Privacy Policy

1. Data controller and contact details

The data controller of personal data is the entity operating the SmartTranslate.ai Service (the "Controller", "we").

Important: to comply with information requirements in many jurisdictions (including the EU/UK), the full legal name of the Controller, registered office address, country of registration and — if applicable — registration number and a representative in the EU/UK should be provided here.

For matters related to data protection and exercising data subject rights you may contact us at: privacy@smarttranslate.ai.

2. Scope of the Policy and definitions

This Policy covers the processing of personal data in connection with use of the Service (website, dashboard, translation features, blog), including contacting us and any marketing activities (e.g. newsletter) where applicable.

"Personal data" means information about an identified or identifiable natural person (e.g. email address, account identifier, IP address in certain situations).

"Processing" includes, among other things, collecting, recording, storing, using, disclosing and deleting data.

3. What data we process (categories of data)

Data provided by the user: in particular an email address (e.g. signing up for the waitlist/newsletter), content submitted for translation (text, files) and translation settings and preferences (e.g. selected language variant, translation profile).

Waitlist/newsletter sign-up data: email, language/locale, consent information (e.g. consent for the waitlist and optional marketing consent), and technical data related to the sign-up (IP address, user agent) as well as creation/update timestamps.

Account and authentication data: if you use sign-in, we process information needed to create and maintain an account (e.g. user identifier, email address, session data). The Service uses the authentication provider Clerk.

Technical and operational data: IP address, cookie identifiers, device and browser information (e.g. user agent) and events related to Service usage.

Analytical data: if you consent to analytical cookies, we may process statistical information about use of the Service (e.g. page views, basic session metrics) using analytics tools (e.g. Google Analytics 4 and Cloudflare Web Analytics — depending on configuration).

Communications data: the content of correspondence if you contact us (e.g. emails regarding privacy).

We do not intend to collect and do not require special categories of data (so-called sensitive data) or data about criminal convictions and offences. Please do not include such data in content submitted for translation unless strictly necessary and you have an appropriate legal basis.

4. Sources of data

We collect data directly from you (for example when you join the waitlist, create an account, submit content for translation, or contact us).

Some technical data is collected automatically by IT systems and the browser (e.g. IP address, cookies, device parameters).

If you sign in using an external authentication provider (Clerk), we may receive account/session data from that system insofar as required for sign-in.

5. Purposes of processing and legal bases (EU/UK)

If you are located in the EU/EEA or the United Kingdom, the legal bases for processing arise in particular from Article 6 of the GDPR / UK GDPR. Below we set out typical purposes and legal bases — the actual scope depends on the features you use.

Performance of a contract or steps prior to entering into a contract (Art. 6(1)(b) GDPR): provision of Service functions, including (where available) translation of content and documents, account management, and handling service-related tasks.

Consent (Art. 6(1)(a) GDPR): signing up for a newsletter (if offered), analytical cookies and similar technologies (e.g. Google Analytics 4), and other activities where we request consent. You may withdraw consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal).

Legitimate interests (Art. 6(1)(f) GDPR): ensuring the security of the Service, preventing abuse (e.g. limiting the number of sign-ups from a single IP in a short period), maintaining and developing the Service, and pursuing or defending legal claims.

Legal obligation (Art. 6(1)(c) GDPR): where law requires us to process certain data (e.g. in connection with handling claims, legal requests or inquiries from public authorities).

6. Is providing data mandatory

Providing some data is necessary to use certain Service features.

For example: to join the waitlist you must provide an email address and give the required consent related to managing the waitlist. Without this data you cannot sign up.

For translations: submitting content to be translated and selected settings is necessary to perform the service.

7. Recipients of data and processors

We use trusted service providers (processors) that support the Service. These may include: Cloudflare (hosting, CDN/infrastructure, Workers/D1/Images services), Clerk (authentication and account management) and analytics tool providers (e.g. Google Analytics 4, Cloudflare Web Analytics — depending on configuration and your consent).

Providers process data under contracts and our documented instructions, to the extent necessary to provide their services.

We may also disclose data to: (a) authorised employees and collaborators of the Controller, (b) advisers (e.g. legal advisers) where necessary, (c) public authorities where required by law.

8. Cookies, similar technologies and analytics

The Service uses cookies and similar technologies for necessary purposes (e.g. session maintenance, security, remembering language preferences) and — with your consent — for analytical purposes.

A consent banner operates in the Service allowing selection of cookie categories. Analytical cookies are optional.

Depending on configuration we may use Google Analytics 4 (GA4) with Google Consent Mode v2 and Cloudflare Web Analytics. If you refuse the analytics category we limit/disable mechanisms that require consent and clear specified analytical cookies (e.g. _ga, _gid).

Details about cookie categories and how to manage consent are set out in the Cookies Policy.

9. International transfers (outside the EU/EEA and UK)

Because cloud services are global, data may be processed in countries other than your country of residence, including outside the EU/EEA or the United Kingdom.

Where we transfer data outside the EU/EEA or UK, we apply appropriate legal mechanisms such as adequacy decisions or Standard Contractual Clauses (SCCs) and — where necessary — additional safeguards.

You may request information about the safeguards applied to transfers by contacting us.

10. Data retention periods

We retain data for as long as necessary to achieve the purposes set out in this Policy, and thereafter delete or anonymise it — unless longer retention is required by law or justified (e.g. to establish, pursue or defend legal claims).

Waitlist/newsletter records: we retain data (e.g. email, consents, technical sign-up parameters) until you unsubscribe/withdraw consent or until the data is no longer necessary for the purpose for which it was collected.

Analytical data: retention periods depend on the analytics tool configuration and your cookie settings; details may also be provided in providers' policies.

Content submitted for translation (text/files): as a rule we process such content only as long as necessary to provide the service and ensure quality, then delete or anonymise it — in accordance with account settings, plan and security and legal requirements.

11. Data security

We apply technical and organisational measures to protect data (e.g. access controls, limitation of privileges, encryption of transmissions, infrastructure security mechanisms, monitoring and event logging).

No system can guarantee 100% security. If we identify a personal data breach we will act in accordance with applicable law (including notifications where required).

12. Your rights (EU/EEA and the United Kingdom)

If you are in the EU/EEA or UK, you have — subject to legal limits — rights of access, rectification, erasure (the "right to be forgotten"), restriction of processing, data portability and objection to processing based on legitimate interests.

If processing is based on consent, you may withdraw consent at any time (without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal).

If you believe processing breaches the law, you have the right to lodge a complaint with a supervisory authority (e.g. in Poland: the President of the Personal Data Protection Office) or the competent authority in your country.

13. Information for residents of the USA (selected states) - disclosures and rights

Depending on where you live, additional rights may apply (e.g. California — CCPA/CPRA; Colorado, Connecticut and other states). Generally these include the right to know categories of collected data and purposes, access to data, deletion, correction, and in some states the right to opt out of "sale"/"sharing" of data or processing for targeted advertising.

We do not sell personal data as defined by typical state privacy laws. If we ever engage in activities that qualify as "sale" or "sharing" (for example for targeted advertising), we will update the Policy and provide required opt-out mechanisms.

To submit a request regarding privacy rights (access/delete/correct/opt-out), contact us at: privacy@smarttranslate.ai. We may request information necessary to verify the request and protect against abuse.

We will not discriminate against users for exercising their rights.

14. Automated decision-making and profiling

The Service may include automated processes (for example automatic translation of text/documents using AI models, selection of settings based on a chosen translation profile).

Such operations generally do not produce legal effects concerning you nor do they significantly affect you in a similar way. If we implement processes that meet the criteria of Article 22 GDPR (automated decisions with significant effects), we will provide separate information and the required safeguards.

15. Children’s data

The Service is not intended for children. If you are a parent/guardian and suspect a child has provided us with personal data without required consent, please contact us and we will take appropriate steps.

16. Changes to the Privacy Policy and contact

We may update the Privacy Policy to reflect changes to the Service, providers or legal requirements. The current version is published on this page with the date of the last update.

For privacy matters and to exercise rights contact us at: privacy@smarttranslate.ai. For security reasons we may request additional information to verify identity or authority to act on behalf of another person.