SimpleIDGen
§ · Legal

Privacy Policy

Last updated 10 June 2026.

This Privacy Policy explains how Rexstart Labs Pvt Ltd ("we", "us", "our"), which operates SimpleIDGen (simpleidgen.com and its API, the "Service"), collects, uses, and protects your personal data. It is written to align with the EU General Data Protection Regulation (GDPR) and India's Digital Personal Data Protection Act, 2023 (DPDP).

The data the Service generates is synthetic. Person Profiles produced by the Service are statistically generated and do not describe real, identifiable individuals. This policy concerns the account and usage data we collect from you, the user.

1. Who we are

SimpleIDGen is operated by Rexstart Labs Pvt Ltd, a company incorporated in India. For any privacy question, request, or grievance, contact our Grievance Officer at privacy@simpleidgen.com.

2. Data we collect

  • Account data — your name, email address, and password (stored only as a salted argon2 hash; we never see your password).
  • Authentication data — one-time sign-in codes emailed to you, and a session cookie (sidgen_session) that keeps you logged in.
  • Usage data — a log of your API calls (endpoint, method, status, row counts, timestamps) and, temporarily, any sample records you generate.
  • Technical data — your IP address and request metadata, processed by our infrastructure provider for delivery, security, and abuse prevention (including the Cloudflare Turnstile bot check).

3. How and why we use it (legal bases)

  • To provide the Service — create your account, authenticate you, generate data, and let you download it. Basis: performance of a contract.
  • To secure the Service — verify email ownership (OTP), block bots and abuse, and enforce usage limits. Basis: legitimate interests / legal obligation.
  • To communicate — send transactional emails such as sign-in codes and password resets. Basis: performance of a contract.

We do not sell your personal data, use it for advertising, or profile you for marketing.

4. Cookies

We use one strictly-necessary cookie (sidgen_session) to maintain your login. Cloudflare Turnstile and our privacy-friendly, cookieless analytics may process limited technical data to protect and measure the Service. We do not use advertising or cross-site tracking cookies.

5. Who processes your data

Our infrastructure is provided by Cloudflare, Inc., which hosts the application and database, stores generated files, delivers our email, provides bot protection (Turnstile), and supplies aggregate analytics. Cloudflare acts as our processor and may process data across its global network. We do not share your data with any other third party except where required by law.

6. International transfers

Because the Service runs on Cloudflare's global edge network, your data may be processed in countries other than your own. Such transfers rely on appropriate safeguards (for example, Standard Contractual Clauses) made available through our processor.

7. How long we keep it

  • Account data — until you delete your account or ask us to delete it.
  • Generated datasets, sample results, and call logs — automatically deleted after 7 days.
  • Sign-in codes and password-reset tokens — minutes to one hour, then removed.

8. Your rights

Subject to applicable law, you may:

  • Access a copy of your personal data, and correct or complete it;
  • Delete your data ("erasure" / "right to be forgotten");
  • Restrict or object to certain processing, and request portability of data you provided (GDPR);
  • Withdraw consent at any time, without affecting prior lawful processing;
  • Nominate another individual to exercise your rights in the event of death or incapacity (DPDP);
  • Complain to your data-protection authority — an EU supervisory authority under GDPR, or the Data Protection Board of India under DPDP.

To exercise any right, email privacy@simpleidgen.com. We respond within the timeframes required by law.

9. Security

We protect your data with encryption in transit (TLS), salted password hashing (argon2id), email one-time-code verification on every sign-in, bot protection, and data minimisation. No system is perfectly secure, but we work to safeguard your information.

10. Children

The Service is not intended for anyone under 18, and we do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

11. Changes

We may update this policy; material changes are reflected by the "last updated" date above and, where appropriate, notified to you. Continued use after an update means you accept the revised policy.

12. Contact

Questions, requests, or grievances: privacy@simpleidgen.com.