Last updated: January 2026
Shambho (“we”, “our”, “us”) operates Simplagents and provides an AI agent design and management platform. This Privacy Policy explains how we process personal data in compliance with GDPR and aligned with SOC 2 principles.
Simplagents acts as a Data Controller for account and billing data, and as a Data Processor for customer data processed through AI agents.
We collect account and business information (name, email, organization details), customer content and agent data (inputs, configurations, logs), and technical usage data such as IP address, browser type, system logs, and performance metrics.
We process personal data based on contractual necessity, legitimate interests (security and service improvement), legal obligations, and user consent where required.
Data is used strictly to operate and maintain the platform, execute AI agents as configured, provide support, ensure security, and meet legal and compliance requirements. We do not sell data, use it for advertising, or train general-purpose AI models on customer data.
Customer data is retained only for the duration of the business relationship. Upon termination, data is deleted within 30 days unless legally required otherwise. Data export or deletion can be requested at any time.
We implement safeguards aligned with SOC 2 Trust Principles, including role-based access control, encryption, audit logging, monitoring, incident response procedures, and vendor risk management.
We use vetted subprocessors such as cloud hosting, analytics, and payment providers. All subprocessors are contractually bound to equivalent data protection obligations.
Where data is processed outside your country, we rely on lawful transfer mechanisms such as Standard Contractual Clauses (SCCs) or other GDPR-approved safeguards.
You have the right to access, correct, delete, restrict or object to processing, request data portability, and withdraw consent. Requests are fulfilled within 30 days.
In the event of a data breach, we will notify affected customers and regulators as required by applicable law.
For privacy-related questions or GDPR requests: