Skip to main content
DocTranslate
Log inSign up

Privacy policy

Last updated: April 14, 2026. Replace controller identity, contact email, and jurisdiction-specific clauses with counsel-reviewed text before production marketing.

Who we are

The operator of your DocTranslate deployment acts as the data controller for personal data processed through this product. Insert your legal entity name, address, and contact email here.

What we process

  • Account data: email, name, profile image (if provided), session identifiers, and OAuth tokens when you use social sign-in.
  • Documents: PDF files you upload, derived translated PDFs, and metadata (filename, page count, languages, job status, storage keys).
  • Billing: credit balance, Stripe customer id, and transaction history for credits (no full card numbers—Stripe Checkout handles payment instruments).
  • Realtime: document status events delivered through Pusher private channels scoped to your user id.
  • Optional marketing: hashed email and hashed stable id sent to Meta Conversions API on completed purchases when configured.
  • Integrations you enable: outbound HTTPS webhooks and Slack URLs you configure; delivery logs for troubleshooting.

Why and how we use data

We process data to provide authentication, store and translate PDFs, bill for credits, show job progress, and (when enabled) attribute purchases for advertising. We do not sell personal data. Lawful bases under GDPR should be finalized with counsel (typically contract + legitimate interests for security and product analytics).

Cookies and similar technologies

Optional analytics and marketing tools load only after you make a choice in the cookie banner (or footer Cookie settings). See the Cookie notice for categories, storage keys, and examples of vendors you may enable per environment.

Subprocessors

We rely on service providers listed on our Subprocessors page (for example Cloudflare for hosting, storage, queues, Web Analytics, optional Zaraz, and Turnstile; Stripe for payments; Pusher for realtime; optional Meta, Microsoft, Adobe, or social pixels for measurement when you enable them; and the translation HTTP service you deploy, which may call upstream model APIs).

International transfers

Providers may process data in multiple regions. Transfers outside your country rely on vendor mechanisms such as the EU Standard Contractual Clauses where applicable. Document your production regions in your security packet.

Retention

Document metadata and files remain until you delete them, your account is deleted, or automated retention rules you configure apply. The API supports optional scheduled deletion of completed or failed documents (and their R2 objects) and of integration delivery logs via environment variables (DOCUMENT_RETENTION_DAYS, INTEGRATION_LOG_RETENTION_DAYS). Set numeric values in your Worker environment to enable purges; empty values disable automated deletion for that category.

See also the Data handling FAQ.

Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict, or port your data, and to object to certain processing. You can request a JSON export of profile, document metadata, and billing transactions via GET /api/user/data-export (authenticated). Account deletion removes your app profile, documents, integration settings, and auth user record, and deletes PDF objects stored under your user prefix in object storage, when you complete account deletion (POST /api/user/delete per your deployment). Contact the controller for other requests.

Security

High-level security practices are described on the Security & data handling page.

Children

The service is not directed to children under the age where parental consent is required.

Changes

We may update this policy when features or subprocessors change. Material changes should be communicated per counsel guidance.

Cookie notice · Data handling FAQ · Subprocessors · Back to home