Privacy Policy

Last updated: March 10, 2026

1. Who We Are

Saintara ("we", "us", "our") is the data controller for personal data processed through this website and our translation service. Contact us at hello@saintara.io with any privacy-related questions.

2. What Data We Collect

We collect only what is necessary to provide the Service:

  • Account data — your name, email address, website URL, and company name, collected when you contact us to set up an account
  • Provider API key — your third-party translation provider API key (BYOK clients only), stored encrypted at rest (AES-256-GCM) and never logged or transmitted beyond the designated provider
  • Translation cache — translated text strings are cached in Redis for up to 30 days to reduce repeat API calls. These are content strings, not personal data
  • Usage data — basic server logs (IP address, timestamp, request path) retained for up to 30 days for security and debugging purposes

We do not collect names, phone numbers, payment card details (handled by Stripe), or any data from your website visitors beyond what is described above.

3. Legal Basis for Processing

We process your data on the following legal bases under UK/EU GDPR:

  • Contract performance (Art. 6(1)(b)) — account data and Provider API key are processed to deliver the Service you signed up for
  • Legitimate interests (Art. 6(1)(f)) — server logs are retained for security monitoring and fraud prevention
  • Legal obligation (Art. 6(1)(c)) — we may retain certain data where required by applicable law

4. How We Use Your Data

  • To authenticate you and maintain your session
  • To process translation requests on your behalf using your Provider Key
  • To send transactional emails (account confirmation, billing receipts)
  • To investigate security incidents or abuse

We do not use your data for advertising, profiling, or sell it to third parties.

5. Third Parties

We share data with the following third parties only as necessary to provide the Service:

  • Translation providers — Google Translate, DeepL, or OpenAI (whichever you have configured). Content strings are sent to your chosen provider using your Provider Key. Each provider has its own privacy policy and data processing terms.
  • Stripe — payment processing. Stripe handles billing data under their own privacy policy. We never see or store your card details.
  • Hetzner — cloud infrastructure provider. Our servers are located in Germany. Hetzner is GDPR-compliant.

6. Cookies

We use strictly necessary cookies only:

  • sb_token — authenticates admin sessions. HttpOnly, secure, expires after 7 days.

This cookie is strictly necessary for the admin interface to function. No consent is required for strictly necessary cookies under GDPR. We do not use analytics, advertising, or tracking cookies.

7. Data Retention

  • Account data — retained for the lifetime of your account, deleted within 30 days of account closure
  • Translation cache — 30-day rolling TTL in Redis, automatically purged
  • Server logs — retained for up to 30 days
  • Billing records — retained for 7 years as required by financial regulations

8. Your Rights

Under UK/EU GDPR you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your account and personal data
  • Portability — receive your data in a structured, machine-readable format
  • Restriction — request we limit processing of your data
  • Objection — object to processing based on legitimate interests

To exercise any of these rights, contact us at hello@saintara.io or use the account settings in your dashboard. We will respond within 30 days.

You also have the right to lodge a complaint with your national data protection authority (UK: ICO at ico.org.uk).

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including AES-256-GCM encryption for API keys, bcrypt password hashing, httpOnly cookies, HTTPS enforcement, and rate limiting. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice at least 14 days before they take effect. Continued use of the Service after changes take effect constitutes acceptance.

11. Contact

For any privacy questions or to exercise your rights: hello@saintara.io