financial information (the service is free)
• Device identifiers, IMEI, IMSI, MAC addresses
• Browser fingerprints (SMP clients are not browsers)
• Location data, GPS coordinates
• Contact lists, address books
• Message content (encrypted; we have no keys)
• Communication metadata (who talks to whom, frequency, timing patterns)
• User behavior or usage analytics
• Cookies, tracking pixels, advertising identifiers

5. Data We Process

In the normal course of operating our SMP relay servers, we process the following categories of data. We distinguish between data that constitutes personal data under GDPR and data that does not.

5.1 Personal data: Connection IP addresses

Attribute	Detail
Data type	IPv4 or IPv6 address of connecting client
Personal data?	Yes, per CJEU C-582/14 (Breyer)
Purpose	Establishing and maintaining the TCP/IP connection; network security (abuse prevention)
Legal basis	Art. 6(1)(f) GDPR (legitimate interest)
Storage location	Server RAM only (volatile memory)
Written to disk?	No, by default. May be enabled for specific queues under valid court order (see Section 12)
Retention	Duration of active TCP connection only; lost on disconnect or server restart
Tor users	IP address is a Tor exit relay, not the user's real IP

5.2 Non-personal data: Encrypted message blobs

Attribute	Detail
Data type	Opaque, encrypted data packets (fixed 16 KB blocks)
Personal data?	No, from the operator's perspective (Recital 26 GDPR: no reasonable means of decryption)
Purpose	Temporary storage for asynchronous message delivery
Storage location	Server disk (encrypted at rest via full-disk encryption)
Retention	Until delivered and acknowledged, or 30 days maximum for undelivered messages

5.3 Non-personal data: Queue identifiers

Attribute	Detail
Data type	Random cryptographic identifiers (32-byte keys)
Personal data?	No (cannot be linked to any person by any reasonable means)
Purpose	Addressing message queues for delivery
Retention	Lifetime of the queue (deleted when queue is removed or expired)

5.4 Non-personal data: Protocol metadata

Attribute	Detail
Data type	SMP version, command types (SEND, SUB, ACK), queue parameters
Personal data?	No
Purpose	Protocol operation
Retention	Not stored beyond protocol processing

6. Legal Basis for Data Processing

We process the limited personal data described above based on the following legal grounds:

6.1 Legitimate interest (Art. 6(1)(f) GDPR)

The processing of connection IP addresses is necessary for our legitimate interest in operating communications infrastructure, specifically: establishing and maintaining TCP/IP connections (without which no communication is possible), protecting our infrastructure against abuse, denial-of-service attacks, and unauthorized access, and complying with our legal obligations as a telecommunications service provider under German law.

We have conducted a balancing test as required by Art. 6(1)(f) GDPR. The data processed is minimal (IP addresses only, in volatile memory only), the processing is technically necessary and cannot be avoided within the TCP/IP protocol, no profiling or tracking occurs, data is not shared with third parties (except under valid court order), and users have a reasonable expectation that their IP address will be processed during a network connection. We conclude that our legitimate interests are not overridden by the interests or fundamental rights of data subjects.

6.2 Legal obligation (Art. 6(1)(c) GDPR)

If ordered by a valid German court order to log IP addresses for specific queues, the legal basis for that specific processing shifts to Art. 6(1)(c) GDPR (compliance with a legal obligation to which the controller is subject), in conjunction with the relevant provision of German criminal procedure law (e.g., § 100a StPO).

7. Data Retention

7.1 IP addresses

Not stored to disk. Exist in volatile server memory only during active TCP connections. Lost immediately on disconnect or server restart. No historical IP data is retained.

7.2 Encrypted messages

Stored until successfully delivered and acknowledged by the recipient client. Undelivered messages are automatically purged after 30 days. We may adjust this retention period and will update this Privacy Policy accordingly.

7.3 Queue data

Queue identifiers and associated cryptographic keys exist for the lifetime of the queue. Queues are deleted when explicitly removed by the client, or automatically after an extended period of inactivity (currently 90 days without any message activity).

7.4 Court-ordered logging

If we are compelled by court order to log IP addresses for specific queues, the logged data is retained only for the duration specified in the court order. Upon expiration of the order, logged data is securely deleted.

8. Sub-Processors and Third Parties

8.1 VPS hosting provider

Our SMP relay servers are hosted on virtual private servers (VPS) provided by IONOS SE (Elgendorfer Str. 57, 56410 Montabaur, Germany). IONOS is a German company subject to GDPR. An Auftragsverarbeitungsvertrag (Data Processing Agreement) pursuant to Art. 28 GDPR is in place with IONOS.

IONOS, as the infrastructure provider, has theoretical access to the physical server hardware and network traffic at the data center level. However, all SMP message data is encrypted end-to-end by the users' clients before reaching our servers, and our servers further encrypt all stored data with full-disk encryption. IONOS does not process any SMP user data on our behalf and has no means to decrypt message content.

8.2 No other sub-processors

We do not use any other sub-processors, cloud services, analytics providers, CDN networks, or third-party services in connection with our SMP relay server operation. We do not share, sell, rent, or otherwise disclose personal data to any third party for their own purposes.

8.3 Domain registrar and DNS

Our domain (simplego.dev) is registered and DNS is provided by a commercial registrar. DNS queries for our server hostnames are processed by the DNS infrastructure, which may log query data according to their own privacy policies. This is outside our control and inherent to the DNS system. Users connecting via Tor .onion addresses bypass DNS entirely.

9. International Data Transfers

Our SMP relay servers are located exclusively in Germany (EU). No personal data is intentionally transferred to countries outside the European Economic Area (EEA).

We acknowledge that the nature of internet communications means that TCP/IP packets may transit through network infrastructure in various countries during transmission. This routing is determined by the internet's BGP routing infrastructure and is outside our control. However, the content of all messages is encrypted end-to-end, and the only personal data we process (IP addresses) remains on our servers in Germany.

If we ever expand our relay infrastructure to servers located outside the EEA, we will update this Privacy Policy and ensure appropriate safeguards (such as Standard Contractual Clauses under Art. 46(2)(c) GDPR) are in place before any transfer occurs.

10. Data Subject Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data. We explain each right and how it applies in our specific technical context.

10.1 Right of access (Art. 15 GDPR)

You have the right to request confirmation of whether we process personal data concerning you, and if so, to access that data. Due to our architecture, we cannot identify whether any specific person has used our service. If you contact us with your IP address and a specific time window, we may be able to confirm whether a connection from that IP existed (if the connection is still active in server memory). In most cases, we will have no data to provide.

10.2 Right to rectification (Art. 16 GDPR)

You have the right to request correction of inaccurate personal data. This right has no practical application, as we do not store modifiable personal data about users.

10.3 Right to erasure (Art. 17 GDPR)

You have the right to request deletion of your personal data. Transient IP address data in server memory cannot be selectively deleted but is automatically lost on disconnect. Encrypted messages in queues are deleted automatically upon delivery or after the retention period. If you wish to delete specific queues, this can be done through your SMP client software.

10.4 Right to restriction of processing (Art. 18 GDPR)

You have the right to request restriction of processing. Given the minimal and transient nature of our data processing, the practical effect of such a restriction would be equivalent to disconnecting from our server, which you can do at any time.

10.5 Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used format. We have no portable personal data to provide. Message data is encrypted with keys held exclusively by you and is already in your possession via your client application.

10.6 Right to object (Art. 21 GDPR)

You have the right to object to processing based on legitimate interest (Art. 6(1)(f)). If you object to the processing of your IP address during connection, we note that this processing is technically unavoidable for TCP/IP communication. The alternative is to not use the service or to connect via Tor, which prevents us from seeing your real IP address.

10.7 Art. 11 GDPR: Processing that does not require identification

Pursuant to Art. 11(1) GDPR, we are not obligated to maintain, acquire, or process additional information solely for the purpose of identifying data subjects. Our processing does not require identification, and we will not attempt to identify users solely to fulfill a data subject request. Under Art. 11(2) GDPR, if we cannot identify the data subject, we may be unable to comply with requests under Articles 15-20 GDPR, and we will inform the requesting person accordingly.

10.8 Exercising your rights

To exercise any of these rights, please contact us at privacy@simplego.dev. We will respond within 30 days as required by Art. 12(3) GDPR. We may request additional information to verify your identity, though in most cases, we will need to inform you that we hold no identifiable data about you.

11. Special Categories: Tor Onion Service Users

Users who connect to our SMP relay servers exclusively via Tor onion service (.onion) endpoints occupy a unique position under this Privacy Policy: we process no personal data whatsoever about these users.

The IP address visible to our server is that of a Tor circuit relay, not the user's real IP address. Since we do not store IP addresses to disk, there is no persistent data associated with these connections. The encrypted messages and queue identifiers are non-personal data (see Section 5.2 and 5.3).

For Tor onion service users, the GDPR effectively has minimal applicability to our processing, as we are not a controller of any personal data pertaining to those users.

12. Data Processing in Response to Legal Orders

German courts may order us to begin prospective IP address logging for specific, identified message queues under § 100a StPO or similar provisions. This section documents how we handle such orders from a data protection perspective.

12.1 Scope limitation

Court orders must specify the particular queues or endpoints to be monitored. We will not implement general, indiscriminate IP logging across all server connections. Any logging will be limited to the scope defined in the court order.

12.2 Legal basis

Processing under a court order is based on Art. 6(1)(c) GDPR (legal obligation). The court order constitutes the legal obligation under German procedural law.

12.3 Duration

Logging will be active only for the duration specified in the court order. Upon expiration, all logged data will be securely deleted and logging functionality will be deactivated.

12.4 Limitations

Even under a court order, we can only log the IP addresses of connections to specific queues. We cannot decrypt message content, identify users by any means other than IP address, or correlate queues with each other or with real-world identities.

12.5 Transparency

German law does not prohibit us from disclosing the existence of court orders. We document all received orders in our semi-annual Transparency Report, subject to any applicable procedural restrictions during ongoing investigations.

13. Website Data Processing (simplego.dev)

When you visit the simplego.dev website (as opposed to connecting to our SMP relay servers via an SMP client), the following data processing occurs:

13.1 Server access logs

Our web server may generate access logs containing your IP address, the requested URL, the HTTP referrer, your browser's User-Agent string, and a timestamp. These logs are used exclusively for technical troubleshooting and security purposes. Logs are automatically rotated and deleted after 7 days.

13.2 No cookies, no tracking, no analytics

The simplego.dev website does not set any cookies, does not use any analytics services (no Google Analytics, no Matomo, no tracking pixels), does not embed any third-party content that could track visitors (no social media buttons, no CDN-hosted fonts from tracking providers, no embedded videos), and does not use any fingerprinting or device identification technology.

We use Google Fonts loaded from fonts.googleapis.com and fonts.gstatic.com for typography. Google may process your IP address when serving font files. Google's privacy policy applies to this processing. If you wish to avoid this, you can block requests to these domains in your browser or use a privacy-focused browser extension.

13.3 Contact form and email

If you contact us via email, we process your email address and the content of your message for the purpose of responding to your inquiry. This processing is based on Art. 6(1)(f) GDPR (legitimate interest in business communication). We retain correspondence for as long as necessary to address the inquiry and for any applicable statutory retention period.

13.4 GitHub Pages / Hosting

The simplego.dev website is hosted on infrastructure where the hosting provider may process access logs according to their own privacy policy. This is standard web hosting infrastructure subject to our Data Processing Agreement.

14. Data Breach Notification

In the unlikely event of a personal data breach, we will comply with Art. 33 GDPR (notification to supervisory authority within 72 hours) and Art. 34 GDPR (notification to affected data subjects without undue delay, where required).

Given our minimal data processing, a data breach would most likely involve server access logs (website visitors' IP addresses) or, in the exceptional case of court-ordered logging, targeted IP address logs. Encrypted message content cannot constitute a personal data breach from our perspective, as we cannot associate it with any individual.

We will also publish information about any significant security incidents on our website and GitHub repository, consistent with our commitment to transparency.

15. Children's Privacy

Our SMP relay servers are neutral communications infrastructure without registration or age verification. We do not knowingly collect personal data from children under 16 years of age (the relevant threshold under Art. 8 GDPR as implemented by § 8 BDSG for Germany). Since we collect virtually no personal data from any user regardless of age, and we have no means of determining the age of any user, the practical risk to children's privacy from our data processing is negligible.

If a parent or guardian believes their child's privacy has been compromised through our service, they may contact us at privacy@simplego.dev. We will investigate and take appropriate action to the extent technically possible.

16. Data Protection Impact Assessment

We have evaluated whether a Data Protection Impact Assessment (DPIA) is required under Art. 35 GDPR. Based on the criteria established by the European Data Protection Board (EDPB WP248 Rev.01) and the DSK blacklist, a DPIA is typically required when two or more high-risk criteria are met.

Our processing meets at most one criterion (innovative technology). We process minimal personal data (IP addresses in volatile memory only), perform no profiling, no systematic monitoring, no large-scale processing of special categories, and no automated decision-making with legal effects. A formal DPIA is therefore not required.

Notwithstanding the above, we maintain internal documentation of our data processing analysis and risk assessment, consistent with the principle of accountability (Art. 5(2) GDPR).

17. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our data processing practices, legal requirements, or server infrastructure. Changes will be published at this URL with an updated effective date and version number.

The current and all previous versions of this Privacy Policy are maintained in the SimpleGo GitHub repository for full transparency and auditability.

We encourage users to review this Privacy Policy periodically.

18. Supervisory Authority and Complaints

If you believe our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR).

Our competent supervisory authority is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Postfach 20 04 44
40102 Düsseldorf, Germany
Phone: +49 211 38424-0
Email: poststelle@ldi.nrw.de
Website: www.ldi.nrw.de

We encourage you to contact us directly at privacy@simplego.dev before filing a complaint, so we can attempt to resolve your concern.