LEGAL · PRIVACY POLICY

Privacy

Last updated · 2026-04-20

This policy explains what data Linguify — operated by The Cloud Collective SL ("we", "us") — collects when you use linguify.site, app.linguify.site, the widget.js translation widget, and the REST API (together, the "Service"). It applies globally; if you're in the EU / UK / Switzerland it's also our GDPR/UK-GDPR privacy notice.

Who we are

The Cloud Collective SL, a company registered in Spain. Contact: privacy@thecloudcollective.es. Data controller for account data you provide directly. Data processor for translation data you push through the Service.

What we collect

Account & billing

  • Email, display name, workspace name — at signup.
  • OAuth identifiers from your identity provider (Google) — Firebase passes them to us.
  • Stripe customer id, last 4 digits of card, billing address — we never see the full card number; Stripe does.

Translation content

  • Text strings the Service translates for you, and the resulting translations (cached for re-serve).
  • Hostnames of sites you register, origin URLs, and the language codes you've enabled.
  • Per-site Language Model config (tone, formality, domain, audience, do-not-translate list).

Usage

  • Request count + byte count per site per day (for plan quotas).
  • Bot vs human visits inferred from User-Agent (stored in bot_visits for 30 days then deleted).
  • Audit trail of overrides, plan changes, and domain edits (retained for the life of the workspace).

Technical

  • IP address and User-Agent on authenticated requests — logged in Cloud Run access logs for 30 days for abuse / ops monitoring.
  • A transient localStorage cache (linguify-tcache-v3:<apiKey>) in your visitor's browser so the widget can re-render translations without network round-trips.

What we DO NOT collect

  • Third-party analytics, Facebook pixel, or ad networks — none.
  • Cookies beyond the Firebase auth session on app.linguify.site.
  • Content of DMs, files outside the text you explicitly submit for translation.

How we use it

  • To provide the Service — translate, cache, render, deliver.
  • To bill you (Stripe) and enforce plan quotas.
  • To monitor for abuse (rate limiting, bad actors).
  • To send transactional email (invite, quota alerts, password reset) via Resend. No marketing email without your explicit opt-in.

Who else sees your data

The Service is built on a small, deliberately short list of sub-processors:

  • Google Cloud (Cloud Run, Cloud SQL, Cloud Translation, Vertex AI) — hosts the app, stores the DB, runs the LLM translator. Region: us-west1. GDPR SCCs in place.
  • Cloudflare — CDN / WAF for *.linguify.site. No plaintext request bodies stored; edge logs are 24h-retained at CF.
  • Firebase Auth (Google) — manages your login session.
  • Stripe — payments, subscription management.
  • Resend — transactional email delivery.
  • Anthropic, OpenAI, DeepL — only if you pick one of them as your per-site translation provider. Default provider is Google Translation LLM, which runs inside Google Cloud.

We do not sell personal data. We do not share it with anyone outside this list.

Where we store it

Primary storage is Google Cloud us-west1 (Oregon, USA). For EU customers the Standard Contractual Clauses (SCCs) govern transfers. If you need EU-resident storage, contact us and we'll quote an EU-only deployment.

How long we keep it

  • Account + billing data: for the life of the workspace plus 6 years (Spanish tax law).
  • Translation content: until you delete the site or the workspace.
  • Audit log: 2 years rolling.
  • Bot visits + edge access logs: 30 days.

Your rights

Under GDPR / UK-GDPR / LGPD you can:

  • Access — export everything we have about your workspace (via dashboard → Settings → Export).
  • Rectify — edit from the dashboard.
  • Erase — delete your workspace (Settings → Danger zone). Propagates to sub-processors within 30 days.
  • Object / Restrict / Portability — email privacy@thecloudcollective.es.
  • Lodge a complaint with your local supervisory authority (Spain: AEPD).

Children

The Service is not for children under 13 (16 in the EU). If you believe a child has created an account, email us and we'll delete it.

Security

HTTPS everywhere, TLS 1.2+ only. Passwords are managed by Firebase; we never see them. 2FA via TOTP is available in Settings. Internal secrets live in Google Secret Manager. Backups are encrypted at rest.

Changes

If this policy materially changes we'll email active workspace owners and bump the "Last updated" date above. Continued use after a change means you accept it.

Contact

Privacy & data requests: privacy@thecloudcollective.es. General: hello@thecloudcollective.es.