Compliance

Strategy Simple + simple|AUDIENCE

Compliance and Data Privacy FAQ

For compliance-related questions, email: support (@) strategysimple.com

We believe data transparency and responsible marketing go hand in hand. As privacy laws evolve, we are committed to helping our clients stay compliant while still growing their businesses effectively.

1. Does GDPR apply to simple|AUDIENCE or Strategy Simple data?

No. The simple|AUDIENCE platform and superPIXEL product are designed exclusively for use in the United States. Our identity resolution database only includes consumers and businesses with confirmed U.S.-based attributes, and we employ geo-restriction and IP filtering to prevent data capture from regions where GDPR or UK data privacy laws apply.

2. What about U.S. state privacy laws like CCPA, CPRA, CPA, and others?

Yes — state-specific laws such as California's CCPA/CPRA, Colorado’s CPA, Virginia’s CDPA, and others may affect how data is used and disclosed. These regulations typically require:

Clear disclosure of how personal data is collected and used

Transparent notices for any form of cross-context behavioral advertising (including intent-based targeting)

Consumer opt-out options

Specific language in your privacy policy and cookie banners

We offer tools and templates to support these requirements, but we always advise clients to consult their legal counsel.

3. How Strategy Simple and simple|AUDIENCE help with compliance

We provide:

A fully hosted opt-out mechanism for consumers:
https://optout.simpleaudience.com

A Data Protection Addendum (DPA) for enterprise clients

Suggested privacy policy language for cookie use, behavioral targeting, and identity resolution

Access to our intent-based identity resolution platform only under U.S.-compliant data terms

4. Sample Privacy Policy Disclosure (Recommended)

Include this in the "Third-Party Data Collection" or "Behavioral Advertising" section of your privacy policy:

“We partner with third-party data providers, including simple|AUDIENCE, to identify visitors to our website, associate behavioral signals with first-party and third-party data, and deliver personalized advertising. This may include associating your activity with existing data profiles, such as email addresses or inferred interests. You can opt out of this data processing at: https://optout.simpleaudience.com.”

5. Does simple|AUDIENCE use permission-based marketing?

simple|AUDIENCE uses intent-based marketing, not traditional opt-in marketing. Our platform identifies leads based on search intent, digital behaviors, and online signals — such as keyword searches, page visits, and content consumption.

While users may not have filled out a form on your site, they have demonstrated commercial interest and are used in targeted outreach under applicable state laws. Our clients are responsible for ensuring their outreach practices align with privacy regulations and industry best practices.

6. How does the superPIXEL work, and is it privacy compliant?

The superPIXEL is a proprietary identity resolution script that enables you to match anonymous website visitors to known profiles based on behavioral, IP, and device data.

It does not store personal data locally on your website

All matching occurs securely and compliantly on our servers

We recommend you disclose usage via a cookie banner and in your privacy policy

7. What if my business is under $25 million in revenue?

You may be exempt from certain privacy law obligations, such as the California Privacy Rights Act (CPRA), if:

Your business earns less than $25 million in annual revenue

You process data for fewer than 100,000 California residents

Your core business function isn’t selling personal data

Even if exempt, showing privacy-forward practices such as offering opt-outs and clear disclosures improves customer trust and reduces risk.

8. Additional Compliance Support

Need help with privacy implementation? We provide:

Copy-paste privacy policy disclosure templates

Recommended cookie banner scripts

Direct support from our compliance team

Referrals to privacy experts and legal advisors for contract reviews

Contact us at: support (@) strategysimple.com

Appendix: Privacy Policy Language Templates

Insert the following in your website’s privacy policy under an appropriate section such as "Cookies and Tracking Technologies" or "Third-Party Data Use." We recommend consulting an attorney or legal advisor for all of these examples.

Behavioral Tracking and Identity Resolution

We may use identity resolution services from third-party providers such as simple|AUDIENCE to associate website visitor behavior with known contact profiles. These services help us deliver more relevant advertising and personalize our outreach efforts.

This may involve collecting and analyzing behavioral data, such as website pages visited, search intent, referring sources, and device information. Some of this data may be matched to external databases to identify a visitor by name, email, or other contact attributes. No sensitive personal information is collected or shared.

If you would like to opt out of this type of tracking, visit:
https://optout.simpleaudience.com

Appendix: Cookie Banner Wording

Here are two examples for your cookie consent pop-up or banner:

Basic Cookie Banner Language (Opt-Out Link)

This website uses cookies and intent-based tracking to personalize content and marketing. By using this site, you agree to our use of these technologies. Opt Out

Expanded Cookie Banner (With Explanation)

We use cookies and third-party tools, including simple|AUDIENCE, to better understand your interests and deliver relevant content and advertising. These tools may associate your activity with known profiles or contact records. Learn more in our [Privacy Policy] and Opt Out of identity-based tracking.

DATA SERVICES AGREEMENT

This Data Services Agreement ("Agreement") is made effective as of the date of execution ("Effective Date") by and between:

Strategy Simple LLC, a Michigan limited liability company, with its principal place of business at [Insert Address] ("Provider"),
and
Client, as defined in the Order Form referencing this Agreement.

1. Services Provided

Provider agrees to supply Client with access to certain data services, including but not limited to:
- Access to intent-based audience data
- Lead generation data files
- Website visitor identity resolution
- Deployment and support of the proprietary superPIXEL for anonymous visitor tracking
All services provided are collectively referred to as the "Services."

2. License & Use of Data

Subject to the terms herein, Provider grants Client a non-exclusive, non-transferable, limited license to use the data solely for internal business purposes, including marketing, sales, and advertising, in compliance with applicable laws.

Unless otherwise agreed in writing, Client shall not:
- Sell, sublicense, distribute, or otherwise transfer the data to any third party
- Use the data for credit, insurance underwriting, or employment purposes (i.e., FCRA-restricted uses)
- Combine the data with third-party sources in a way that could violate consumer privacy laws

If Client wishes to resell or redistribute any data provided under this Agreement, a separate Data Reseller Agreement must be executed, and Client must comply with Provider’s reseller policies and usage restrictions.

3. Data Ownership

All rights, title, and interest in and to the Services, underlying databases, and technologies (including but not limited to the superPIXEL) remain the sole property of Provider or its licensors. Client acquires no ownership rights to the data or Services under this Agreement.

4. Compliance with Law

Client represents and warrants that it will:
- Comply with all applicable data privacy laws and regulations, including U.S. state-specific laws (e.g., CCPA, CPRA)
- Provide accurate and transparent privacy disclosures, including the presence of tracking technologies
- Display opt-out mechanisms, as reasonably required

Provider offers opt-out services and sample privacy policy language to assist with compliance.

5. Opt-Out Obligations

Client agrees to include the following in its privacy policy or on its website:
- A clear explanation of tracking and data use
- A link to Provider’s opt-out page: https://optout.simpleaudience.com

Provider will maintain and honor all verified opt-out requests on behalf of itself and its clients.

6. Term & Termination

This Agreement shall remain in effect until terminated by either party with 30 days' written notice. Upon termination, Client must cease use of all data and delete or destroy any data retained unless otherwise required by law.

7. Confidentiality

Each party agrees to maintain the confidentiality of the other party’s proprietary and non-public information, including data, trade secrets, customer lists, and operational procedures.

8. Disclaimer & Limitation of Liability

Services are provided “as is” without warranties of any kind. Provider disclaims any liability for indirect, incidental, or consequential damages, or for loss of profits, data, or business opportunities. Provider’s total liability under this Agreement shall not exceed the amount paid by Client in the six (6) months prior to the claim.

9. Indemnification

Client agrees to indemnify and hold harmless Provider and its officers, agents, and employees from any claims or liabilities arising out of:
- Client’s misuse of the data
- Client’s failure to comply with applicable laws
- Client’s violation of this Agreement

10. Governing Law

This Agreement shall be governed by and construed under the laws of the State of Michigan, without regard to conflict of law provisions. Any disputes shall be brought in the courts located in [Insert County], Michigan.

11. Entire Agreement

This Agreement, together with any referenced Order Forms or addenda, constitutes the entire agreement between the parties regarding the Services and supersedes any prior agreements or understandings.

12. Amendments

This Agreement may be amended only in writing and signed by both parties.

13. Data Protection Addendum

A separate Data Protection Addendum (DPA) is available upon request and may be executed by the parties to address additional compliance, data handling, and subprocessor-related obligations.

Strategy Simple LLC ("we", "our", or "Strategy Simple") is committed to responsible data practices. These Data Usage Terms explain how data made available through the simple|AUDIENCE platform and its associated technologies — including our proprietary superPIXEL — may be used, and what responsibilities our clients assume.

For legal or compliance questions, email us at: support (@) strategysimple.com

1. Intended Use of simple|AUDIENCE Data

Data made available by Strategy Simple through the simple|AUDIENCE platform is intended for lawful business-to-business (B2B) use, including:
- Digital advertising
- Email outreach (subject to compliance)
- Sales prospecting
- Market segmentation
- CRM enrichment
- Behavioral analysis based on intent signals and web traffic

2. Geographic Restrictions

Strategy Simple does not collect or process data from individuals or businesses located in the European Union (EU), United Kingdom (UK), or other jurisdictions where local data protection laws (e.g., GDPR) may prohibit such processing.
All identity resolution, intent data, and behavioral tracking is geo-fenced for U.S.-based audiences only.

3. State Privacy Law Compliance

We provide tools and resources to support compliance with U.S. privacy regulations, including:
- California Consumer Privacy Act (CCPA/CPRA)
- Colorado Privacy Act (CPA)
- Virginia Consumer Data Protection Act (CDPA)
- Other evolving state-level privacy laws

Clients are responsible for:
- Providing appropriate disclosures in their privacy policies
- Implementing opt-out mechanisms
- Honoring data subject access or deletion requests when applicable

We offer sample disclosure language and a hosted consumer opt-out page:
https://optout.simpleaudience.com

4. Permitted Use

Clients are permitted to use the data for:
- Identifying anonymous website visitors
- Running targeted marketing campaigns
- Building intent-based audience segments
- Enhancing or enriching existing customer databases
- B2B sales and lead generation activities

5. Prohibited Use

Clients may not use Strategy Simple data for:
- FCRA-regulated decisions (e.g., credit, employment, housing)
- Any use involving sensitive personal information, including health, financial, or biometric data
- Sending unsolicited messages without proper consent where required
- Reselling, redistributing, or sublicensing data without express written permission

6. Resale and Redistribution

Unless a separate Data Reseller Addendum is signed, clients are not authorized to resell or redistribute any data obtained via Strategy Simple.

If resale is approved:
- Clients must comply with our Reseller Terms
- Clients must disclose our opt-out mechanism to their end users
- Clients assume responsibility for downstream data use

7. superPIXEL Usage

The superPIXEL is a lightweight script that identifies anonymous website visitors and matches them to known profiles within our U.S. intent data network.

- The pixel does not store personal information on the client’s site
- All identity matching occurs securely on Strategy Simple servers
- Clients must include notice of pixel usage in their cookie banners and privacy policies

Recommended language:
“We use identity resolution tools from third-party providers to match website behavior with known profiles. To opt out, visit https://optout.simpleaudience.com”

8. Consumer Rights & Opt-Out

Strategy Simple maintains a fully functional consumer opt-out mechanism available at:
https://optout.simpleaudience.com

We will honor all verified requests to:
- Remove a profile from our identity resolution system
- Suppress matched emails or personal identifiers
- Prevent further tracking from the superPIXEL

9. Client Responsibility

Clients agree to:
- Use data in a compliant, privacy-conscious manner
- Keep their own privacy policies updated
- Display opt-out links when required
- Not misuse, resell, or combine data in violation of these terms

Strategy Simple reserves the right to suspend access to clients that violate our data usage terms.

10. Questions or Concerns?

Reach out to our compliance team:
support (@) strategysimple.com

We can assist with:
- Privacy language templates
- Policy reviews
- Custom reseller agreements
- Audit documentation

DATA PROTECTION ADDENDUM

This Data Protection Addendum ("Addendum") is entered into by and between Strategy Simple LLC ("Provider") and __________________ (“Client”) as defined in the main Data Services Agreement ("Agreement"). This Addendum is incorporated into and made part of the Agreement.

The parties agree as follows:

1. Definitions

“Personal Data” means any information relating to an identified or identifiable natural person.
“Processing” means any operation performed on Personal Data, whether or not by automated means.
“Subprocessor” means any third party engaged by Provider to process data on its behalf.

2. Compliance with Laws

Each party shall comply with applicable data protection laws and regulations, including but not limited to state-level privacy laws in the United States.

3. Roles of the Parties

Provider is a service provider/data processor, and Client is the data controller/data business. Provider processes Personal Data solely on behalf of the Client.

4. Purpose of Processing

Provider will process Personal Data as necessary to provide the Services as described in the Agreement.

5. Subprocessors

Client authorizes Provider to use Subprocessors to fulfill its contractual obligations. Provider will ensure that Subprocessors are bound by data protection obligations no less protective than those in this Addendum.

6. Data Subject Rights

Provider shall provide reasonable assistance to Client for responding to data subject requests, such as access, deletion, or opt-out requests.

7. Security

Provider shall implement appropriate technical and organizational measures to protect Personal Data, as described in the Information Security Addendum.

8. Data Breach Notification

Provider shall notify Client without undue delay upon becoming aware of a confirmed Personal Data Breach.

9. Data Retention and Deletion

Upon termination of the Agreement, Provider shall delete or return all Personal Data unless otherwise required by law.

10. Audit Rights

Upon reasonable notice, Client may audit Provider’s compliance with this Addendum up to once per calendar year.

This Information Security Addendum ("Addendum") is entered into by and between Strategy Simple LLC ("Provider") and the Client as defined in the main Data Services Agreement ("Agreement"). This Addendum describes the information security measures that Provider shall implement to protect Client Data.

1. Security Program

Provider shall maintain a written information security program that includes administrative, technical, and physical safeguards appropriate to the size and nature of its business and the sensitivity of the Client Data.

2. Data Encryption

Provider shall use industry-standard encryption technologies to protect Client Data at rest and in transit over public networks.

3. Access Controls

Access to Client Data shall be restricted to authorized personnel with a need-to-know basis. Role-based access control (RBAC) shall be implemented.

4. Network Security

Provider shall implement appropriate firewall, intrusion detection, and network segmentation measures to prevent unauthorized access to its systems.

5. Vulnerability Management

Provider shall regularly monitor and patch known security vulnerabilities in its infrastructure and applications.

6. Personnel Security

Provider shall conduct background checks on employees with access to Client Data and provide ongoing training on data protection and information security.

7. Physical Security

Provider shall maintain physical access controls to data centers or hosting facilities where Client Data is stored.

8. Incident Response

Provider shall maintain an incident response plan and notify Client without undue delay upon confirming a data breach involving Client Data.

9. Business Continuity and Disaster Recovery

Provider shall maintain policies and procedures for business continuity and disaster recovery to ensure the availability and integrity of Client Data.

10. Subprocessor Security

Provider shall ensure that all subprocessors handling Client Data adhere to security practices consistent with this Addendum.