Privacy Policy

This Privacy Policy describes how translation.legal collects, uses, stores, and shares information when you use the service, including document uploads, webpage URL submissions, OCR, translation, account authentication, dashboard features, status tracking, and email notifications.

This service is designed for legal and regulatory document workflows. Because users may submit sensitive materials, we aim to describe the actual product behavior as clearly as possible rather than rely on a generic website privacy notice.

The Types of Information We Collect

Account and authentication information

When you sign in with Google OAuth, we receive account information that you authorize Google to provide to us, such as your email address, name, and profile image. We also store a session token in an HTTP-only cookie to keep you signed in.

Documents, URLs, and workflow inputs

We collect the files and webpage URLs that you submit for processing. Depending on the workflow, that may include PDFs, supported image files, Markdown files for later steps, and public webpage URLs submitted for conversion.

Task and workflow metadata

We collect task metadata needed to operate the service, such as file names, source and target languages, selected output format, processing status, request identifiers, review warnings, task logs, and whether email notification is enabled. If you provide them, we also store optional fields such as billing number, business unit, and personal notes.

Technical and usage information

We may collect technical information needed to secure and operate the service, such as IP address, browser and device information, request metadata, and error or monitoring events. We also use cookies or similar session technologies needed for login and normal application use.

How We Use the Information We Collect

We use the information we collect to:

• authenticate users and control access to the service;
• accept, process, translate, and export submitted documents and webpage content;
• route Step 1 processing between local/native conversion, OCR providers, and webpage conversion tools;
• display task status, review warnings, logs, and downloads in the dashboard and Check Status views;
• send completion or failure email notifications when requested;
• operate, secure, troubleshoot, and improve the service;
• maintain auditability, monitoring, and abuse-prevention controls; and
• comply with applicable legal and regulatory obligations.

How We Process Documents

The service uses a multi-step pipeline. Depending on the document type, deployment configuration, and detected document characteristics, processing may occur through a mix of local/native tools and third-party providers.

• Born-digital PDFs: may be processed through the local/native Step 1 path.
• Scanned, mixed-layout, image-heavy, or non-local-safe documents: may be routed to Google Document AI and related Google Cloud Storage paths for OCR.
• Translation and correction steps: may use third-party AI model providers configured for the service.
• Public webpage URLs: are fetched and converted only from public HTML pages submitted by the user; JavaScript-heavy, login-gated, or low-text pages may be incomplete or flagged for review.

Document content is processed for the purpose of providing the service, subject to the applicable platform, infrastructure, and provider terms that govern the active workflow.

How We May Share the Information We Collect

We do not sell your personal information. We may share information only as needed with:

• service providers that host or secure the application;
• authentication providers such as Google for login;
• OCR, translation, document-conversion, and cloud-storage providers used to process submitted content;
• email delivery providers used to send requested notifications; and
• authorities or other parties when required by law or to protect our rights, users, or systems.

Data Retention

We retain information for operational, security, debugging, and delivery purposes. Current operational retention targets may include:

• temporary uploaded task files may be deleted immediately after processing or on validation failure;
• task metadata, generated outputs, and processing logs may be retained for operational periods that currently target roughly 30 days;
• Google Cloud Storage objects used in the Document AI OCR lane are currently configured for automatic deletion after 30 days.

Retention periods may change for security, operational, legal, or support reasons.

Security Measures

We use technical and organizational measures intended to protect submitted materials and related metadata. Current protections may include:

• HTTP-only secure session cookies for login;
• restricted access to authenticated features;
• monitoring and error scrubbing to reduce accidental exposure of sensitive fields;
• for the Google Document AI OCR lane, regional processing in asia-southeast1, customer-managed encryption keys (CMEK), audit logging, and least-privilege service-account access;
• non-public cloud storage configuration for OCR artifacts; and
• automatic cleanup rules for certain stored files and objects.

No method of transmission or storage is guaranteed to be perfectly secure, but we aim to keep the service aligned with the sensitivity of the workflows it supports.

Third-Party Services and Content

The service depends on third-party providers for login, cloud hosting, OCR, AI-assisted text processing, document export, and monitoring. Submitted content and related metadata may be transmitted to those providers when required to deliver the workflow you request.

If you submit a public webpage URL, the service may retrieve content from that site in order to convert it to Markdown. You should only submit URLs that you are authorized to access and process.

Review Warnings and Output Notices

The service may generate Review Required warnings when it detects issues such as OCR uncertainty, structural loss, scanned-document risk, webpage extraction limitations, numbering drift, or other conditions that may require human review.

These warnings may appear in the user interface, dashboard or status views, email notifications, technical or user-facing logs, and exported output files.

Legal Basis for Using Personal Information

Our legal basis for collecting and using personal information depends on the specific context in which we collect it. Generally, we collect personal information only when we have your consent, when we need it to perform our services to you, or when we have a legitimate interest that is not overridden by your rights.

Your Rights

Depending on your location, you may have certain rights regarding your personal information, including:

• Access to your personal information
• Correction of inaccurate data
• Deletion of your data
• Restriction or objection to processing
• Data portability
• Withdrawal of consent

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the "Last updated" date above.

How to Contact Us

If you have any questions about this Privacy Policy, please contact us at: dpo@translation.legal