Privacy Policy

1. Data controller and contact details

The controller of personal data is the entity operating the SmartTranslate.ai "Service" (the "Controller", "we").

Important: to meet information requirements in many jurisdictions (including the EU/UK), you should provide the Controller's full legal name, registered address, country of registration and — if applicable — registration number and the details of any representative in the EU/UK.

For matters related to data protection and exercising data subject rights, you can contact us at: privacy@smarttranslate.ai.

2. Scope of the Policy and definitions

This Policy covers the processing of personal data in connection with use of the Service (website, dashboard, translation features, blog), including contacting us and any marketing activities (e.g., newsletter) if offered.

"Personal data" means information about an identified or identifiable natural person (e.g., email address, account identifier, IP address in certain situations).

"Processing" includes, among other things, collection, recording, storage, use, disclosure and deletion of data.

3. What data we process (categories of data)

Data you provide: in particular email address (e.g., signing up for a waitlist/newsletter), content submitted for translation (text, files) and translation settings and preferences (e.g., selected language variant, translation profile).

Waitlist/newsletter sign-up data: email, language/locale, consent details (e.g., consent for the waitlist and optional marketing consent), as well as technical data related to the sign-up (IP address, user-agent) and creation/update timestamps.

Account and authentication data: if you use an account, we process data necessary to create and maintain the account (e.g., user identifier, email address, session data). The Service uses the authentication provider Clerk.

Technical and operational data: IP address, cookie identifiers, device and browser information (e.g., user-agent) and events related to use of the Service.

Analytics data: if you consent to analytics cookies, we may process statistical data about how the Service is used (e.g., page views, basic session parameters) using analytics tools (e.g., Google Analytics 4 and Cloudflare Web Analytics — depending on configuration).

Communications data: contents of correspondence if you contact us (e.g., emails about privacy).

We do not intend to collect and do not require any special categories of personal data (so-called sensitive data) or data about criminal convictions and offenses. Please do not submit such data in content for translation unless it is necessary and you have a proper legal basis.

4. Sources of data

We collect data directly from you (e.g., when you sign up for a waitlist, create an account, submit content for translation, or contact us).

Some technical data is collected automatically by IT systems and your browser (e.g., IP address, cookies, device parameters).

If you use authentication via an external provider (Clerk), we may receive account/session data from that system to the extent necessary for login functionality.

5. Purposes of processing and legal bases (EU/UK)

If you are located in the EU/EEA or the United Kingdom, the legal bases for processing arise in particular from Article 6 of the GDPR / UK GDPR. Below we indicate typical purposes and legal bases — the actual scope depends on the features you use.

Performance of a contract or steps prior to entering a contract (Art. 6(1)(b) GDPR): providing the Service functions, including (where available) translation of content and documents, managing user accounts, and handling tasks related to the service.

Consent (Art. 6(1)(a) GDPR): signing up for a newsletter (if offered), analytics cookies and similar technologies (e.g., Google Analytics 4), and other activities for which we ask for consent. You can withdraw consent at any time (without affecting the lawfulness of processing carried out before withdrawal).

Legitimate interests (Art. 6(1)(f) GDPR): ensuring the security of the Service, preventing abuse (e.g., rate-limiting sign-ups from a single IP), maintaining and developing the Service, and pursuing or defending claims.

Legal obligation (Art. 6(1)(c) GDPR): where laws require us to process certain data (e.g., in connection with handling requests, claims or public authority demands).

6. Is providing data mandatory

Providing some data is necessary to use certain Service features.

For example: to join a waitlist you must provide an email address and give any required consent for waitlist processing. Without this data, you cannot sign up.

For translations: providing content to be translated and selected settings is necessary to perform the service.

7. Recipients of data and processors

We use trusted service providers (processors) that support the operation of the Service. These may include: Cloudflare (hosting, CDN/infrastructure, Workers/D1/Images services), Clerk (authentication and account management) and analytics providers (e.g., Google Analytics 4, Cloudflare Web Analytics — depending on configuration and your consent).

Providers process data under contracts and our documented instructions, to the extent necessary to deliver their services.

We may also disclose data to: (a) authorised employees and collaborators of the Controller, (b) advisors (e.g., legal advisors) when necessary, (c) public authorities when required by law.

8. Cookies, similar technologies and analytics

The Service uses cookies and similar technologies for necessary purposes (e.g., session maintenance, security, remembering language preferences) and — with your consent — for analytics.

The Service includes a consent banner that lets you choose cookie categories. Analytics cookies are optional.

Depending on configuration we may use Google Analytics 4 (GA4) with Google Consent Mode v2 and Cloudflare Web Analytics. If you decline the analytics category, we limit/disable mechanisms that require consent and clear indicated analytics cookies (e.g., _ga, _gid).

Details about cookie categories and how to manage consent are available in the Cookie Policy.

9. International transfers (outside the EU/EEA and UK)

Due to the global nature of cloud services, data may be processed in countries other than your country of residence, including outside the EU/EEA or the United Kingdom.

When we transfer data outside the EU/EEA or UK, we use appropriate legal mechanisms such as adequacy decisions or standard contractual clauses (SCCs) and — where necessary — additional safeguards.

You can request information about the transfer safeguards we use by contacting us.

10. Data retention periods

We retain data for as long as necessary to fulfil the purposes described in this Policy, after which we delete or anonymise it — unless longer retention is required by law or justified (e.g., for establishing, pursuing or defending legal claims).

Waitlist/newsletter records: we keep data (e.g., email, consents, technical sign-up parameters) until you unsubscribe/withdraw consent or until the data is no longer needed for the purpose it was collected.

Analytics data: retention periods depend on analytics tool configuration and your cookie settings; details may also be set by provider policies.

Content submitted for translation (text/files): generally we process it only as long as needed to provide the service and ensure its quality, then delete or anonymise it — in line with account settings, plan terms and security or legal requirements.

11. Data security

We apply technical and organizational measures to protect data (e.g., access controls, privilege limitation, encryption of transmissions, infrastructure security mechanisms, monitoring and event logging).

No system can guarantee 100% security. If we detect a data breach, we will take action in accordance with applicable law (including, where relevant, notifications).

12. Your rights (EU/EEA and the United Kingdom)

If you are in the EU/EEA or UK, you have the rights — subject to legal limits — to access your data, rectify it, erase it (the "right to be forgotten"), restrict processing, data portability and to object to processing based on legitimate interests.

If processing is based on consent, you may withdraw consent at any time (without affecting the lawfulness of processing performed before withdrawal).

If you believe processing violates the law, you have the right to lodge a complaint with a supervisory authority (e.g., in Poland: the President of the Personal Data Protection Office) or the competent authority in your country.

13. Information for US residents (selected states) — disclosures and rights

Depending on where you live, you may have additional rights (e.g., California — CCPA/CPRA; Colorado, Connecticut and other states). Generally these include the right to know categories of data collected and purposes, access to data, deletion, correction, and in some states the right to opt out of "sale"/"sharing" or targeted advertising.

We do not sell personal data as defined by typical state privacy laws. If we ever engage in activities that qualify as "sale" or "sharing" (e.g., for targeted advertising), we will update this Policy and provide required opt-out mechanisms.

To submit a request regarding privacy rights (access/delete/correct/opt-out), contact us at: privacy@smarttranslate.ai. We may ask for information necessary to verify the request and protect against misuse.

We do not discriminate against users for exercising their rights.

14. Automated decision-making and profiling

The Service may include automated processes (e.g., automatic translation of text/documents using AI models, selection of settings based on chosen translation profile).

Such operations generally do not produce legal effects concerning you nor similarly significantly affect you. If we implement processes that meet the criteria of Article 22 GDPR (automated decisions with significant effects), we will provide separate information and required safeguards.

15. Children’s data

The Service is not intended for children. If you are a parent/guardian and suspect a child has provided us with personal data without required consent, contact us and we will take appropriate action.

16. Changes to the Privacy Policy and contact

We may update the Privacy Policy to reflect changes in the Service, providers or legal requirements. The current version is published on this page together with the date of last update.

For privacy matters and to exercise your rights, contact us at: privacy@smarttranslate.ai. For security we may ask for additional information to verify identity or authority to act on someone else’s behalf.