Privacy Statement

A fact-based overview of the personal data simplePMO currently processes.

Last updated: March 15, 2026
Terms of Service Privacy Statement Front page

Who provides simplePMO

simplePMO is provided by Devepro Oy and Lean Finland Oy. Depending on the customer arrangement, one or both companies may act as provider, support contact, or contracting party.

Data we process

Based on the current application, simplePMO processes user account data such as username, display name, email address, and language preference.

The product also processes tenant and access data such as organization membership, tenant selection, role assignments, and dashboard or notification preferences.

If customers use the application features, simplePMO can store business content that may include personal data inside initiative records, comments, weekly updates, approvals, audit entries, notifications, and uploaded documents or linked URLs.

On the public website, the contact form collects name, work email, company, team size, and the free-text message submitted by the visitor.

Where the data comes from

Most data comes directly from customers and users when they create accounts, sign in, choose a tenant, update profile preferences, submit weekly updates, send approval decisions, upload documents, or use the contact form.

The application is also configured for Microsoft sign-in. In that flow, basic identity details such as profile name and email may come from Microsoft.

Why we process the data

We process personal data to authenticate users, control tenant-specific access, show role-based views, send in-app or email notifications, keep audit trails of tracked actions, store customer documents, and respond to sales or support inquiries.

Email and notifications

The current codebase sends emails for public contact requests and can send product notification emails such as reminders, owner messages, and daily digests when configured.

Notification preferences are stored per user and per tenant.

Cookies and session data

simplePMO uses Django session handling for signed-in use. In practice this means the service stores session data needed for authentication and the active tenant selection.

This statement does not claim analytics, advertising, or tracking cookies because they are not evident in the current application code.

Sharing and processors

Personal data is shared only as needed to run the service, such as with hosting, email delivery, authentication, and support providers used on behalf of the providers or the customer.

The application is designed so customer data is tenant-scoped inside the product. That is an application control, not a promise that data can never be disclosed if required by law.

Retention

The current codebase stores operational records such as notifications, documents, and audit entries until they are removed under product behavior, customer administration, or a separate agreement.

Audit entries are intentionally append-only in the application and cannot be edited or deleted through normal model operations.

Your rights

Applicable law may give data subjects rights such as access, correction, restriction, objection, deletion, or complaint to a supervisory authority. The exact scope depends on the role of the provider companies and the customer in each deployment.

For customer workspace data, the customer organization may act as the primary controller for the content its users enter into the service.

Contact

Privacy questions or requests can be sent through the public contact form on the front page.