Privacy Policy

1. Data controller and contact details

The controller of personal data is the entity operating the SmartTranslate.ai Service (the "Controller", "we").

Important: to comply with information requirements in many jurisdictions (including the EU/UK), the full legal name of the Controller, registered office address, country of registration and — if applicable — registration number and EU/UK representative details should be provided here.

For data protection matters and to exercise data subject rights you can contact us at: privacy@smarttranslate.ai.

2. Scope of the Policy and definitions

The Policy covers processing of personal data in connection with use of the Service (website, dashboard, translation features, blog), including contacting us and any marketing activities (e.g. newsletter) where applicable.

"Personal data" means information about an identified or identifiable natural person (e.g. email address, account identifier, IP address in certain situations).

"Processing" includes, inter alia, collection, recording, storage, use, disclosure and deletion of data.

3. What data we process (categories of data)

Data provided by the user: in particular an email address (e.g. sign-up for waitlist/newsletter), content submitted for translation (text, files) and translation settings and preferences (e.g. selected language variant, translation profile).

Waitlist/newsletter sign-up data: email, language/locale, consent information (e.g. consent for the waitlist and optional marketing consent), as well as technical data related to the sign-up (IP address, user-agent) and creation/update dates.

Account and authentication data: if you use login, we process data necessary to create and maintain the account (e.g. user identifier, email address, session data). The Service uses the authentication provider Clerk.

Technical and operational data: IP address, cookie identifiers, device and browser information (e.g. user-agent) and events related to use of the Service.

Analytical data: if you consent to analytical cookies, we may process statistical data about how you use the Service (e.g. page views, basic session parameters) using analytics tools (e.g. Google Analytics 4 and Cloudflare Web Analytics — depending on configuration).

Communications data: correspondence content if you contact us (e.g. emails about privacy matters).

We do not intend to collect and do not require special categories of data (so-called sensitive data) or data concerning criminal convictions and offences. Please do not send such data in content for translation unless necessary and you have an appropriate legal basis.

4. Sources of data

We collect data directly from you (e.g. when you sign up for the waitlist, create an account, submit content for translation, or contact us).

Some technical data is collected automatically by IT systems and your browser (e.g. IP address, cookies, device parameters).

If you use login via an external authentication provider (Clerk), we may receive account/session data from that system to the extent necessary for login functionality.

5. Purposes of processing and legal bases (EU/UK)

If you are located in the EU/EEA or the United Kingdom, the legal bases for processing arise notably from Article 6 of the GDPR / UK GDPR. Below we list typical purposes and legal bases — the actual scope depends on the features you use.

Performance of a contract or steps prior to entering into a contract (Article 6(1)(b) GDPR): provision of Service functionality, including (where available) translation of content and documents, account management and handling tasks related to the service.

Consent (Article 6(1)(a) GDPR): sign-up for the newsletter (if offered), analytical cookies and similar technologies (e.g. Google Analytics 4), and other activities for which we request consent. You may withdraw consent at any time (without affecting the lawfulness of processing carried out before withdrawal).

Legitimate interests (Article 6(1)(f) GDPR): ensuring Service security, preventing abuse (e.g. rate-limiting sign-ups from a single IP in a short time), maintaining and developing the Service, and establishing or defending claims.

Legal obligation (Article 6(1)(c) GDPR): where laws require us to process specified data (e.g. in relation to handling requests, claims or authority requests).

6. Is providing data mandatory

Providing certain data is necessary to use particular Service features.

For example: to sign up for the waitlist you must provide an email address and give any required consent for waitlist processing. Without this data you cannot sign up.

For translations: providing the content to be translated and selected settings is necessary to fulfil the service.

7. Recipients of data and processors

We use trusted service providers (processors) to support the operation of the Service. These may include, in particular: Cloudflare (hosting, CDN/infrastructure, Workers/D1/Images services), Clerk (authentication and account management) and analytics providers (e.g. Google Analytics 4, Cloudflare Web Analytics — depending on configuration and your consent).

Providers process data under contracts and our documented instructions, to the extent necessary to provide their services.

We may also disclose data to: (a) authorised employees and collaborators of the Controller, (b) advisors (e.g. legal advisors) where necessary, (c) public authorities where required by law.

8. Cookies, similar technologies and analytics

The Service uses cookies and similar technologies for necessary purposes (e.g. session maintenance, security, remembering language preferences) and — with your consent — for analytics.

A consent banner enables selection of cookie categories. Analytical cookies are optional.

Depending on configuration we may use Google Analytics 4 (GA4) with Google Consent Mode v2 and Cloudflare Web Analytics. If you do not consent to the analytics category we restrict/disable mechanisms requiring consent and clear indicated analytical cookies (e.g. _ga, _gid).

Details about cookie categories and managing consent are set out in the Cookie Policy.

9. International transfers (outside the EU/EEA and UK)

Because cloud services operate globally, data may be processed in countries other than your place of residence, including outside the EU/EEA or the United Kingdom.

When we transfer data outside the EU/EEA or the UK we apply appropriate legal safeguards, such as adequacy decisions or standard contractual clauses (SCCs) and — where necessary — additional measures.

You may request information about the safeguards used for transfers by contacting us.

10. Data retention periods

We keep data for as long as required to achieve the purposes described in this Policy, and then delete or anonymise it — unless longer retention is required by law or justified (e.g. to establish, pursue or defend claims).

Waitlist/newsletter records: we retain data (e.g. email, consents, technical sign-up parameters) until you unsubscribe/withdraw consent or until the data is no longer needed for the purpose it was collected.

Analytical data: retention periods depend on the analytics tool configuration and your cookie settings; details may also be set out in providers' policies.

Content submitted for translation (text/files): generally we process it only as long as necessary to perform the service and ensure quality, and then delete or anonymise it — in accordance with account settings, plan and security and legal requirements.

11. Data security

We implement technical and organisational measures to protect data (e.g. access controls, restricting privileges, encrypting transmissions, infrastructure security mechanisms, monitoring and event logging).

No system can guarantee 100% security. If we discover a personal data breach we will take action in line with applicable laws (including notifications where required).

12. Your rights (EU/EEA and United Kingdom)

If you are in the EU/EEA or the UK, you are — subject to law — entitled to rights of access to your data, rectification, erasure (the "right to be forgotten"), restriction of processing, data portability and objection to processing based on legitimate interests.

If processing is based on consent, you may withdraw consent at any time (without affecting the lawfulness of processing carried out before withdrawal).

If you consider that processing violates the law, you have the right to lodge a complaint with a supervisory authority (e.g. in Poland: the President of the Personal Data Protection Office) or the competent authority in your country.

13. Information for U.S. residents (selected states) - disclosures and rights

Depending on your place of residence, you may have additional rights (e.g. California — CCPA/CPRA; Colorado, Connecticut and other states). Generally these include the right to know categories of collected data and purposes, access to data, deletion, correction, and in some states — to opt out of "sale"/"sharing" of data or processing for targeted advertising.

We do not sell personal data as defined by typical state privacy laws. If we ever carry out activities that qualify as "sale" or "sharing" (e.g. for targeted advertising), we will update the Policy and provide required opt-out mechanisms.

To submit a request regarding privacy rights (access/delete/correct/opt-out), contact us at: privacy@smarttranslate.ai. We may request information necessary to verify the request and prevent abuse.

We will not discriminate against users for exercising their privacy rights.

14. Automated decision-making and profiling

The Service may involve automated processes (e.g. automatic translation of text/documents using AI models, selection of settings based on the chosen translation profile).

Such operations generally do not have legal effects on you or otherwise significantly affect you. If we implement processes that meet the conditions of Article 22 GDPR (automated decisions with significant effects), we will provide separate information and required safeguards.

15. Children's data

The Service is not directed at children. If you are a parent/guardian and suspect a child has provided us with personal data without the required consent, contact us and we will take appropriate steps.

16. Changes to the Privacy Policy and contact

We may update the Privacy Policy to reflect changes in the Service, providers or legal requirements. The current version is published on this page together with the date of the last update.

For privacy matters and to exercise your rights contact us at: privacy@smarttranslate.ai. For security reasons we may request additional information to verify identity or authority to act on behalf of another person.