Privacy Policy

Last updated: July 01, 2026

1. Introduction

Wordiy ("Company", "we", "us", "our", or "Service") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

Please read this Privacy Policy carefully. If you do not agree with our practices, please do not use our Service. By accessing or using Wordiy, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Definitions

Personal Data: Any information that can identify you directly or indirectly, including but not limited to your name, email address, IP address, and usage data.

User Content: All data, files, translations, bundles, configurations, and materials you upload or store through the Service.

Processing: Any operation performed on personal data, such as collection, storage, use, analysis, transmission, or deletion.

3. Information We Collect

We collect information in several ways:

3.1 Information You Provide Directly

  • Account Information: Email address, full name, organization name, password (encrypted), phone number (optional)
  • Billing Information: Name, address, payment method details (processed through Stripe, not stored by us)
  • Project Data: Project names, descriptions, settings, and configurations
  • Translation Content: Translation keys, source and target language content, metadata
  • Support Communications: Messages you send to our support team, feedback, and inquiries

3.2 Information Collected Automatically

  • API Request Data: Endpoints accessed, HTTP methods, response times, status codes, cache hit/miss metrics
  • Technical Data: IP address, browser type, device type, operating system, referring URLs
  • Usage Data: Features used, actions performed, time spent on pages, navigation patterns
  • Log Data: Server logs containing IP addresses, timestamps, and error messages
  • Cookies and Tracking: Session cookies for authentication, analytics cookies for usage tracking
  • Request Headers and Metadata: User-Agent, Accept-Language, and other HTTP request headers

3.3 Information from Third Parties

  • OAuth Providers: Name, email, profile picture (if you sign up via OAuth)
  • Payment Processors: Billing status, subscription information (from Stripe)
  • Machine Translation Providers: Usage statistics and credit consumption data

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Provision: To provide, maintain, and improve the Service
  • Account Management: To create and manage your account, authenticate users, and process authentication requests
  • Billing and Payments: To process payments, manage subscriptions, and send billing notifications
  • Communication: To send service updates, security alerts, support responses, and promotional information
  • Analytics and Improvements: To analyze usage patterns, identify trends, and improve features and performance
  • Security: To detect, prevent, and address fraud, abuse, and security incidents
  • Legal Compliance: To comply with laws, regulations, and legal requests
  • Machine Translation: To provide MT suggestions and manage translation provider integrations
  • Webhooks: To send event data to your configured webhook endpoints

5. Data Sharing and Disclosure

We may share your information in the following circumstances:

5.1 With Your Consent

We share your information with third parties only when you explicitly consent to such sharing.

5.2 Service Providers

We share information with trusted vendors who provide services on our behalf under confidentiality agreements:

  • Stripe: Payment processing and billing
  • Cloud Infrastructure Providers: Hosting, storage, and backup services
  • Machine Translation Providers: Google Translate, DeepL, Microsoft Azure, and others (for translation requests)
  • Analytics Services: Usage analytics and monitoring
  • Email Services: Transactional and notification emails

5.3 Legal Requirements

We may disclose personal data if required by law, court order, or government request, or if we reasonably believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.4 Business Transfers

If we are involved in a merger, acquisition, bankruptcy, or asset sale, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

5.5 Aggregated and De-identified Data

We may share aggregated or de-identified data that cannot identify you with third parties for research, marketing, analytics, and other purposes.

6. International Data Transfers

Your personal data may be stored and processed in multiple countries where we have operations or engage service providers. These countries may have different data protection laws than your home country.

By using the Service, you consent to the transfer, storage, and processing of your personal data in countries outside your country of residence, which may have different privacy protections.

We implement appropriate safeguards, including Standard Contractual Clauses and other mechanisms, to ensure your data is protected during international transfers.

7. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

  • Account Data: Retained while your account is active and for a reasonable period after deletion for backup purposes
  • API Request Logs: Retained for 30 days for analytics and security purposes
  • User Content: Retained according to your account status; deleted upon account termination after a grace period
  • Cookies: Session cookies expire when you close your browser; persistent cookies expire after set periods
  • Billing Records: Retained for as long as required for tax, accounting, and legal compliance

8. Your Rights and Choices

Depending on your location and applicable laws, you may have the following rights:

8.1 Access and Portability

You have the right to request a copy of the personal data we hold about you in a portable format.

8.2 Correction and Deletion

You have the right to request correction of inaccurate or incomplete personal data and, in certain circumstances, to request deletion of your data.

8.3 Restriction and Objection

You have the right to restrict processing of your data and to object to certain types of processing, such as marketing communications.

8.4 Withdrawal of Consent

If processing is based on your consent, you have the right to withdraw that consent at any time.

8.5 Communication Preferences

You can manage your communication preferences in your account settings or by clicking "unsubscribe" on marketing emails. Note: You cannot opt out of transactional or security-related communications.

8.6 Exercising Your Rights

To exercise any of these rights, please contact us at:

[email protected]

We will respond to your request within 30 days (or as required by applicable law) and may ask for verification of your identity before processing your request.

9. Security

We implement comprehensive security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

  • Encryption: Data in transit uses TLS/SSL encryption; sensitive data at rest is encrypted
  • API Keys: API keys are encrypted and stored securely; passwords are hashed
  • Access Controls: Role-based access controls restrict employee access to personal data
  • Monitoring: We monitor for suspicious activity and potential security incidents
  • Regular Audits: We conduct security audits and vulnerability assessments
  • Incident Response: We have procedures to respond to and mitigate data breaches

However, no security system is completely secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your credentials.

10. Third-Party Services and Links

The Service may integrate with or contain links to third-party services and websites. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices.

When you use third-party services (such as machine translation providers or OAuth providers), you are subject to their privacy policies and terms of service. Please review their policies before providing personal data.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and gather usage information.

11.1 Types of Cookies

  • Essential Cookies: Required for authentication, security, and service functionality
  • Analytics Cookies: Used to understand how you interact with the Service
  • Preference Cookies: Store your preferences and settings
  • Performance Cookies: Measure performance and optimize the Service

11.2 Cookie Management

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are sent. Note that disabling essential cookies may affect Service functionality.

12. Children's Privacy

The Service is not intended for children under 13 years old (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children.

If we become aware that we have collected personal data from a child, we will take steps to delete such information and terminate the child's account promptly.

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know what personal data is collected, used, and shared
  • Right to delete personal data collected from you
  • Right to correct inaccurate personal data
  • Right to opt-out of the sale or sharing of personal data
  • Right to limit use and disclosure of sensitive personal data
  • Right to non-discrimination for exercising these rights

To exercise these rights, please contact us at [email protected]. We do not sell personal data, but we may share data with service providers as described in this Privacy Policy.

14. European Privacy Rights (GDPR)

If you are located in the European Union, European Economic Area, or United Kingdom, the General Data Protection Regulation (GDPR) provides you with additional rights and protections.

14.1 Legal Basis for Processing

We process your personal data based on one of the following legal bases:

  • Contract: Processing necessary to perform our contract with you
  • Legitimate Interests: Processing necessary for our legitimate business interests
  • Consent: Processing based on your explicit consent
  • Legal Obligation: Processing required by law or regulation

14.2 Data Controller and DPA

Wordiy is the data controller for personal data you provide. If you have questions or wish to exercise your rights, contact us at [email protected].

We have a Data Processing Addendum (DPA) available for customers requiring enhanced data protection agreements.

15. Automated Decision-Making

We do not make decisions about you based solely on automated processing that produces legal or similarly significant effects, except where:

  • Such processing is necessary to enter into a contract with you
  • You have given explicit consent
  • Processing is based on applicable law

Machine translation suggestions are provided as assistance only and are not automated decision-making in the GDPR sense, as you retain full control over translation content.

16. Data Breach Notification

If we discover a data breach that compromises the security, confidentiality, or integrity of personal data, we will notify affected individuals promptly, in accordance with applicable laws.

Our notification will include information about the breach, the data affected, and steps we are taking to remedy the situation.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy and updating the "Last Updated" date.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

18. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Wordiy Privacy Team

Email: [email protected]

Response time: We aim to respond to all privacy inquiries within 30 days.

Data Protection Authority

If you are in the EU/EEA and have concerns about our data practices, you have the right to lodge a complaint with your local data protection authority.