Privacy Policy

1. Data controller and contact information

The data controller is the entity operating the SmartTranslate.ai Service ("Controller", "we").

Note: to satisfy information obligations in many jurisdictions (including the EU/UK), the full company name, registered office address, country of registration and — if applicable — registration number and details of an EU/UK representative should be provided here.

For issues related to data protection and to exercise data subject rights you can contact us at: privacy@smarttranslate.ai.

2. Scope of the Policy and definitions

This Policy covers processing of personal data in connection with the use of the Service (website, dashboard, translation features, blog), including contacting us and any marketing activities (e.g. newsletter) where offered.

"Personal data" means information about an identified or identifiable natural person (for example email address, account identifier, IP address in certain situations).

"Processing" includes, among other things, collection, recording, storage, use, disclosure and deletion of data.

3. What data we process (categories of data)

Data provided by users: in particular an email address (e.g. sign-up for the waitlist/newsletter), content submitted for translation (text, files) and translation settings and preferences (e.g. chosen language variant, translation profile).

Waitlist/newsletter sign-up data: email, language/locale, information on consents (e.g. consent to join the waitlist and optional marketing consent), and technical data related to the sign-up (IP address, user-agent) as well as creation/update dates of the entry.

Account and authentication data: if you use login, we process data necessary to create and maintain the account (e.g. user identifier, email address, session data). The Service uses the authentication provider Clerk.

Technical and operational data: IP address, cookie identifiers, device and browser information (e.g. user-agent) and events concerning use of the Service.

Analytical data: if you give consent to analytical cookies, we may process statistical data about usage of the Service (e.g. page views, basic session parameters) using analytics tools (e.g. Google Analytics 4 and Cloudflare Web Analytics — depending on configuration).

Communication data: contents of correspondence if you contact us (e.g. email regarding privacy).

We do not intend to collect and do not require you to provide special categories of data (so-called sensitive data) or data about criminal convictions and offences. Please do not include such data in content submitted for translation unless it is necessary and you have an appropriate legal basis.

4. Sources of data

We collect data directly from you (for example when you sign up to the waitlist, create an account, submit content for translation, or contact us).

Some technical data is collected automatically by IT systems and your browser (for example IP address, cookies, device parameters).

If you use login via an external authentication provider (Clerk), we may receive account/session data from that system to the extent necessary for the login to function.

5. Purposes of processing and legal bases (EU/UK)

If you are located in the EU/EEA or the United Kingdom, legal bases for processing arise in particular from Article 6 of the GDPR / UK GDPR. Below we indicate common purposes and legal bases — actual scope depends on the features you use.

Performance of a contract or steps prior to entering into a contract (Article 6(1)(b) GDPR): delivery of Service functions, including (where available) translation of content and documents, account management and handling tasks related to the service.

Consent (Article 6(1)(a) GDPR): sign-up for newsletters (where offered), analytical cookies and similar technologies (e.g. Google Analytics 4), and other activities for which we request consent. You may withdraw consent at any time (without affecting the lawfulness of processing based on consent prior to its withdrawal).

Legitimate interests (Article 6(1)(f) GDPR): ensuring Service security, preventing abuse (e.g. limiting the number of sign-ups from a single IP within a short period), maintaining and improving the Service, and pursuing or defending legal claims.

Legal obligation (Article 6(1)(c) GDPR): where laws require us to process certain data (e.g. in connection with handling claims, legal requests or requests from authorities).

6. Is providing data mandatory

Providing certain data is necessary to use specific features of the Service.

For example: to sign up to the waitlist you must provide an email address and give the required consent for managing the waitlist. Without these data you will not be able to sign up.

For translations: providing the content to be translated and the chosen settings is necessary to perform the service.

7. Recipients of data and processors

We use trusted service providers (processors) that support operation of the Service. These may include, in particular: Cloudflare (hosting, CDN/infrastructure, Workers/D1/Images services), Clerk (authentication and account management) and analytics tool providers (e.g. Google Analytics 4, Cloudflare Web Analytics — depending on configuration and your consent).

Providers process data under contracts and our documented instructions, to the extent necessary to provide their services.

We may also disclose data to: (a) authorised employees and collaborators of the Controller, (b) advisers (e.g. legal advisers) when necessary, (c) public authorities where required by law.

8. Cookies, similar technologies and analytics

The Service uses cookies and similar technologies for necessary purposes (e.g. maintaining sessions, security, remembering language preferences) and — with your consent — for analytics purposes.

The Service includes a consent banner that allows you to choose cookie categories. Analytical cookies are optional.

Depending on configuration we may use Google Analytics 4 (GA4) with Google Consent Mode v2 and Cloudflare Web Analytics. If you refuse analytical cookies we limit/disable mechanisms that require consent and clear specified analytical cookies (e.g. _ga, _gid).

Details on cookie categories and how to manage consent are set out in the Cookies Policy.

9. International transfers (outside the EU/EEA and UK)

Because of the global nature of cloud services, data may be processed in countries other than your country of residence, including outside the EU/EEA or the United Kingdom.

If we transfer data outside the EU/EEA or the UK, we apply appropriate legal mechanisms such as adequacy decisions or standard contractual clauses (SCCs) and — where necessary — additional safeguards.

You may request information about the transfer safeguards by contacting us.

10. Data retention periods

We keep data for as long as necessary to achieve the purposes described in this Policy, and then delete or anonymise it — unless longer retention is required by law or justified (e.g. for establishing, pursuing or defending legal claims).

Waitlist/newsletter entries: we retain data (e.g. email, consents, technical sign-up parameters) until you unsubscribe/withdraw consent or until the data are no longer needed for the purpose they were collected.

Analytical data: retention periods depend on the analytics tool configuration and your cookie settings; details may also follow providers' policies.

Contents submitted for translation (text/files): generally we process them only as long as necessary to provide the service and ensure its quality, and then delete or anonymise them — in accordance with account settings, plan and security and legal requirements.

11. Data security

We implement technical and organisational measures to protect data (e.g. access controls, restriction of privileges, encryption in transit, infrastructure security mechanisms, monitoring and event logging).

No system can guarantee 100% security. If we determine there has been a personal data breach, we will take actions in accordance with applicable law (including notifications where required).

12. Your rights (EU/EEA and the United Kingdom)

If you are in the EU/EEA or the UK, you have — subject to legal limits — rights including access to data, rectification, erasure (the "right to be forgotten"), restriction of processing, data portability and the right to object to processing based on legitimate interests.

If processing is based on consent, you may withdraw consent at any time (without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal).

If you believe processing violates the law, you have the right to lodge a complaint with a supervisory authority (for example in Bangladesh: the relevant data protection authority, or the appropriate authority in your country).

13. Information for residents of the USA (selected states) - disclosures and rights

Depending on where you live you may have additional rights (e.g. California — CCPA/CPRA; Colorado, Connecticut and other states). Typically these include the right to know categories of data collected and purposes, access to data, deletion, correction, and in some states the right to opt out of "sale"/"sharing" of data or processing for targeted advertising.

We do not sell personal data as defined by typical state privacy laws. If we ever engage in activities that would be considered a "sale" or "sharing" (e.g. for targeted advertising), we will update this Policy and provide the required opt-out mechanisms.

To submit a request about privacy rights (access/delete/correct/opt-out), contact us at: privacy@smarttranslate.ai. We may request information needed to verify the request and prevent abuse.

We do not discriminate against users for exercising their rights.

14. Automated decision-making and profiling

The Service may include automated processes (e.g. automatic translation of text/documents using AI models, selecting settings based on a chosen translation profile).

Such operations generally do not produce legal effects concerning you or similarly significantly affect you. If we implement processes that meet the criteria of Article 22 GDPR (automated decisions with significant effects), we will provide separate information and the required safeguards.

15. Children's data

The Service is not directed at children. If you are a parent or guardian and you suspect a child has provided us with personal data without required consent, please contact us — we will take appropriate action.

16. Changes to the Privacy Policy and contact

We may update the Privacy Policy to reflect changes in the Service, providers or legal requirements. The current version is published on this page together with the date of the last update.

For privacy matters and to exercise rights contact us at: privacy@smarttranslate.ai. For security we may request additional information to verify identity or authority to act on behalf of another person.