// Trust & Security Report

    TLDR Technologies, Inc logo

    TLDR Technologies, Inc

    Simplified.com is an all-in-one AI marketing/content platform (design editor, AI writer, AI video/voice cloning, social media scheduler, AI chatbot, link-in-bio, project management) plus a public API, MCP server, CLI, and Chrome/WordPress/Shopify/iOS/Android integrations, operated by TLDR Technologies, Inc.

    Certifications held

    0

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 9 unconfirmed / not-held certifications
    SOC 2
    NOT CONFIRMED

    One vendor marketing landing page states 'Enterprise Security: SOC 2 and ISO 27001 compliance keeps your campaign data and ad accounts protected' and 'Simplified is SOC 2 and ISO 27001 compliant,' but no trust center, audit report, auditor name, or badge exists anywhere on the domain, and the claim is absent from the Privacy Policy and Terms of Service. Treated as an unverified marketing claim, not a confirmed certification.

    source: simplified.com
    ISO 27001
    NOT CONFIRMED

    Same unverified marketing claim as SOC 2 above ('SOC 2 and ISO 27001 compliant'); no trust center, certificate, or auditor evidence found on the vendor's own domain to corroborate it.

    source: simplified.com
    GDPR (posture)
    NOT CONFIRMED

    No dedicated GDPR compliance page or Data Processing Agreement found. Privacy Policy contains only generic international-transfer language: 'we will perform those transfers in accordance with the requirements of applicable law.' No mention of EU representative, lawful-basis details, or DPA.

    source: simplified.com
    HIPAA
    NOT CONFIRMED

    Terms of Service explicitly disclaim HIPAA suitability: "The Site is not tailored to comply with industry-specific regulations (Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), etc.), so if your interactions would be subjected to such laws, you may not use this Site."

    source: simplified.com
    PCI DSS
    NOT CONFIRMED

    "We use Stripe, a PCI-compliant provider to process payments... Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1." This is the payment processor's (Stripe's) certification, not a certification held by Simplified/TLDR Technologies itself.

    source: help.simplified.com
    ISO 27017 / 27018 / 27701
    NOT CONFIRMED

    No public evidence found on the vendor's own domain (privacy policy, terms of service, or marketing pages).

    source: simplified.com
    ISO/IEC 42001 (AI governance)
    NOT CONFIRMED

    No public evidence found; no AI-governance certification is referenced anywhere on the vendor's own domain.

    source: simplified.com
    CSA STAR
    NOT CONFIRMED

    No public evidence found on the vendor's own domain.

    source: simplified.com
    FedRAMP
    NOT CONFIRMED

    No public evidence found; not applicable, product is positioned as a consumer/SMB marketing tool, not a government cloud offering.

    source: simplified.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    not specified; privacy policy states only that data is "stored and/or processed where we or our partners, affiliates, and third-party providers maintain facilities" with no named regions or residency commitment

    The privacy policy contains an explicit, narrow opt-out: "We do not use Google Workspace APIs, or any associated data, to develop, improve, or train generalized artificial intelligence (AI) or machine learning (ML) models," and similarly restricts use of connected YouTube channel data to service delivery only. However, no blanket statement was found covering whether other customer content (uploaded designs, images, video, brand assets, written copy) is used to train or improve Simplified's own AI models. This narrow-scope carve-out versus the platform's broad general Terms of Service license ("unrestricted, unlimited, irrevocable, perpetual... right and license to host, use, copy, reproduce... for any purpose, commercial, advertising, or otherwise" over user Contributions) creates ambiguity that the vendor's own pages do not resolve.

    // Security controls

    Payment data handling

    Payments processed via Stripe (PCI Service Provider Level 1); Simplified itself does not claim to store card data.

    help.simplified.com

    Encryption in transit / at rest

    no public evidence found on vendor's own domain describing specific encryption standards (only generic marketing language: "we've established strong security practices across our platform")

    help.simplified.com

    Data retention

    "We keep your personal information only for as long as we need to," with exceptions for legal/accounting/reporting obligations; deletion requests handled within 30 days.

    simplified.com

    Independent security/compliance audit

    no public evidence of an independent audit report, trust center, or third-party attestation found anywhere on the vendor's own domain

    simplified.com

    // Products & data scope

    Simplified Core Platform (Design / AI Writer / Video Editor / Social Media Planner)AI content creation & social media management

    data: user-uploaded brand assets, images, video, marketing copy, connected social accounts (LinkedIn, Instagram, TikTok, YouTube, Shopify, WordPress)

    Primary product; solo/free and paid team tiers share the same workspace per marketing copy ("Built for team of one. And Teams of fifty.").

    AI Voice Cloning / AI Video (talking-head avatars)Generative AI media

    data: user-submitted voice/audio samples and likeness/video used to generate voice clones and talking-head avatar videos

    Simplified API / MCP Server / CLIDeveloper / programmatic access

    data: programmatic access to the same content-generation and social features listed in the site footer

    Chrome Extension / WordPress / Shopify / iOS / Android appsDistribution integrations

    data: varies by integration; browser page content, store data, or mobile device data depending on integration

    No per-integration privacy addendum found; covered only by the general Privacy Policy.

    // What to watch

    • Over-claim risk: a single marketing landing page (/ai-workflows/advertising-automation) asserts 'SOC 2 and ISO 27001 compliant' with zero corroboration elsewhere on the domain (no trust center, no audit report, not mentioned in Privacy Policy or ToS). Do not display these badges without independent verification directly from the vendor.
    • No trust center or dedicated security page exists on simplified.com or any subdomain found during this assessment.
    • PCI DSS Level 1 belongs to payment processor Stripe, not to Simplified/TLDR Technologies; do not attribute it to the vendor.
    • Vendor's own Terms of Service explicitly state the site is not tailored for HIPAA-regulated use and users subject to HIPAA 'may not use this Site.'
    • AI-training opt-out language is scoped specifically to Google Workspace API data; overall training posture for other customer content (designs, video, copy) is unresolved/ambiguous given a broad general content license in the ToS.
    • No GDPR-specific compliance page or DPA found; only generic international-transfer language in the privacy policy.

    // At a glance

    Pricing model

    Freemium with paid per-seat/team subscription tiers

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on TLDR Technologies, Inc's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    simplified.com

    > Browse all vendor trust reports