// Trust & Security Report
TLDR Technologies, Inc
Simplified.com is an all-in-one AI marketing/content platform (design editor, AI writer, AI video/voice cloning, social media scheduler, AI chatbot, link-in-bio, project management) plus a public API, MCP server, CLI, and Chrome/WordPress/Shopify/iOS/Android integrations, operated by TLDR Technologies, Inc.
Certifications held
0
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 9 unconfirmed / not-held certifications
source: simplified.comOne vendor marketing landing page states 'Enterprise Security: SOC 2 and ISO 27001 compliance keeps your campaign data and ad accounts protected' and 'Simplified is SOC 2 and ISO 27001 compliant,' but no trust center, audit report, auditor name, or badge exists anywhere on the domain, and the claim is absent from the Privacy Policy and Terms of Service. Treated as an unverified marketing claim, not a confirmed certification.
source: simplified.comSame unverified marketing claim as SOC 2 above ('SOC 2 and ISO 27001 compliant'); no trust center, certificate, or auditor evidence found on the vendor's own domain to corroborate it.
source: simplified.comNo dedicated GDPR compliance page or Data Processing Agreement found. Privacy Policy contains only generic international-transfer language: 'we will perform those transfers in accordance with the requirements of applicable law.' No mention of EU representative, lawful-basis details, or DPA.
source: simplified.comTerms of Service explicitly disclaim HIPAA suitability: "The Site is not tailored to comply with industry-specific regulations (Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), etc.), so if your interactions would be subjected to such laws, you may not use this Site."
source: help.simplified.com"We use Stripe, a PCI-compliant provider to process payments... Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1." This is the payment processor's (Stripe's) certification, not a certification held by Simplified/TLDR Technologies itself.
source: simplified.comNo public evidence found on the vendor's own domain (privacy policy, terms of service, or marketing pages).
source: simplified.comNo public evidence found; no AI-governance certification is referenced anywhere on the vendor's own domain.
source: simplified.comNo public evidence found; not applicable, product is positioned as a consumer/SMB marketing tool, not a government cloud offering.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
not specified; privacy policy states only that data is "stored and/or processed where we or our partners, affiliates, and third-party providers maintain facilities" with no named regions or residency commitment
The privacy policy contains an explicit, narrow opt-out: "We do not use Google Workspace APIs, or any associated data, to develop, improve, or train generalized artificial intelligence (AI) or machine learning (ML) models," and similarly restricts use of connected YouTube channel data to service delivery only. However, no blanket statement was found covering whether other customer content (uploaded designs, images, video, brand assets, written copy) is used to train or improve Simplified's own AI models. This narrow-scope carve-out versus the platform's broad general Terms of Service license ("unrestricted, unlimited, irrevocable, perpetual... right and license to host, use, copy, reproduce... for any purpose, commercial, advertising, or otherwise" over user Contributions) creates ambiguity that the vendor's own pages do not resolve.
// Security controls
Payment data handling
Payments processed via Stripe (PCI Service Provider Level 1); Simplified itself does not claim to store card data.
help.simplified.comEncryption in transit / at rest
no public evidence found on vendor's own domain describing specific encryption standards (only generic marketing language: "we've established strong security practices across our platform")
help.simplified.comData retention
"We keep your personal information only for as long as we need to," with exceptions for legal/accounting/reporting obligations; deletion requests handled within 30 days.
simplified.comIndependent security/compliance audit
no public evidence of an independent audit report, trust center, or third-party attestation found anywhere on the vendor's own domain
simplified.com// Products & data scope
data: user-uploaded brand assets, images, video, marketing copy, connected social accounts (LinkedIn, Instagram, TikTok, YouTube, Shopify, WordPress)
Primary product; solo/free and paid team tiers share the same workspace per marketing copy ("Built for team of one. And Teams of fifty.").
data: user-submitted voice/audio samples and likeness/video used to generate voice clones and talking-head avatar videos
data: programmatic access to the same content-generation and social features listed in the site footer
data: varies by integration; browser page content, store data, or mobile device data depending on integration
No per-integration privacy addendum found; covered only by the general Privacy Policy.
// What to watch
- Over-claim risk: a single marketing landing page (/ai-workflows/advertising-automation) asserts 'SOC 2 and ISO 27001 compliant' with zero corroboration elsewhere on the domain (no trust center, no audit report, not mentioned in Privacy Policy or ToS). Do not display these badges without independent verification directly from the vendor.
- No trust center or dedicated security page exists on simplified.com or any subdomain found during this assessment.
- PCI DSS Level 1 belongs to payment processor Stripe, not to Simplified/TLDR Technologies; do not attribute it to the vendor.
- Vendor's own Terms of Service explicitly state the site is not tailored for HIPAA-regulated use and users subject to HIPAA 'may not use this Site.'
- AI-training opt-out language is scoped specifically to Google Workspace API data; overall training posture for other customer content (designs, video, copy) is unresolved/ambiguous given a broad general content license in the ToS.
- No GDPR-specific compliance page or DPA found; only generic international-transfer language in the privacy policy.
// At a glance
Pricing model
Freemium with paid per-seat/team subscription tiers
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on TLDR Technologies, Inc's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
simplified.com