Last updated: 29.05.2026
This privacy policy explains how personal data is processed in connection with our website simsala.co, the purchase, and the use of the software Simsala Desktop.
Simsala Desktop is a local desktop software for visual AI workflows. The software uses local project folders ("vaults") on the user's device. Generations can be performed through external AI providers that users connect themselves, such as Replicate, fal.ai, or Runware.
Language version: These legal texts are provided in German and English. In the event of discrepancies, inconsistencies, or questions of interpretation between the German and English version, the German version shall prevail. The English version is provided for convenience only. German master version: datenschutz-de.html.
The controller within the meaning of the GDPR is:
David Herrmann
Nymphenburger Straße 139 RGB
80636 Munich
Germany
E-mail: info@simsala.co
Website: https://simsala.co
If applicable:
VAT ID: not available
Commercial register: not registered
No Data Protection Officer has been appointed.
We process personal data only to the extent necessary to provide our website, respond to inquiries, process purchases, manage licenses, provide Simsala Desktop, and fulfill legal obligations.
Depending on the processing activity, we rely in particular on the following legal bases:
We do not sell personal data.
Our website is hosted by STRATO.
Provider:
STRATO GmbH
Otto-Ostrowski-Strasse 7
10249 Berlin
Germany
When you access our website, technically required data is processed so that the website can be displayed and operated securely.
Purpose: technical provision of the website, system security, error analysis, and abuse prevention. Legal basis: Art. 6(1)(f) GDPR.
Server log data is generally stored only as long as necessary for security, error analysis, and abuse prevention. If no security incident exists, server logs are deleted or anonymized after a maximum of 30 days.
Our website does not use optional analytics, marketing, or tracking cookies. We use Umami for privacy-friendly reach measurement without setting cookies.
Technically necessary storage may be required by the browser, hosting, security functions, or the checkout process. If we use non-essential cookies, marketing pixels, or similar consent-based technologies in the future, we will request your consent in advance.
Legal basis for technically necessary storage is Art. 6(1)(f) GDPR. For consent-based processing, the legal basis is Art. 6(1)(a) GDPR.
We use Umami Cloud, a privacy-friendly web analytics service, to understand aggregate website usage and improve our content. The analytics script is loaded from https://cloud.umami.is/script.js.
Our Umami configuration is intentionally limited:
We process aggregated information such as page views, referrers, browser and device information, approximate location, and time of access. Legal basis is our legitimate interest in privacy-preserving website analytics and product communication pursuant to Art. 6(1)(f) GDPR.
If you contact us by e-mail, we process the data you provide (e.g., name, e-mail address, company, inquiry content, license information where relevant, and any technical information, screenshots, or logs submitted voluntarily).
Legal basis is Art. 6(1)(b) GDPR where your request is related to a contract or pre-contractual measures, otherwise Art. 6(1)(f) GDPR.
Support e-mails are generally stored for up to 24 months, unless legal retention duties or legitimate interests require longer storage.
We offer product updates by e-mail (e.g., release notes, new versions, new connectors, important product information, or offers).
When you sign up, we may process your e-mail address, optional name, signup timestamp, IP address at signup, consent proof, and unsubscribe status.
Legal basis is Art. 6(1)(a) GDPR. You can unsubscribe at any time via the link in the e-mail or by contacting us directly.
If you purchase a Simsala license, Polar Software, Inc. may process the purchase as Merchant of Record.
Polar Software, Inc. acts as Merchant of Record for the purchase, payment processing, invoicing and tax handling. Simsala remains the provider and licensor of Simsala Desktop.
Data processed may include in particular:
We receive from Polar the information required to provide the Simsala license, manage licensing, provide support, and fulfill legal or contractual obligations.
Processing by Polar is also governed by Polar's privacy information.
Refund requests: contact info@simsala.co; payment-related processing is handled by Polar Software, Inc. as Merchant of Record.
We use an external licensing server, currently Polar, to manage and validate software licenses.
Purpose: provision of licensed features, abuse prevention, and enforcement of license terms. Legal basis: Art. 6(1)(b) GDPR and, additionally, Art. 6(1)(f) GDPR.
Simsala Desktop is designed as local-first software. Project files, vaults, canvas files, references, imported assets, and generated results are generally stored locally on your device or in the project folder you choose.
We do not have automatic access to your local vaults, canvas files, reference images, prompts, or generated files.
Users can connect their own provider accounts, for example Replicate, fal.ai, and Runware. If you connect a provider and run a generation, data required for that request is transferred to that provider.
Processing by each provider is governed by that provider's own privacy and usage terms.
Simsala may store API keys or credentials for external AI providers locally so that you can use providers in the app.
API keys and comparable secrets are stored locally in the operating-system keyring or a comparable secure local storage mechanism. We do not store your provider API keys on Simsala servers.
Simsala may provide connectors or local bridge functions for external design and CAD/DCC tools, for example Archicad, Rhino, SketchUp, and Vectorworks.
Local data packages, previews, manifest data, project references, or imported assets may be transferred between the respective tool and Simsala. This processing is generally local on your device.
Simsala can check whether a new software version is available.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
Simsala currently does not collect automatic usage telemetry and does not send automatic crash reports to us.
If you voluntarily send us logs, screenshots, or other technical information as part of a support request, we process these only to handle your request.
Simsala stores project context locally in so-called vaults. A vault may contain imported assets, references, generated images or videos, canvas files, connector inbox data, connector archives, prompts, engine settings, presets, and generation metadata.
This data is generally stored locally on your device or at the location you choose. We do not process this data on our servers unless you voluntarily submit it to us.
Depending on usage, personal data may be transferred to the following categories of recipients:
We disclose personal data only where necessary, where a legal basis exists, or where you have consented.
For certain functions, personal data may be transferred to countries outside the EU/EEA (e.g., USA).
Where personal data is transferred to third countries, this is done only in accordance with Arts. 44 et seq. GDPR, in particular on the basis of adequacy decisions, EU standard contractual clauses, or other valid legal bases.
A copy of suitable safeguards or further information about third-country transfers can be requested at info@simsala.co, to the extent such information is available to us.
| Data Type | Retention Period |
|---|---|
| Website server log data | up to 30 days, unless a security incident exists |
| Support e-mails | up to 24 months |
| Voluntarily submitted logs/screenshots | typically up to 12 months |
| Product update / newsletter data | until unsubscribe |
| Consent proof | up to 3 years after unsubscribe |
| License / activation data | for the duration of license use and beyond where justified |
| Invoice, payment, and accounting data | according to statutory retention obligations |
If you want to exercise your rights, contact us at info@simsala.co.
Where we process personal data on the basis of Art. 6(1)(f) GDPR, you may object for reasons arising from your particular situation.
We implement appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, alteration, or disclosure.
We do not use personal data for automated decisions within the meaning of Art. 22 GDPR that produce legal effects concerning you or similarly significantly affect you.
Simsala is not directed at children. Use of our software and purchase of licenses are intended for adults and business users.
If you believe that personal data of a child has been provided to us without required consent, please contact us at info@simsala.co.
We may update this privacy policy if our services, tools, legal requirements, or technical processes change. The current version is always available on our website.