Privacy Policy

Last updated: March 10, 2026

1. Who We Are

Saintara ("we", "us", "our") is the data controller for personal data processed through this website and our translation service. Contact us at hello@saintara.io with any privacy-related questions.

2. What Data We Collect

We collect only what is necessary to provide the Service:

  • Account data — your name, email address, website URL, and company name, collected when you contact us to set up an account
  • Provider API key — your third-party translation provider API key (BYOK clients only), stored securely and never logged or transmitted beyond your designated provider
  • Translation cache — translated text strings are cached for up to 30 days to reduce repeat calls to your provider. These are content strings, not personal data
  • Usage data — basic server logs (IP address, timestamp, request path) retained for up to 30 days for security and debugging purposes

We do not collect phone numbers, payment card details, or any data from your website visitors beyond what is described above.

3. Legal Basis for Processing

We process your data on the following legal bases under UK/EU GDPR:

  • Contract performance (Art. 6(1)(b)) — account data and Provider API key are processed to deliver the Service you signed up for
  • Legitimate interests (Art. 6(1)(f)) — server logs are retained for security monitoring and fraud prevention
  • Legal obligation (Art. 6(1)(c)) — we may retain certain data where required by applicable law

4. How We Use Your Data

  • To authenticate you and maintain your session
  • To process translation requests on your behalf using your Provider Key
  • To send transactional emails (account confirmation, billing receipts)
  • To investigate security incidents or abuse

We do not use your data for advertising, profiling, or sell it to third parties.

5. Third Parties

We share data with the following third parties only as necessary to provide the Service:

  • Translation providers — DeepL, OpenAI, or Amazon Translate (whichever you have configured). Content strings are sent to your chosen provider using your Provider Key. Each provider has its own privacy policy and data processing terms.
  • Hetzner — cloud infrastructure provider. Our servers are located in Germany. Hetzner is GDPR-compliant.

6. Cookies

We use strictly necessary cookies only:

  • sb_token — authenticates admin sessions. HttpOnly, secure, expires after 7 days.

This cookie is strictly necessary for the admin interface to function. No consent is required for strictly necessary cookies under GDPR. We do not use analytics, advertising, or tracking cookies.

7. Data Retention

  • Account data — retained for the lifetime of your account, deleted within 30 days of account closure
  • Translation cache — retained for up to 30 days, automatically cleared
  • Server logs — retained for up to 30 days
  • Billing records — retained for 7 years as required by financial regulations

8. Your Rights

Under UK/EU GDPR you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your account and personal data
  • Portability — receive your data in a structured, machine-readable format
  • Restriction — request we limit processing of your data
  • Objection — object to processing based on legitimate interests

To exercise any of these rights, contact us at hello@saintara.io. We will respond within 30 days.

You also have the right to lodge a complaint with your national data protection authority (UK: ICO at ico.org.uk).

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including secure encrypted storage of API keys, HTTPS enforcement, and rate limiting. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice at least 14 days before they take effect. Continued use of the Service after changes take effect constitutes acceptance.

11. Contact

For any privacy questions or to exercise your rights: hello@saintara.io