Skip to main content
Symplicity Symplicity
Privacy Center
Trust Portal Gateway
English EN
Access Docs
Data Protection & Compliance

Privacy Center Trust Portal Gateway

At Symplicity, student success is our mission — and protecting student privacy is foundational to that mission. We empower university administrators and staff with the tools, transparency, and documentation they need to safeguard every student's right to privacy throughout their time on campus and beyond.
Welcome to Your Trust Portal.

Symplicity Operations Encompass
45+ Countries & Territories Subject to
33
National
20
US States
3
CA Terr.
4
AUS Terr.
National and State/Territory Laws and Regulations
In this Privacy Portal you will find
  • Company and Data Privacy Team Information
  • Documentation for procurement and renewal activities
  • Information about how Symplicity governs
  • Learning resources to give you a data privacy refresher
  • Tools to complete your own due diligence activities
  • Sub-processor information
Quick Action

Privacy Offices and DPOs

Need to complete an Annual Review?

← More info Jump to docs →
Quick Action

Procurement and Sales

In a procurement or sales process?

Jump to docs →
Quick Action

School Administrators

Learn to manage privacy in our apps.

← More info
Quick Action

Students

Understand your privacy rights.

Compliance Center →

Global Privacy Regulations

Privacy regulations applicable to Symplicity's operations worldwide
Map showing 45+ countries and 20 US states where Symplicity operates with privacy regulations
45+ countries · 20 US states · 3 Canadian territories · 4 Australian territories · 6 continents
Matt Small
Matt Small
CEO & President
Acting General Counsel
Andrew Wippl
Andrew Wippl, CISSP
Data Privacy Officer
Information Security Officer
Data Privacy Team
Symplicity Corporation
Resources

Trending Resources

Most-requested privacy documents and resources.

Data Processing Agreement (DPA)

Standard contractual terms for data processing between controller and processor under GDPR Article 28.

Public

Sub-Processor List

Current list of authorized sub-processors and their processing purposes across all product lines.

Public

Data Protection Impact Assessment

Comprehensive DPIA covering all products and high-risk processing activities in GDPR and ICO-compliant formats.

Request Access

Transfer Impact Assessment

Transfer Risk Assessment for all international data transfers ensuring Schrems II compliance.

Request Access

Privacy Policy

Our comprehensive privacy policy covering data collection, use, retention, and your rights.

Public

Cookie Policy

Details on cookie usage, types, and management options across our services and web properties.

Public

SOC 2 Type II Report (Privacy)

Independent audit report covering all five Trust Services Criteria including Privacy, conducted by Prescient Security.

Request Access

DSAR Process Guide

Step-by-step guide for handling Data Subject Access Requests across processor and controller products.

Public
Entities

By Organization

View privacy practices and data handling specific to each entity.

Symplicity

Parent Organization
Arlington, Virginia, USA
Andrew Wippl CISSP Certified
Processor
CSM, Accommodate/Access, Advocate, Horizons, Residence, Insight
Controller
Recruit
Compliance

Regulatory Frameworks

🇪🇺
GDPR
Compliant
🇬🇧
UK GDPR
Compliant
🏛
CCPA/CPRA
Compliant
🍁
PIPEDA
Compliant
🇧🇷
LGPD
Compliant
🇦🇺
Australian Privacy Act
Compliant
🛡
SOC 2 Privacy
Compliant
🎓
FERPA
Compliant
🇨🇭
Swiss FDPA
Compliant
🇨🇳
PIPL (China)
Compliant
🇿🇦
POPIA (South Africa)
Compliant
🇸🇬
PDPA (Singapore)
Compliant
🇲🇾
PDPA (Malaysia)
Compliant
🇹🇷
KVKK (Turkey)
Compliant
🇵🇭
DPA (Philippines)
Compliant
🇭🇰
PDPO (Hong Kong)
Compliant
🇮🇳
India IT Act
Compliant
🇳🇿
NZ Privacy Act
Compliant
🇦🇪
UAE PDPL
Compliant
🇸🇦
Saudi Arabia PDPL
Compliant
🇰🇪
Kenya DPA
Compliant
🇲🇽
Mexico LFPDPPP
Compliant
🇨🇴
Colombia Law 1581
Compliant
🇨🇱
Chile Privacy Law
Compliant
🇪🇬
Egypt PDPL
Compliant
🇧🇭
Bahrain PDPL
Compliant
🌍
EU-U.S. DPF
Compliant
🏴
Colorado CPA
Compliant
🏴
Virginia VCDPA
Compliant
🏴
Connecticut CDPA
Compliant
🏴
Texas TDPSA
Compliant
🏴
Oregon OCPA
Compliant
🏴
Florida FDBR
Compliant
🏴
Tennessee TIPA
Compliant
🏴
Montana MCDPA
Compliant
🏴
Delaware DPDPA
Compliant
🏴
Iowa CDPA
Compliant
🏴
Maryland MODPA
Compliant
🏴
Minnesota MCDPA
Compliant
🏴
Indiana CDPA
Compliant
🏴
Kentucky CDPA
Compliant
🏴
Rhode Island DTPPA
Compliant
Deep Dive

Privacy Topics

Explore our privacy practices, controls, and compliance measures in detail.

1

Privacy Program Overview

Comprehensive privacy program led by the DPO, built on privacy-by-design principles with alignment to GDPR, CCPA/CPRA, PIPEDA, LGPD, and Australian Privacy Act.

Governance 6 subtopics
2

Data Processing Roles & Responsibilities

Symplicity acts as data processor for most products and data controller for Recruit and CareerHub Central, with clear role definitions.

Data Handling Governance 6 subtopics
3

Data Protection Impact Assessments

Comprehensive DPIAs for all products and high-risk processing, available in Symplicity and ICO-compliant formats.

Data Handling 7 subtopics
4

Data Processing Agreements

Comprehensive DPAs complying with GDPR Article 28, UK GDPR, LGPD, and other applicable data protection regulations.

Compliance 6 subtopics
5

Transfer Risk Assessments

Transfer Risk Assessments for all international data transfers ensuring Schrems II compliance.

Compliance 6 subtopics
6

Subprocessors

Transparent and current sub-processor list with documented change notification procedures.

Vendor 6 subtopics
7

Privacy Assessments & Audits

Regular privacy assessments including SOC 2 Type II with privacy criteria, HECVAT, and CAIQ.

Compliance 6 subtopics
8

Data Privacy Framework (DPF)

EU-U.S., UK Extension, and Swiss-U.S. Data Privacy Framework participation for compliant transfers.

Data Handling 5 subtopics
9

PII Breach Response

Comprehensive PII breach response plan with defined notification timelines.

Vendor 6 subtopics
10

Privacy Policy & Notices

Transparent privacy policies and notices covering all processing activities.

Rights 5 subtopics
Privacy banner background
Our Commitment

Protecting personal data across 45+ countries and 20 US states

Education

Learn About Privacy

Educational resources to help you understand data protection.

Guide

What is a DPIA?

Learn what Data Protection Impact Assessments are, when they're required, and how Symplicity conducts them for every product.

Explainer

Your Data Subject Rights

Understand your rights under GDPR, CCPA, and other regulations — access, rectification, erasure, portability, and more.

FAQ

Privacy FAQ

Answers to common questions about how Symplicity handles personal data, international transfers, and data retention.

Reference

Privacy Glossary

Definitions of key privacy and data protection terms — from 'data controller' to 'pseudonymization' and beyond.

For Institutions

Processor vs. Controller

Understand when Symplicity acts as a data processor or controller, and what that means for your institution.

Guide

International Transfers

How Symplicity ensures compliant cross-border data transfers using DPF, SCCs, and Transfer Impact Assessments.

What's New

Privacy Center Trust Portal Gateway Updates

Subscribe
Cyber Essentials Certification Achieved Across All Organizations
Milestone January 21, 2026

Symplicity has achieved Cyber Essentials certification across all four organizations, assessed by IASME. This UK Government-backed certification covers five key technical control areas and is mandatory for many UK Government contracts involving sensitive data.

New U.S. State Privacy Laws Take Effect in 2026
Regulatory January 5, 2026

Indiana, Kentucky, and Rhode Island joined a growing group of states enforcing comprehensive privacy statutes. These laws provide consumers with rights to access, correct, delete data, and opt out of targeted advertising.

SOC 2 Type II and ISO 27001 Audits Completed Across All Organizations
Milestone October 15, 2025

All four Symplicity organizations have completed SOC 2 Type II and ISO 27001 audits conducted by Prescient Security. The SOC 2 report covers all five Trust Services Criteria including Privacy.

Artificial Intelligence and the Future of Data Privacy
AI & Privacy July 15, 2025

AI is transforming data usage and regulators are focused on personal data in AI development. Organizations are adopting privacy-preserving approaches including data minimization, anonymization, and privacy-enhancing technologies.

European Commission Proposes Updates to Improve GDPR Implementation
GDPR May 21, 2025

The European Commission released a proposal to simplify and modernize GDPR as part of its Digital Omnibus initiative, aiming to reduce administrative burden while maintaining core protections.

Mexico Updates Its National Privacy Law (LFPDPPP)
Regulatory March 1, 2025

Mexico introduced a major update to its national data protection framework, modernizing the privacy framework and strengthening expectations for how organizations process personal information.

Vendors

Sub-Processors

Third-party service providers engaged by Symplicity to process data on behalf of our customers.

Primary Tier — Access to Student Data
Sub-Processor Processing Activity Location Symplicity CareerHub Orbis Contratanet
Amazon Web Services (AWS) Cloud Service Provider. Provides self-contained AI solution, Amazon Bedrock, for Generative AI and internal tooling. Cloud Service Provider. Provides self-contained AI solution, Amazon Bedrock, for Generative AI and internal tooling. Regional
Microsoft Corporation (Azure) Cloud Service Provider. Cloud Service Provider. Regional
Oracle Cloud Infrastructure Cloud Service Provider. Cloud Service Provider. Regional
Sutherland Global Services System administration level privileges, utilized only when explicitly authorized by client to resolve system issues. System administration level privileges, utilized only when explicitly authorized by client to resolve system issues. Philippines
Cronofy Application calendar syncs (Symplicity application to client's Outlook/Google Calendar). Application calendar syncs (Symplicity application to client's Outlook/Google Calendar). USA / UK
Secondary Tier — No Access to Student Data
Sub-Processor Processing Activity Location Symplicity CareerHub Orbis Contratanet
iOpex Quality Assurance Quality Assurance India
Asana Project Management Project Management USA
HubSpot Website & CMS Website & CMS USA
Zendesk, Inc. Ticketing system for support and maintenance services. Ticketing system for support and maintenance services. USA
Microsoft 365 Email, calendar, and audio/web conferencing. Email, calendar, and audio/web conferencing. USA
Coming Soon
Documents

Privacy Documents

Access privacy documentation, agreements, and compliance resources.

Data Processing Agreement (DPA)

Standard DPA with GDPR Article 28 terms for all products.

Sub-Processor List

Current list of all sub-processors with processing activities and locations.

Data Protection Impact Assessment

Enterprise-wide DPIA covering all products and regions.

Transfer Impact Assessment

International transfer risk documentation for Schrems II compliance.

Privacy Policy

How Symplicity collects, uses, and protects personal data.

Cookie Policy

Cookie usage, categories, consent management, and opt-out options.

SOC 2 Type II Report (Privacy)

SOC 2 report with privacy trust services criteria.

DSAR Process Guide

How to submit and handle data subject access requests.

Records of Processing (ROPA)

Comprehensive processing records per GDPR Article 30.

Data Retention Schedule

Retention periods and disposal procedures for all data categories.

Shared Responsibility Matrix

Delineation of obligations between Symplicity and institutional clients.

HECVAT Assessment

Higher Education Community Vendor Assessment Toolkit responses.

CAIQ (CSA)

Consensus Assessments Initiative Questionnaire responses.

Privacy by Design Checklist

Privacy screening checklist used during product development.

Consent Management Documentation

Consent collection, withdrawal processes, and audit trails.

Data Privacy Framework Notice

EU-U.S., UK Extension, and Swiss-U.S. DPF participation details.

Breach Notification Procedures

PII breach response plan with notification timelines and workflows.