Privacy Policy

1. Data controller and contact details

The data controller of personal data is the entity operating the SmartTranslate.ai Service (the "Controller", "we").

Important: to satisfy information requirements in many jurisdictions (including the EU/UK), the Controller's full legal name, registered office address, country of registration and — where applicable — registration number and representative in the EU/UK should be provided here.

For matters related to data protection and the exercise of data subject rights you can contact us at: privacy@smarttranslate.ai.

2. Scope of the Policy and definitions

This Policy covers the processing of personal data in connection with the use of the Service (website, dashboard, translation features, blog), including contacting us and marketing activities (e.g. newsletter) where offered.

"Personal data" means information about an identified or identifiable natural person (e.g. email address, account identifier, IP address in certain circumstances).

"Processing" includes, among other things, collection, recording, storage, use, disclosure and deletion of data.

3. What data we process (categories of data)

Data provided by users: in particular email address (e.g. signing up for a waiting list/newsletter), content submitted for translation (text, files) and translation settings and preferences (e.g. chosen language variant, translation profile).

Waiting list/newsletter subscription data: email, language/locale, consent information (e.g. consent for the waiting list and optional marketing consent), as well as technical data related to the subscription (IP address, user-agent) and timestamps for creation/update of the entry.

Account and authentication data: if you use login, we process data necessary to create and maintain an account (e.g. user identifier, email address, session data). The Service uses the authentication provider Clerk.

Technical and operational data: IP address, cookie identifiers, device and browser information (e.g. user-agent) and events related to use of the Service.

Analytical data: if you consent to analytics cookies, we may process statistical data about how you use the Service (e.g. page views, basic session metrics) using analytics tools (e.g. Google Analytics 4 and Cloudflare Web Analytics – depending on configuration).

Communications data: the content of correspondence if you contact us (e.g. an email regarding privacy).

We do not intend to collect and do not require you to provide special categories of data (so-called sensitive data) or data about criminal convictions and offences. Please do not submit such data in content for translation unless it is strictly necessary and you have an appropriate legal basis.

4. Sources of data

We collect data directly from you (e.g. when you join the waiting list, create an account, submit content for translation, or contact us).

Some technical data are collected automatically by IT systems and your browser (e.g. IP address, cookies, device parameters).

If you use third-party authentication (Clerk), we may also receive account/session data from that system to the extent necessary for login functionality.

5. Purposes of processing and legal bases (EU/UK)

If you are located in the EU/EEA or the United Kingdom, the legal bases for processing include, in particular, Article 6 of the GDPR/UK GDPR. Below we indicate typical purposes and legal bases — the actual scope depends on the features you use.

Performance of a contract or steps prior to entering into a contract (Art. 6(1)(b) GDPR): provision of Service functions, including (where available) translation of content and documents, management of user accounts, and handling tasks related to the service.

Consent (Art. 6(1)(a) GDPR): subscribing to a newsletter (if offered), analytics cookies and similar technologies (e.g. Google Analytics 4), and other activities for which we request consent. You may withdraw consent at any time (without affecting the lawfulness of processing carried out before withdrawal).

Legitimate interests (Art. 6(1)(f) GDPR): ensuring Service security, preventing abuse (e.g. limiting the number of sign-ups from a single IP in a short time), maintaining and developing the Service, and pursuing or defending claims.

Legal obligation (Art. 6(1)(c) GDPR): where laws require us to process certain data (e.g. in connection with handling reports, claims or requests from authorities).

6. Is providing data mandatory

Providing certain data is necessary to use specific features of the Service.

For example: to join the waiting list you must provide an email address and give the required consent for managing the waiting list. Without this data you cannot be added to the list.

For translations: providing the content to be translated and selected settings is necessary to perform the service.

7. Recipients of data and processors

We use trusted service providers (processors) that support operation of the Service. These may include, in particular: Cloudflare (hosting, CDN/infrastructure, Workers/D1/Images services), Clerk (authentication and account management), and providers of analytics tools (e.g. Google Analytics 4, Cloudflare Web Analytics — depending on configuration and your consent).

Providers process data on the basis of contracts and our documented instructions, to the extent necessary to deliver their services.

We may also disclose data to: (a) authorised employees and collaborators of the Controller, (b) advisors (e.g. legal advisors) where necessary, (c) public authorities where required by law.

8. Cookies, similar technologies and analytics

The Service uses cookies and similar technologies for necessary purposes (e.g. session maintenance, security, remembering language preferences) and — with your consent — for analytics.

A consent banner is available in the Service allowing you to choose cookie categories. Analytics cookies are optional.

Depending on configuration we may use Google Analytics 4 (GA4) with Google Consent Mode v2 and Cloudflare Web Analytics. If you do not consent to the analytics category we limit/disable mechanisms that require consent and remove related analytics cookies (e.g. _ga, _gid).

Details about cookie categories and how to manage consent are provided in the Cookie Policy.

9. International transfers (outside the EU/EEA and the UK)

Due to the global nature of cloud services, data may be processed in countries other than your country of residence, including outside the EU/EEA or the United Kingdom.

Where we transfer data outside the EU/EEA or UK, we apply appropriate legal mechanisms such as adequacy decisions or Standard Contractual Clauses (SCCs) and, where necessary, additional safeguards.

You may request information about the safeguards used for transfers by contacting us.

10. Data retention periods

We retain data for as long as necessary to achieve the purposes described in this Policy, then delete or anonymise it — unless longer retention is required by law or justified (e.g. for establishing, pursuing or defending claims).

Waiting list/newsletter subscriptions: we retain subscription data (e.g. email, consents, technical subscription parameters) until you unsubscribe/withdraw consent or until the data are no longer needed for the purpose for which they were collected.

Analytical data: retention periods depend on the configuration of the analytics tool and your cookie settings; details may also be provided in the providers' policies.

Content submitted for translation (text/files): as a rule we process such content only for as long as necessary to perform the service and ensure quality, then delete or anonymise it — in accordance with account settings, plan, and security and legal requirements.

11. Data security

We apply technical and organisational measures to protect data (e.g. access control, privilege limitation, encryption of transmission, infrastructure security mechanisms, monitoring and event logging).

No system can guarantee 100% security. If we detect a personal data breach, we will take steps in accordance with applicable laws (including, where relevant, notifications).

12. Your rights (EU/EEA and the United Kingdom)

If you are located in the EU/EEA or the UK, you have, subject to law, rights including: access to data, rectification, erasure (the "right to be forgotten"), restriction of processing, data portability, and objection to processing based on legitimate interests.

Where processing is based on consent, you may withdraw consent at any time (without affecting the lawfulness of processing carried out before withdrawal).

If you believe processing violates the law, you have the right to lodge a complaint with a supervisory authority (e.g. in Poland: the President of the Personal Data Protection Office) or the relevant authority in your country.

13. Information for residents of the USA (selected states) - disclosures and rights

Depending on your place of residence you may have additional rights (e.g. California — CCPA/CPRA; Colorado, Connecticut and other states). Generally these include the right to know categories of data collected and purposes, access to data, deletion, correction, and in some states the right to opt out of "sale"/"sharing" of data or processing for targeted advertising.

We do not sell personal data as defined by typical state privacy laws. If we ever engage in activities that would constitute a "sale" or "sharing" (e.g. for targeted advertising), we will update the Policy and provide required opt-out mechanisms.

To submit a request regarding privacy rights (access/delete/correct/opt-out), contact us at: privacy@smarttranslate.ai. We may ask for information necessary to verify the request and to protect against abuse.

We do not discriminate against users for exercising their rights.

14. Automated decision-making and profiling

The Service may include automated processes (e.g. automatic translation of text/documents using AI models, selection of settings based on a chosen translation profile).

Such operations generally do not produce legal effects concerning you or similarly significantly affect you. If we implement processes that meet the thresholds of Article 22 GDPR (automated decisions with significant effects), we will provide separate information and required safeguards.

15. Children's data

The Service is not directed at children. If you are a parent/guardian and suspect a child has provided us with personal data without required consent, please contact us — we will take appropriate action.

16. Changes to the Privacy Policy and contact

We may update the Privacy Policy to reflect changes to the Service, providers or legal requirements. The current version is published on this page together with the date of last update.

For privacy matters and to exercise your rights contact us at: privacy@smarttranslate.ai. For security we may request additional information to verify identity or authority to act on behalf of another person.