Privacy Policy

Last updated: 21 March 2026

1. Introduction

WorldSim ("we", "us", "our") is a simulation platform available at worldsimlab.com (the "Service"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Service.

We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable Cyprus and European Union data protection laws.

2. Data Controller

The data controller responsible for your personal data is:
WorldSim
Contact: privacy@worldsimlab.com

3. Data We Collect

3.1 Account Information

  • Email address (required for registration)
  • Password (stored securely using one-way hashing)
  • Name (if provided via Google OAuth)
  • Google account identifier (if you sign up via Google)

3.2 Simulation Data

  • Simulation configuration inputs (country, scenario parameters, bias settings)
  • Simulation results and output data
  • Layer 5 personal profile data (salary, industry, age — if provided)

3.3 Payment Information

  • Subscription tier and billing period
  • Payment card details are collected and processed exclusively by Stripe — we never see or store your full card number
  • Stripe customer ID and subscription ID (for managing your account)

3.4 Technical Data

  • IP address
  • Browser type and version
  • Pages visited and timestamps
  • Cookies (see our Cookie Policy)

4. How We Use Your Data

We use your personal data for the following purposes:

  • Providing the Service — running simulations, storing results, managing your account
  • Authentication — verifying your identity and securing your account
  • Billing — processing subscription payments through Stripe
  • Communication — sending transactional emails (account verification, password reset, billing receipts)
  • Security — detecting and preventing fraud, abuse, or unauthorised access
  • Improvement — analysing usage patterns to improve platform performance and features (aggregated, non-identifying data only)

5. Legal Basis for Processing

Under GDPR, we process your data based on the following legal grounds:

  • Contract performance — processing necessary to provide the Service you signed up for (account management, running simulations, billing)
  • Consent — for optional analytics cookies and marketing communications (you can withdraw consent at any time)
  • Legitimate interest — for security monitoring, fraud prevention, and platform improvement
  • Legal obligation — where required by applicable law (e.g., financial record keeping)

6. Third-Party Data Processors

We share your data with the following third-party processors, each of which is GDPR-compliant:

Provider Purpose Data Shared
Stripe Payment processing Email, payment card details, billing address
Google OAuth authentication Email, name (only if you choose Google sign-in)
Hetzner Server hosting (EU) All data is stored on EU-based servers

We do not sell, rent, or trade your personal data to any third parties.

7. Data Retention

  • Account data — retained for as long as your account is active. Deleted within 30 days of account deletion.
  • Simulation data — retained for as long as your account is active.
  • Payment records — retained for 7 years as required by financial regulations.
  • Technical logs — retained for up to 90 days for security and debugging purposes.

8. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your personal data ("right to be forgotten")
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to restrict processing — request that we limit how we use your data
  • Right to object — object to processing based on legitimate interest
  • Right to withdraw consent — withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@worldsimlab.com. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • HTTPS encryption for all data in transit
  • Passwords stored using industry-standard one-way hashing
  • Database access restricted to authorised personnel only
  • Regular security updates and monitoring
  • EU-based server hosting (Hetzner, Germany/Finland)

10. International Data Transfers

Your data is stored on servers located within the European Union. Where data is processed by third-party services outside the EU (e.g., Stripe's US infrastructure), such transfers are covered by Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework.

11. Children's Privacy

WorldSim is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the platform. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
privacy@worldsimlab.com

If you are not satisfied with our response, you have the right to lodge a complaint with your local EU data protection supervisory authority.