Privacy Policy
This Privacy Policy explains what personal data we process, for what purposes, on what legal bases, and what rights are available to users of SmartTranslate.ai (the "Service"). This document is prepared in line with the transparency requirements arising in particular from the GDPR (EU) and UK GDPR, and includes additional disclosures used in selected jurisdictions (e.g. the USA).
Last updated: 26/02/2026
1. Data controller and contact details
The controller of personal data is the entity operating the SmartTranslate.ai Service (the "Controller", "we").
Important: to meet the information requirements of many jurisdictions (including the EU/UK), you must include the Controller's full legal name, registered office address, country of registration and, where applicable, registration number and details of the EU/UK representative here.
For data protection matters and to exercise the rights of data subjects, you can contact us at: privacy@smarttranslate.ai.
2. Scope of the Policy and definitions
This Policy applies to the processing of personal data in connection with the use of the Service (website, dashboard, translation features, blog), including contacting us and marketing activities (e.g. a newsletter) - if they are carried out.
"Personal data" means information relating to an identified or identifiable natural person (e.g. email address, account identifier, IP address in certain situations).
"Processing" includes, among other things, collecting, recording, storing, using, sharing and deleting data.
3. What data we process (data categories)
Data provided by the user: in particular email address (e.g. queue/newsletter sign-up), content submitted for translation (text, files), and translation settings and preferences (e.g. selected language variant, translation profile).
Queue/newsletter sign-up data: email, language/locale, consent information (e.g. consent to join the queue and optional marketing consent), as well as technical data related to the sign-up (IP address, user agent) and the dates of creation/update of the entry.
Account and authentication data: if you use sign-in, we process the data needed to create and maintain the account (e.g. user identifier, email address, session data). The Service uses the Clerk authentication provider.
Technical and operational data: IP address, cookie identifiers, device and browser information (e.g. user agent), and events relating to the use of the Service.
Analytical data: if you consent to analytics cookies, we may process statistical data about how the Service is used (e.g. page views, basic session parameters) using analytics tools (e.g. Google Analytics 4 and Cloudflare Web Analytics - depending on the configuration).
Communications data: the content of correspondence if you contact us (e.g. by email regarding privacy matters).
We do not intend to obtain, and do not require from you, special categories of data (so-called sensitive data) or data relating to criminal convictions and offences. Please do not send such data in translation content unless it is necessary and you have an appropriate legal basis.
4. Sources of data
We collect data directly from you (e.g. when you sign up for the queue, create an account, submit content for translation, or contact us).
Some technical data is collected automatically by IT systems and the browser (e.g. IP address, cookies, device parameters).
If you use sign-in via an external authentication provider (Clerk), we may also receive account/session data from that system to the extent necessary for sign-in to work.
5. Purposes of processing and legal bases (EU/UK)
If you are located in the EU/EEA or the United Kingdom, the legal bases for processing arise in particular from Article 6 of the GDPR / UK GDPR. Below we set out the typical purposes and legal bases - the actual scope depends on the features you use.
Performance of a contract or steps taken at your request prior to entering into a contract (Article 6(1)(b) GDPR): providing the Service's features, including (where available) translation of content and documents, maintaining a user account, and handling service-related tasks.
Consent (Article 6(1)(a) GDPR): newsletter sign-up (if offered), analytics cookies and similar technologies (e.g. Google Analytics 4), and other activities for which we ask for consent. You may withdraw your consent at any time (without affecting the lawfulness of processing before withdrawal).
Legitimate interests (Article 6(1)(f) GDPR): ensuring the security of the Service, preventing abuse (e.g. limiting the number of sign-ups from a single IP in a short period), maintaining and developing the Service, and establishing or defending legal claims.
Legal obligation (Article 6(1)(c) GDPR): where applicable laws require us to process certain data (e.g. in connection with handling reports, claims or requests from authorities).
6. Whether providing data is mandatory
Providing some data is necessary to use certain features of the Service.
For example: to join the queue, you must provide an email address and give the required consent related to the waiting list. Without this data, sign-up will not be possible.
For translations: providing the content to be translated and the selected settings is necessary to perform the service.
7. Recipients of data and processors
We use trusted service providers (processors) who support the operation of the Service. These may include in particular: Cloudflare (hosting, CDN/infrastructure, Workers/D1/Images services), Clerk (authentication and account management), and analytics tool providers (e.g. Google Analytics 4, Cloudflare Web Analytics - depending on configuration and your consent).
The providers process data on the basis of agreements and our documented instructions, to the extent necessary to provide the services.
We may also disclose data to: (a) authorised employees and contractors of the Controller, (b) advisers (e.g. legal advisers) where necessary, and (c) public authorities where required by law.
8. Cookies, similar technologies and analytics
The Service uses cookies and similar technologies for essential purposes (e.g. maintaining a session, security, remembering language preferences) and - with your consent - for analytics purposes.
The Service includes a consent banner that lets you choose cookie categories. Analytics cookies are optional.
Depending on the configuration, we may use Google Analytics 4 (GA4) with Google Consent Mode v2 and Cloudflare Web Analytics. If consent to the analytics category is not given, we restrict/disable mechanisms that require consent and clear the specified analytics cookies (e.g. _ga, _gid).
Details about cookie categories and how to manage consent are set out in the Cookie Policy.
9. International transfers (outside the EU/EEA and UK)
Because cloud services are global in nature, data may be processed in countries other than where you live, including outside the EU/EEA or the United Kingdom.
If we transfer data outside the EU/EEA or UK, we use appropriate legal mechanisms, such as adequacy decisions or standard contractual clauses (SCCs) and - where necessary - additional safeguards.
You can ask for information about the transfer safeguards used by contacting us.
10. Data retention periods
We keep data for as long as necessary to fulfil the purposes described in this Policy, and then delete or anonymise it - unless longer retention is required by law or justified (e.g. for establishing, pursuing or defending claims).
Queue/newsletter sign-ups: we retain data (e.g. email, consents, technical sign-up parameters) until you unsubscribe/withdraw consent or until the data is no longer needed for the purpose for which it was collected.
Analytical data: retention periods depend on the configuration of the analytics tool and your cookie settings; details may also arise from the providers' policies.
Translation content (text/files): as a rule, we process it for as long as necessary to provide the service and ensure its quality, and then delete or anonymise it - in line with account settings, plan settings, and security and legal requirements.
11. Data security
We apply technical and organisational measures designed to protect data (e.g. access control, limiting permissions, transmission encryption, infrastructure security mechanisms, monitoring and event logging).
No system can guarantee 100% security. If we identify a personal data breach, we will take action in line with applicable law (including - where relevant - notifications).
12. Your rights (EU/EEA and United Kingdom)
If you are located in the EU/EEA or UK, you are entitled - within the limits of the law - to the rights of access, rectification, erasure ("the right to be forgotten"), restriction of processing, data portability and objection to processing based on legitimate interests.
If processing is based on consent, you may withdraw your consent at any time (without affecting the lawfulness of processing before withdrawal).
If you believe that processing breaches the law, you have the right to lodge a complaint with a supervisory authority (e.g. in Poland: the President of the Personal Data Protection Office) or the competent authority in your country.
13. Information for residents of the USA (selected states) - disclosures and rights
Depending on where you live, you may have additional rights (e.g. California - CCPA/CPRA; Colorado, Connecticut and other states). As a rule, these include the right to know the categories of data collected and the purposes, access data, delete data, correct data, and in some states - object to the "sale"/"sharing" of data or processing for targeted advertising.
We do not sell personal data within the meaning of typical state privacy laws. If we ever begin activities that qualify as "sale" or "sharing" (e.g. for targeted advertising), we will update the Policy and provide the required opt-out mechanisms.
To submit a privacy rights request (access/delete/correct/opt-out), contact us at: privacy@smarttranslate.ai. We may ask for information necessary to verify the request and protect against abuse.
We do not discriminate against users for exercising their rights.
14. Automated decision-making and profiling
The Service may involve automated processes (e.g. automatic translation of text/documents using AI models, selection of settings based on the chosen translation profile).
As a rule, such operations do not produce legal effects concerning you or similarly significantly affect you. If we implement processes that meet the criteria of Article 22 GDPR (automated decisions with a significant impact), we will provide separate information and the required safeguards.
15. Children's data
The Service is not intended for children. If you are a parent/guardian and suspect that a child has provided us with personal data without the required consent, please contact us - we will take appropriate action.
16. Changes to the Privacy Policy and contact
We may update this Privacy Policy to reflect changes in the Service, providers or legal requirements. The current version is published on this page together with the last updated date.
For privacy matters and to exercise your rights, contact us at: privacy@smarttranslate.ai. For security reasons, we may ask for additional information to verify identity or authority to act on behalf of another person.
Privacy contact
privacy@smarttranslate.ai