Privacy Policy

Placeholder Document This Privacy Policy document contains placeholder content that needs to be replaced with legally-reviewed text before production use. GDPR and CCPA compliance required.

Data Collection & Use

1. Data Controller

Who is responsible for your data: [Company name, address, contact]

2. What Data We Collect

Account information: Email, name, password hash
Usage logs: Login times, feature usage, error reports
Uploaded documents: Source files for translation
Translations: Target text, Translation Memory entries
Terminology: Termbases and glossaries you create

3. How We Use Data

Providing the translation service
Improving service quality and features
Technical support and troubleshooting
Usage analytics (aggregated, anonymized)

4. Legal Basis (GDPR) GDPR

Contract performance: Processing necessary to provide the service
Legitimate interest: Security, fraud prevention, service improvement
Consent: Marketing communications (opt-in only)

Data Sharing & Third Parties

5. Data Sharing

We do not sell your data
MT providers receive document text for translation only
Data shared only as required by law

6. Third-Party Services

When you use Machine Translation features, document text is sent to:

Google Cloud Translation API
OpenAI API (GPT models)
DeepL API
Google Gemini API

Each provider has their own privacy policy and data handling practices.

7. BYOK Disclosure

If you use your own API keys (Bring Your Own Key), your data handling with those providers is governed by your agreements with them, not ours.

Your Rights

8. Data Retention

Active account: Data retained while account is active
Deleted account: Data deleted within 30 days
Backups: Purged within 90 days

9. User Rights (GDPR) GDPR

Access: Request a copy of your data
Rectification: Correct inaccurate data
Erasure: Request deletion ("right to be forgotten")
Portability: Export your data in machine-readable format
Objection: Object to certain processing
Restriction: Limit how we use your data

To exercise these rights, contact: [privacy@example.com]

10. Cookies & Tracking

Session cookies: Required for authentication (essential)
Preference cookies: Remember your settings
Analytics: [Describe if any, e.g., none / anonymized / opt-in]

Security & Compliance

11. Data Security

Encryption in transit (HTTPS/TLS)
Encryption at rest (database encryption)
Access controls and authentication
Regular security audits
Incident response procedures

12. International Transfers

Data may be processed in: [List countries/regions]. We ensure appropriate safeguards (Standard Contractual Clauses, adequacy decisions) for international transfers.

13. Children's Privacy

This service is not intended for users under 16 years of age. We do not knowingly collect data from children.

14. Changes to Policy

We will notify you of material changes via email and/or in-app notification at least 30 days before changes take effect.

15. Contact for Privacy

Data Protection Officer (if applicable): [Contact]
Privacy inquiries: [privacy@example.com]