Privacy Policy

Taia Translations Ltd is the Data Controller responsible for your personal data under UK GDPR and EU GDPR.

Registered Office:
71-75 Shelton Street
Covent Garden
London, WC2H 9JQ
United Kingdom

Contact: [email protected]

2.1 Information You Provide

• Account Information: Name, email address, password
• Profile Information: Optional profile details, preferences, language settings
• Uploaded Content: Documents and files you upload for translation
• Translation Data: Translation memories, glossaries, and terminology you create
• Payment Information: Processed by Stripe (we do not store credit card details)
• Communications: Messages you send us via email or contact forms

2.2 Information We Collect Automatically

• Usage Data: Pages visited, features used, time spent, actions taken
• Device Information: Browser type, operating system, IP address
• Cookies: Essential cookies for authentication and session management (see our Cookie Policy)

2.3 Legal Basis for Processing

We process your personal data under the following legal bases (GDPR Article 6):

• Contract Performance (Article 6(1)(b)): To provide translation services you've requested
• Legitimate Interests (Article 6(1)(f)): To improve our services, prevent fraud, and ensure security
• Consent (Article 6(1)(a)): For marketing communications (you can opt out anytime)
• Legal Obligation (Article 6(1)(c)): To comply with tax and accounting requirements

We use your information to:

• Provide Services: Process translations, manage your account, enable collaboration features
• Improve Quality: Train and improve AI translation models (using anonymized data only)
• Communication: Send service updates, respond to inquiries, provide customer support
• Payment Processing: Handle billing and subscriptions via Stripe
• Security: Detect and prevent fraud, abuse, and security incidents
• Legal Compliance: Comply with legal obligations (tax records, dispute resolution)
• Analytics: Understand usage patterns to improve our platform (anonymized data)

We share your data with the following third-party services:

4.1 AI Translation Providers

• Third-party AI translation engines: Process your uploaded files for translation
• Location: EU-based servers
• Important: We do not currently have Data Processing Agreements with all AI providers. Do not upload sensitive or confidential data.

4.2 Payment Processing

• Stripe: Handles all payment processing. We do not store your credit card information.
• Data Shared: Name, email, billing amount

4.3 Authentication

• Google Login API: If you choose to sign in with Google, we receive your name and email

4.4 Infrastructure Providers

• Amazon Web Services (AWS): Cloud hosting (Ireland data center)
• Cloudflare: CDN and DDoS protection

4.5 No Data Selling

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using SSL/TLS (HTTPS)
• Encryption at Rest: Data stored on AWS (RDS databases and S3 storage) is encrypted using AWS encryption services (AES-256)
• Password Security: Passwords are hashed using industry-standard algorithms (bcrypt)
• Access Controls: Limited employee access to production data, role-based permissions
• Monitoring: Continuous security monitoring and logging
• Regular Updates: Security patches and software updates

Note: While we implement robust security measures, no system is 100% secure. Please verify AWS encryption settings are enabled for your specific requirements.

• Primary Data Location: Ireland (AWS EU-West-1 data center)
• GDPR Compliance: All data processing complies with UK GDPR and EU GDPR
• Third-Party Services: Some services (Stripe, Google) may process data internationally. We ensure appropriate safeguards (Standard Contractual Clauses) are in place.

Current Policy:

• Active Accounts: Data is retained while your account is active
• Deleted Accounts: You may request account and data deletion at any time via [email protected]
• Billing Records: Retained for 7 years to comply with UK tax law (HMRC requirements)

Note: We are developing a formal data retention policy with automatic deletion. Future policy will include:

• 30-day grace period for deleted accounts
• 90-day retention for completed translation projects
• 24-month retention for analytics data

You have the following rights under UK GDPR and EU GDPR:

8.1 Right of Access (Article 15)

Request a copy of all personal data we hold about you.

8.2 Right to Rectification (Article 16)

Request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure / "Right to be Forgotten" (Article 17)

Request deletion of your personal data. We will comply unless we have legal obligations to retain it (e.g., tax records).

8.4 Right to Restrict Processing (Article 18)

Request limitation of how we process your data in certain circumstances.

8.5 Right to Data Portability (Article 20)

Request your data in a machine-readable format (CSV, JSON) to transfer to another service.

8.6 Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing purposes.

8.7 Right to Withdraw Consent

If processing is based on consent, you can withdraw it at any time.

8.8 How to Exercise Your Rights

To exercise any of these rights, email us at [email protected] with "GDPR Request" in the subject line. We will respond within 30 days.

If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with:

• UK (if you are in the UK):
  Information Commissioner's Office (ICO)
  Website: ico.org.uk
  Helpline: 0303 123 1113
• EU (if you are in the EU):
  Your local Data Protection Authority
  List: EDPB Members

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at [email protected].

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours (GDPR Article 33)
• Notify affected individuals without undue delay (GDPR Article 34)
• Take immediate steps to contain and remediate the breach

We use essential cookies to provide our service (authentication, session management). We do not use tracking or advertising cookies at this time.

For full details, see our Cookie Policy.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you via email or prominent notice on our platform
• Give you the opportunity to review the changes before they take effect

Your continued use of our service after changes constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

• Email: [email protected]
• Subject Line: "Privacy Policy Inquiry"
• Mail:
  Taia Translations Ltd
  71-75 Shelton Street
  Covent Garden, London, WC2H 9JQ
  United Kingdom