Privacy Policy

Semlify is a product of Semlify SAS ("we", "us"), registered in France. This Policy describes the personal data we collect, why we collect it, and your rights under the GDPR.

1. What we collect

• Account data: name, email, organisation, password hash. Provided by you or your IdP.
• Early-access form data: when you submit the “Get free access” form on semlify.com/access we collect your name, work email, phone number, and optionally the company you work for and a short description of what you're building. We use it to provision your workspace and follow up about it; we don't add you to a marketing list without separate opt-in. The form is hosted by Netlify Forms.
• Usage data: pages visited, actions taken, error reports. Captured for product analytics and support.
• Customer Data: the ontologies, concepts and relations you create. We process these on your behalf to provide the Service.
• Billing data: card last 4, billing address. Held by Stripe; we never see card numbers.

2. Why we process

Lawful bases under GDPR Article 6: contract (provide and bill the Service), legitimate interest (product analytics, security monitoring, fraud prevention), and consent (marketing emails — opt-in only).

3. Sub-processors

Our sub-processors are listed at semlify.com/legal/subprocessors. We give 30 days' notice before adding or replacing any.

4. International transfers

EU customer data stays in EU regions for the application stack. Where a sub-processor is outside the EU, we rely on Standard Contractual Clauses (SCCs) to authorise the transfer.

5. Retention

Customer Data is retained as long as your account is active. After termination, you have 30 days to export. We then delete within 90 days, except where law requires longer (billing records: 7 years).

6. Your rights

Under GDPR you may request access, correction, erasure, portability, and restriction of processing. Email privacy@semlify.com; we respond within one month.

7. Cookies and analytics

On the application (app.semlify.com) we use only first-party essential cookies for authentication. On the marketing site (semlify.com) we run two analytics tools, with very different privacy footprints:

• Cloudflare Web Analytics — aggregate page views and referrer breakdowns. Cookieless, no fingerprinting, no cross-site tracking, no IP retention beyond Cloudflare's edge. Runs by default on lawful basis of legitimate interest (Article 6(1)(f)) because no information is stored on your device. You cannot meaningfully opt out of aggregate counts that contain no personal data, but you can block the static.cloudflareinsights.com domain in your browser if you prefer.
• Microsoft Clarity — session recordings and heatmaps that help us see where the marketing site is confusing or broken. This does use cookies and store data on your device, so it only loads after you accept analytics cookies in our banner. Clarity masks form inputs and password fields by default, so the values you type into the “Get free access” form (name, email, phone, etc.) are not captured. You can withdraw consent at any time by clearing the semlify.cookies entry in your browser's site data and choosing differently when the banner reappears, or by emailing privacy@semlify.com.

Your consent choice is stored locally in your browser (localStorage key semlify.cookies) so we don't have to ask again on every page. We do not use advertising cookies, retargeting pixels, or third-party social trackers anywhere on the site.

8. Contact

Data Protection Contact: privacy@semlify.com.
Postal: Semlify SAS — 75001 Paris, France.

This document is a Phase-0 placeholder. The final policy will be reviewed and signed off by counsel before launch.