Skip to main content
Polyglot CloudPolyglot Cloud

Privacy Policy

Last updated: May 12, 2026

Elevio Solutions ("we," "us," "our"), operating as Polyglot Translate Cloud ("Polyglot Cloud," "the Platform"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at polyglot-translate.cloud, our WordPress plugin (Polyglot Translate), our cloud API, and related services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Services.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Password (stored securely using bcrypt hashing — we never store plaintext passwords)
  • Account preferences (language, notification settings)

1.2 Translation Data

When you use our translation services, we process:

  • Source text — the text you submit for translation
  • Translated text — the output produced by our translation engines
  • Translation Memory entries — source-target pairs stored to improve future translations and reduce costs
  • Feedback data — your accept/reject/edit actions on translations, used to improve quality

Important: Translation Memory stores source-target text pairs. We do NOT use your source content to train our AI models. TM entries are used solely for translation lookup, quality scoring, and cost reduction.

1.3 Usage Data

We automatically collect:

  • IP address (truncated/anonymized where possible)
  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Referring URL
  • API usage metrics (requests, credits consumed, languages used)
  • Device identifiers

1.4 Payment Information

All payments are processed by Lemon Squeezy (Lemon Squeezy, LLC), our Merchant of Record. We do NOT collect, store, or process credit card numbers, bank account details, or other payment card data. Lemon Squeezy handles all payment processing, sales tax collection, PCI compliance, and refunds. See Lemon Squeezy's Privacy Policy for details on how they handle payment data.

1.5 WordPress Plugin Data

The Polyglot Translate WordPress plugin:

  • Stores translations in YOUR WordPress database (not on our servers)
  • Sends source text to our API for translation (when Translation Memory does not have a match)
  • Sends your API key for authentication
  • Does NOT collect personal data from your website visitors
  • Does NOT inject tracking pixels, analytics scripts, or third-party cookies

1.6 Cookies

We use the following cookies:

CookiePurposeDurationType
session_tokenAuthenticationSession / 7 daysEssential
wglangLanguage preference (Polyglot Lens)1 yearFunctional

We do NOT use advertising cookies, tracking pixels, or third-party analytics scripts. For complete details, see our Cookie Policy.

2. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve our translation Services
  • Process translations and store them in Translation Memory
  • Manage your account and provide customer support
  • Track API usage and enforce plan limits
  • Send transactional emails (password reset, account notifications)
  • Detect and prevent fraud, abuse, and security threats
  • Comply with legal obligations

We do NOT:

  • Sell your personal data to third parties
  • Use your translation content to train AI models
  • Share your data with advertisers
  • Send unsolicited marketing emails without consent

3. Community Translation Memory

Our Translation Memory system stores source-target text pairs contributed by users. These pairs may be served to other users who request translations of the same or similar content. This is a core feature of the Platform — the "network effect" that reduces translation costs for everyone.

What is shared: Only the translated text pairs (source + translation). NOT your account information, website URL, or any identifying data.

What is NOT shared: Your API key, account details, website content (beyond the specific strings submitted for translation), or any personal data.

If you submit text containing personal data for translation (e.g., customer names in email templates), you are responsible for ensuring you have appropriate legal bases for processing that data. We recommend using placeholder tokens (e.g., {customer_name}) instead of actual personal data in translation requests.

4. Data Sharing and Third-Party Services

We share data only with the following categories of third parties:

  • Lemon Squeezy (Merchant of Record) — processes payments, sales tax, refunds
  • Cloudflare (CDN/Security) — DNS, DDoS protection, edge caching
  • DigitalOcean (Infrastructure) — server hosting
  • SMTP provider (Email) — transactional email delivery

We do NOT use Google Analytics, Facebook Pixel, or any third-party tracking/advertising services.

We may disclose your information if required by law, court order, or governmental regulation, or to protect our rights, property, or safety.

5. Data Retention

  • Account data: Retained as long as your account is active. Deleted within 30 days of account deletion request.
  • Translation Memory entries: Retained indefinitely as part of the community TM. You may request removal of TM entries you contributed.
  • API usage logs: Retained for 12 months, then automatically purged.
  • Server logs (IP, access): Retained for a maximum of 90 days.
  • WordPress plugin translations: Stored in YOUR database — retention is under your control.

6. Data Security

We implement industry-standard security measures including:

  • TLS/SSL encryption for all data in transit (HTTPS)
  • Bcrypt password hashing
  • Server-side firewall (UFW) with all services bound to 127.0.0.1
  • Cloudflare WAF and DDoS protection
  • Regular automated backups
  • Rate limiting and anti-abuse detection

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6.1 Data Breach Response

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours as required by GDPR Art. 33, and will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

7. Your Rights (GDPR / EEA / UK / Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Restriction — restrict processing of your data in certain circumstances
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — where processing is based on consent, withdraw at any time

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

Legal Bases for Processing (Art. 6 GDPR)

  • Contract performance (Art. 6(1)(b)) — processing necessary to provide our Services
  • Legitimate interest (Art. 6(1)(f)) — security, fraud prevention, service improvement
  • Consent (Art. 6(1)(a)) — where explicitly requested (e.g., marketing emails)
  • Legal obligation (Art. 6(1)(c)) — compliance with applicable laws

Data Processing Agreement

If you process personal data through our Services (e.g., translating content containing personal data), we act as a Data Processor under Art. 28 GDPR. Our Data Processing Agreement (DPA) is available at /dpa.

8. International Data Transfers

Our servers are located in the European Union (Amsterdam, Netherlands via DigitalOcean). Data processed through Cloudflare may transit through global edge servers but is not stored permanently outside the EU.

For Lemon Squeezy (US-based), data transfers are protected under the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs).

9. Children's Privacy

Our Services are not directed to individuals under the age of 16 (or 13 in jurisdictions where COPPA applies). We do not knowingly collect personal data from children. If we learn that we have collected data from a child, we will delete it promptly. Contact us at [email protected] if you believe a child has provided us with personal data.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the right to: know what personal data we collect, request deletion, opt out of the sale of personal data (we do not sell personal data), and non-discrimination for exercising your rights. Contact us at the email above to exercise these rights.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of our Services after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions, data requests, or DPA inquiries:

Data Controller

  • Entity: Elevio Solutions
  • Tax ID (PIB): 115278168
  • Registration No (MB): 68239532
  • Address: Internacionalnih Brigada 25, Belgrade, Serbia

You also have the right to lodge a complaint with your local data protection supervisory authority.