Privacy Policy
Lingvanex, operated by NordicWise Limited, specializes in AI-driven machine translation and speech recognition technologies. This privacy policy outlines the practices of NordicWise Limited (hereinafter referred to as 'NordicWise,' 'Lingvanex,' 'we,' 'us,' or 'our') regarding the collection, use, and protection of personal data through our website, applications, and various services. We are firmly committed to safeguarding the privacy and security of our users.
1. Scope, Consent and Identity of the Data Collector
This Privacy Policy applies to all users of Lingvanex services. We prioritize user consent in our data collection practices, focusing solely on analytics data. This approach ensures that users are fully informed and have explicitly consented to the rules governing the use of their data. Our commitment is to maintain transparency and respect for user preferences in all interactions with data.
2. Information Collection and Nature of Personal Data
2.1 Direct Data Provision
With explicit user consent, we collect analytical data encompassing:
- Registering or placing an order for our products and services.
- Voluntarily participating in surveys or providing feedback via message boards or email.
- Interacting with our website. This includes cookie-based data collection, contingent upon your acceptance of our Cookies Policy.
2.2 Restriction on Translation Data
Consistent with our respect for user privacy, we do not retain personal data derived from your translation inputs.
2.3 Analytical Data Collection
With explicit user consent, we collect analytical data encompassing:
- Identifiers unique to your device or account.
- Data regarding your commercial interactions with our services.
- Information pertaining to your browsing behavior and usage patterns, with the exception of our on-premise solutions, such as On-premise Machine Translation Software, On-premise Speech Recognition, Offline Desktop Translator, and Slack Bot for On-premise Machine Translation Software.
2.4 Compliance Commitment:
We strictly adhere to SOC 2 Type 1 and Type 2 standards, as well as other relevant data protection regulations, ensuring robust data protection and privacy.
3. Personal Data Usage for Services
3.1 Advertising
- Google Ads: Utilizes Cookies and Usage Data, a practice restricted to our website and the Phone Call Translator application.
3.2 Analytics
- Google Analytics: Incorporates both Google Ads conversion tracking and Facebook Ads conversion tracking (Facebook pixel), with deployment on our website and within mobile applications.
- Twitter Ads, LinkedIn Conversion Tracking, FreshWorks Tracking: These tools process Cookies and Usage Data to support analytics for our website, mobile applications, desktop translators, browser extensions, and chatbot translator.
- Posthog, Google Tag Manager, Matomo: These services engage in the processing of Cookies and Usage Data. Such activities are confined to our servers, ensuring no data is transmitted to any third-party entities.
We do not retain any analytics data from our users, with the exception of hardware ID, email address, full name, and geographic location (GEO).
3.3 Contact Forms and Communication
- Captures personal details such as email address and full name.
3.4 Content Display from External Platforms
- Google Fonts: Involves Usage Data.
- YouTube Video Widget, Font Awesome: Utilizes Cookies and Usage Data. Such activities are confined to our servers, ensuring no data is transmitted to any third-party entities.
3.5 Payment Processing
- Paddle: Handles various types of data as outlined in their privacy policy.
3.6 Hosting and Backend Infrastructure
- Amazon Web Services (AWS), Hetzher, OVHcloud, Linode, Genezis Cloud, Scaleway: Manages diverse data types.
3.7 Managing Contacts and Messaging
- Amazon Web Services (AWS), Hetzher, OVHcloud, Linode, Genezis Cloud, Scaleway: Manages diverse data types.
- Mautic: Captures and securely retains contact information on our proprietary servers.
3.8 Support and Contact Requests
- Freshdesk: Manages an array of data types to facilitate support and contact inquiries.
3.9 Registration and Authentication
- Direct Registration: Requires information such as the company name, address, VAT ID/Tax ID, email, and full names for the registration process.
- Our mobile application facilitates registration via Facebook integration.
3.10 Tag Management
- Google Tag Manager: Utilizes Cookies and Usage Data, which are securely stored on our servers without direct access for unauthorized personnel.
3.11 Traffic Optimization and Distribution
- Cloudflare: Engages in the processing of Cookies and a variety of data types to enhance website performance and security.
3.12 User Database Management
- FreshWorks: Handles email addresses, phone numbers, and a wide range of data types, ensuring effective communication and service provision to our users.
4. Use of InformationCollection and Nature of Personal Data
4.1 Focused Use of Data
- Translation Data Handling: We guarantee that data inputted for translation is not employed in model training, marketing strategies, or any ancillary purposes, aligning with our dedication to privacy.
- Analytical Data Utilization: Exclusively, the analytical data we accumulate is utilized to augment our services and elevate the user experience, ensuring that every interaction with our products is beneficial.
4.2 Purpose of Data Collection:
Our organization collects information with the objective to:
- Efficiently process your orders.
- Craft personalized offers for products and services that might interest you.
- Provide responsive and effective customer support, tailored to your needs.
To provide reasonable data collection controls, we provide a table with the purposes and the legal basis for data collection:
A. Customer Account Data
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Email address | User authentication, notifications | Contractual necessity (GDPR Art. 6(1)(b)) |
| Full name | Invoice generation, fraud prevention | Legal obligation (GDPR Art. 6(1)(c)) |
| Company/VAT ID | B2B contract validation | Legitimate interest (GDPR Art. 6(1)(f)) |
B. Analytics Data
| Data Type | Purpose | Legal Basis | Control Mechanism |
|---|---|---|---|
| Device ID | Service performance monitoring | Consent (GDPR Art. 6(1)(a)) | Google Analytics opt-out available |
| IP address (anonymized) | Security threat detection | Legitimate interest (GDPR Art. 6(1)(f)) | Automatically deleted after 14 days |
| Clickstream data | UI/UX optimization | Consent (GDPR Art. 6(1)(a)) | Managed via the Cookie consent website banner |
C. Advertising Data
| Data Type | Purpose | Legal Basis | User Controls |
|---|---|---|---|
| Cookie IDs (IDE, _gcl_au) | Ad performance measurement | Consent (GDPR Art. 6(1)(a)) | YourAdChoices opt-out |
| GEO location | Regional offer targeting | Consent (GDPR Art. 6(1)(a)) | Disable in account settings |
D. Operational Data
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Support tickets (Freshdesk) | Issue resolution | Contractual necessity (GDPR Art. 6(1)(b)) |
| Payment logs, purchase details, invoice info(Paddle) | Fraud prevention, tax & audit compliance | Legal obligation (GDPR Art. 6(1)(c)) |
4.3 Commitment to Data Privacy:
- No Third-Party Disclosure: Our steadfast promise is to maintain the confidentiality of your data, ensuring it is neither sold nor shared with external entities.
- Financial Transaction: We do not directly manage financial transactions; instead, we delegate this responsibility to established financial platforms. The allocation of these platforms is as follows:
- Paddle: Utilized for purchases related to desktop applications, Slack Bot Translator, Cloud API, and On-premise MT and SR Software.
- App Store: for MacOS and iOS product offerings.
- Google Play Store: Designated for Android-based products
- Windows Store: Applied to Windows Desktop products.
Your trust in our privacy practices is paramount. This policy underlines our unwavering commitment to not only protect your data but also enhance your experience with our services.
5. Information Sharing, Disclosure, and Recipients of Data
5. Information Sharing, Disclosure, and Recipients of DataWe respect the confidentiality of transfer data and do not disclose it. Anonymous analytics data, which is inherently untraceable, is transferred to our Customer Relationship Management (CRM) system solely when users submit their information through our online forms. This integration process is strictly governed by strict legal protocols or occurs with the explicit consent of the individuals involved.
6. Data Security
We employ robust security measures to protect analytics data from unauthorized access, use and disclosure. Your personal information is securely stored on our hardened network infrastructures, which include our Customer Relationship Management (CRM) and other internal databases. Only vetted personnel with special authorizations have access to these networks, ensuring the confidentiality and integrity of your data. In addition to strong access controls, we utilize advanced encryption techniques, such as Secure Socket Layer (SSL) technology, for all sensitive data you entrust to us. This enhances the security and integrity of your information.
7. Data Retention
It is our policy that translated data is stored in logs for technical reasons for a minimum period of 24 to 72 hours to meet urgent technical requirements. This measure is implemented to speed up the translation process. When it comes to analytics data storage, we adhere to industry best practices and legal regulations, ensuring that our storage methods are operationally efficient while strictly adhering to stringent data protection standards. Below is the Lingvanex data storage and retention table that shows all information about the data retention process.
Lingvanex data storage and retention table
| Service | Third-party Subprocessor | Data Type | Retention Period | Storage Location |
|---|---|---|---|---|
| Cloud API | Translated texts presented in API request logs | 24-72 hours | EU datacenters (OVH cloud, Hetzner cloud) | |
| Phone Call Translator | Google Cloud Speech-to-Text recognizer | Audio Input Transcripts | Input audio is not stored after processing Transcripts are stored for ~5 days to allow retrieval | EU or US Google data centers |
| Voximplant(Telephony call provider) | Call records | 90 days | EU or US AWS data centers | |
| AWS Polly(speech synthesis) | Input text | AWS Polly does not inherently store the input text or the synthesized speech as part of its standard operation | EU or US AWS data centers | |
| Google Cloud Translation API | API request metadata | 30 days | EU or US Google data centers | |
| Browser Extensions | Translated texts and html pages stored as cached messages | 24-72 hours | EU datacenters (OVH cloud, Hetzner cloud) | |
| Chatbots (Slack/Telegram/etc.) | Translated texts are stored as cached messages | 24-72 hours | EU datacenters (OVH cloud, Hetzner cloud) | |
| MacOS/Windows Apps | Translated texts, html pages, recognized speech, and documents stored as cached messages | 24-72 hours | EU datacenters (OVH cloud, Hetzner cloud) | |
| Google Cloud Vision API (recognition of the text in images and videos) | API request metadata Image or video | 30 days The video and image data is processed in memory and not stored on disk | EU or US Google data centers | |
| Android / iOS apps | Translated texts, html pages, recognized speech, and documents stored as cached messages | 24-72 hours | EU datacenters (OVH cloud, Hetzner cloud) | |
| Google Cloud Vision API (recognition of the text in images and videos) | API request metadata Image or video | 30 days The video and image data are processed in memory and not stored on disk | EU or US Google data centers | |
| Demo-page | Translated texts, html pages, recognized speech, and documents stored as cached messages | 24-72 hours | EU data centers (OVH cloud, Hetzner cloud, Genesis Cloud) | |
| Analytics Services | Matomo Scope of services: Phone Call Translator, Android, iOS, MacOS/Windows applications | Users data(email, geographical location, full name) | All visits and actions raw data are deleted after 30 days. All aggregated reports are deleted after 3 months | Self-hosted in EU data centers (OVH cloud, Hetzner cloud) |
| Posthog Scope of services: Browser extensions, Translation chatbots, MacOS/Windows, Android, iOS applications, Full demo page | API request Symbol counts/doc formats Users data(email, geographical location, full name) | 12 months | Self-hosted in EU data centers (OVH cloud, Hetzner cloud) | |
| Adapty Scope of services: Phone Call Translator, Android, iOS, MacOS applications | Device identifiers: IDFA (iOS), AAID (Android), IP address Purchase/subscription events: Transaction IDs, timestamps, product IDs Behavioral data: Paywall views, conversion funnels | Device data: 5 years Behavioral events: 2 years Transactions: Transaction data is stored indefinitely for tax/audit compliance but can be deleted upon request | AWS, Google Cloud, and OVH Cloud data centers | |
| Google tag manager(GTM) Scope of services Website | Aggregated data about tag firing | 14 days | EU or US Google data centers | |
| Freshworks (Analytics) Scope of services Website, Lingvanex mail | User interaction data, support tickets, and CRM data | Logs retained for 1 year; backups retained as per service agreement | Region-specific data centers (e.g., EU, US, India) | |
| Freshworks (Tracking) Scope of services Website, Lingvanex mail | Custom object data, user segments, chat conversations | 365 days | Region-specific data centers | |
| Mautic Scope of services: Freshworks, Lingvanex mail | Contact records, Activity logs, and billing logs | 365 days | Self-hosted in EU data centers (OVH cloud, Hetzner cloud) | |
| LinkedIn Conversion Tracking Scope of services Website | Contact lists, website visit data, and lead generation forms | Contact lists: 30 days; website visit data: 180 days; lead gen forms: 365 days | Global LinkedIn data centers | |
| Lead Forensics Scope of services: Website | Website visitor identification data, CRM records | Website visitor identification data, CRM records Data verified and cleansed every 12 months; outdated records deleted quarterly | United Kingdom | |
| Payment tools | Paddle | Payment transaction data, customer details, and invoices | 7 years | Paddle's data centers |
8. User Rights and Choices
At Our Company, we diligently uphold your data protection rights, giving you comprehensive control and oversight over your personal information. Below is an overview of your rights:
- Right to Be Informed: Transparent details about what data is collected, why, by whom, legal basis, retention periods, data sharing, and your rights.
- Right to Access You are entitled to request copies of your personal data held by Our Company. Note that a nominal fee may be applicable for this service.
- Right to Rectification Should you discover inaccuracies in your information, you have the right to have us correct these inaccuracies. Additionally, you can request the completion of any data you believe is incomplete.
- Right to Erasure You can request the deletion of your personal data under certain conditions, such as when the data is no longer necessary for the purposes for which it was collected or if the data has been unlawfully processed.
- Right to Restrict Processing You have the right to request a limitation on the processing of your personal data under specific conditions, for example, when the accuracy of the data is contested or the processing is unlawful.
- Right to Object to Processing You are entitled to object to the processing of your personal data, particularly in situations where the processing is based on legitimate client interests.
- Right to Data Portability You may submit a request for access, correction or deletion of data to: [email protected]. All requests will be processed free of charge for one month in accordance with Art. 12-23 GDPR.
You may submit a request for access, correction or deletion of data to: [email protected]. All requests will be processed free of charge for one month in accordance with Art. 12-23 GDPR.
9. International Data Transfers
We ensure the protection of data during international transfers, in accordance with our cross-border data transfer practices. These practices are designed to safeguard the integrity and confidentiality of your data.
A. Transfer Locations & Recipients
| Country | Service Providers | Purpose |
|---|---|---|
| United States | Google (Analytics), AWS (Hosting), PostHog (Analytics) | Cloud infrastructure, analytics |
| India | Freshdesk (Support), Freshworks (CRM) | Customer management |
B. Legal Transfer Mechanisms
1. Standard Contractual Clauses (SCCs)
- All non-EEA transfers use EU Commission-approved SCCs (2021/914 module clauses)
- Includes supplementary measures for U.S. transfers following Schrems II
2. Technical Safeguards
- Encryption: HTTPS protocol is mandatory for data in transit (TLS 1.3+)
- Pseudonymization: User-level data is tokenized before export (e.g., Freshworks CRM IDs)
- Access Controls: Geo-fenced administrative access (IP whitelisting)
3. Organizational Measures
- Immediate suspension of transfers if jurisdictional risks emerge
10. Cookies, Tracking Technologies and Tracking Prohibition
Our website employs cookies and various tracking technologies, primarily aimed at enhancing your browsing experience.
We use a cookie consent banner (CMP) to comply with privacy regulations such as the GDPR and ePrivacy Directive. This tool allows you to:
- Accept All Cookies (necessary + optional tracking),
- Continue without Accepting, or
- Customize your preferences by clicking "Cookies Settings" in the banner (bottom-left corner)
You may change or withdraw your consent to cookies at any time by clicking the "Cookies Settings" button in the cookie banner (located in the bottom-left corner of the screen). This will allow you to adjust your preferences or revoke consent entirely. Your updated settings will apply to future visits, and non-essential tracking cookies will be disabled accordingly.
For a comprehensive understanding of how we utilize these technologies, along with our approach to "Do Not Track" browser signals, we invite you to review our Cookies Policy. This policy offers a deeper insight into our methods and principles concerning cookies usage.
11. Policy Changes
In our ongoing effort to maintain transparency and trust, we are committed to providing timely notifications to our users regarding significant changes to our privacy policy. This commitment particularly pertains to alterations that impact the way we collect and handle data, as well as any changes that might affect user rights. We understand the importance of keeping our users informed, as these updates can influence how their personal information is managed. These notifications will be delivered in a clear and accessible manner, ensuring that our users are well-informed of any developments in our data protection practices.
12. COPPA (Children Online Privacy Protection Act)
Our practices are fully aligned with the Children’s Online Privacy Protection Act (COPPA), a key legislation that places the safeguarding of online personal information for children under 13 years in the hands of their parents. This vital act is enforced by the Federal Trade Commission (FTC) in the United States. The FTC's COPPA Rule comprehensively outlines the responsibilities of website operators and online service providers to ensure the protection and privacy of children’s data on the internet.In strict adherence to COPPA, our policies and operations do not target or engage in marketing activities directed towards children under the age of 13 years. We are committed to upholding this standard, recognizing the importance of protecting online privacy and safety.
13. Anti-Spam Act
In compliance with the Anti-Spam Act, a law governing commercial email practices, we uphold transparent and ethical communication with our clients and subscribers. This act dictates the rules for commercial messaging, establishes the standards for sending commercial emails, ensures the rights of recipients to stop receiving emails, and sets forth stringent penalties for any violations.
13.1 Purpose of Collecting Email Addresses
- To provide you with important information, respond to your inquiries, or address other requests and questions.
- To engage in marketing activities, and maintain communication with our clients post initial transactions.
13.2 Our Commitment Under CAN-SPAM
- We strictly avoid using deceptive subject lines or email addresses.
- Our business's physical address is included in all correspondence.
- We actively monitor third-party email marketing services to ensure compliance with these standards.
- Opt-out/unsubscribe requests are processed promptly and respectfully.
- Users have the ability to unsubscribe at any time through a dedicated link found at the bottom of each email.
Unsubscribing: Should you choose to no longer receive future emails, simply follow the unsubscribe instructions located at the bottom of our emails. We assure you of immediate removal from all future correspondence upon your request.
14. Additional Information as Required
This Privacy Policy may be amended or expanded with additional clauses as necessitated by evolving legal, regional, or operational requirements specific to Lingvanex's services such as California Consumer Privacy Act (CCPA). These updates ensure our continued compliance with data protection laws, adapt to regional legal variations, and address operational changes in our technology and service offerings.
15. Contact Information
If you have questions about Lingvanex’s Privacy Policy, you can reach out to us at [email protected] or contact us at NordicWise Limited, 52 1st April, 7600 Athienou, Larnaca, Cyprus.