This Privacy Policy explains how Proxylang, operated by TITUS TIMOTHY DAVID ("Company," "we," "us," or "our"), collects, uses, and protects information when you use our website translation proxy service ("Service").

By using our Service, you agree to the collection and use of information as described in this policy. We are committed to protecting your privacy and being transparent about our data practices.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address
Name (optional)
Password (encrypted)
Company name (optional)
OAuth provider information (if using social login)

1.2 Domain and Configuration Data

When you configure the Service, we store:

Domain names you register for translation
Source and target language preferences
Widget customization settings
Translation exclusion rules

1.3 Website Content (Processed Temporarily)

When translating your website, we process:

Text content from your web pages
HTML structure (for translation targeting)
URL paths and page structure
Meta tags and SEO content

Note: We do not permanently store your original website content. Content is processed in real-time and only cached translations are retained.

1.4 Usage and Analytics Data

Translation request counts and patterns
Page views per language
Geographic distribution of requests (country, region, and city level)
Response times and performance metrics
Error logs and debugging information

For Full Proxy mode customers, we additionally store a pseudonymous visitor identifier (derived from a salted hash of IP and User-Agent — the raw IP is never retained), session identifier, browser, operating system, and device type, on the customer's behalf as a data processor. WordPress plugin Hybrid mode does not collect visitor analytics.

1.5 Payment Information

Payment processing is handled by Polar (international card payments via Stripe). We do not store credit card numbers or full payment details. We only store:

Subscription status and tier
Customer ID (from payment provider)
Billing history and invoice records

1.6 Information We Do NOT Collect

User passwords from your website's visitors
Private messages or user-generated content (unless publicly displayed)
Payment information from your website's customers
Content from password-protected pages (unless explicitly proxied)
Personal information about visitors to your translated website

2. How We Use Information

We use collected information to:

Provide the Service: Translate and serve your website content
Improve Performance: Cache translations, optimize delivery, reduce latency
Analytics: Show you usage statistics and language distribution
Billing: Process payments and manage subscriptions
Support: Respond to your inquiries and troubleshoot issues
Security: Detect and prevent abuse, fraud, and security threats
Communication: Send service updates, usage alerts, and important notices
Legal Compliance: Meet regulatory and legal obligations

3. AI Translation and Third-Party Data Sharing

Important: Your content is processed by third-party AI services for translation. Please review this section carefully.

3.1 Translation Providers

Text content from your website is sent to third-party translation providers for processing. Depending on the target language or use case, translation providers may include DeepL, Google, Anthropic, OpenAI, or other AI providers operated by Proxylang.

All personally identifiable information is automatically redacted prior to transmission to any translation provider. No submitted text is used to train AI models.

3.2 PII Protection Before Translation

Before sending content to translation providers, we automatically detect and redact personal information, including:

Email addresses
Phone numbers
Physical addresses
Credit card numbers
Social security numbers
Other identifiable patterns

Redacted content is replaced with placeholder tokens during translation and restored in the final output.

3.3 What We Send to Providers

Sent: Text content with PII removed, source/target language codes
NOT Sent: Your user data, authentication credentials, images, media files, your visitors' personal information

3.4 AI Provider Data Usage

We use API-only access to translation providers:

Content is processed solely for the purpose of translation
Providers may retain content temporarily for abuse prevention
Content is not used to train any AI models

4. Other Third-Party Services

Service	Purpose	Data Shared
Cloudflare	Edge proxy, CDN, DDoS protection, KV cache	Request metadata, translated HTML, geo headers
Supabase	Authentication and database hosting	Account data, domain config, hashed identifiers
Google, Anthropic, OpenAI, DeepL	AI translation providers (PII-redacted)	Source text with PII redacted, language codes
Polar	Payment Processing (International)	Billing information, subscription status
Resend	Email Delivery	Email addresses, notification content
Umami	Privacy-focused product analytics (proxylang.dev only, consent-gated)	Page views, referrers (no cross-site tracking)

For the complete subprocessor list with regions, DPA links, and change-notification commitments, see our subprocessors page .

5. Data Retention

Data Type	Retention Period	Purpose
Edge Cache	Up to 24 hours	Fast page delivery
Translation Cache	Indefinite (until cleared)	Avoid re-translation, consistency
Request Logs	90 days	Analytics, debugging
Account Data	Until account deletion	Service provision
Billing Records	7 years	Legal/tax compliance

5.1 Cache Invalidation

You can clear cached translations for your domain at any time through the dashboard. This will remove all translated content from our caches.

6. Cookies and Tracking

6.1 Cookies We Use

Authentication: Session cookies to keep you logged in
Language Preference: Cookie to remember visitor language selection (proxylang_lang)
Theme Preference: Cookie to remember dark/light mode

6.2 Cookies We Do NOT Use

Third-party advertising cookies
Cross-site tracking cookies
Social media tracking pixels

6.3 Visitor Tracking on Translated Sites

Visitor tracking depends on the integration mode:

WordPress plugin (Hybrid mode): We do not collect any per-visitor analytics. Only the requested URL path and the visitor's User-Agent are transmitted, and only for search-engine bot requests.
Full Proxy mode: On the customer's behalf as a data processor, we collect a pseudonymous visitor identifier (salted hash, raw IP discarded), session identifier, country/region/city, browser, operating system, and device type. We do not link this data to a real-world identity. The customer is the data controller and is responsible for disclosing this collection in their own privacy notice and obtaining any required visitor consent.

7. International Data Transfers

Your data may be processed in multiple jurisdictions:

Edge Processing: Global CDN network (300+ locations worldwide)
AI Translation: Third-party translation providers (various jurisdictions)
Database & Cache: Distributed infrastructure (multiple regions)

7.1 Safeguards

For international data transfers, we rely on:

Standard Contractual Clauses (SCCs) with providers
Provider certifications (SOC 2, ISO 27001 where applicable)
Data Processing Agreements (DPAs)

7.2 EU Users (GDPR)

For GDPR purposes, we act as a "data processor" when translating your website content. You (the website owner) remain the "data controller" and are responsible for:

Ensuring you have appropriate legal bases for processing visitor data
Providing privacy notices to your website visitors
Responding to data subject requests from your visitors

8. Your Rights

8.1 Account Holders

You have the right to:

Access: View your account data through the dashboard
Export: Download your settings and configuration
Correction: Update your account information
Deletion: Delete your account and all associated data
Clear Cache: Remove all cached translations for your domains
Object: Opt out of marketing communications

How to exercise these rights: email hello@proxylang.dev with the subject line Privacy Request — [your account email]. We respond within 30 days, in line with GDPR Article 12(3).

8.2 Visitors to Translated Websites

If you are a visitor to a website using Proxylang for translation:

Contact the website owner directly for privacy requests
We do not maintain persistent visitor profiles
We will assist website owners in fulfilling legitimate data requests

8.3 California Residents (CCPA)

California residents have additional rights under the CCPA:

Right to know what personal information is collected
Right to delete personal information
Right to opt-out of sale of personal information (we do not sell personal information)
Right to non-discrimination for exercising privacy rights

To exercise CCPA rights, email hello@proxylang.dev with the subject line CCPA Request — [your account email]. We respond within 45 days, as required by CCPA.

9. Security

We implement appropriate technical and organizational measures to protect your data:

Encryption in transit (TLS 1.3) and at rest
Secure authentication with password hashing
Regular security audits and monitoring
Access controls and principle of least privilege
DDoS protection through Cloudflare

While we take security seriously, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

Our Service is not directed to children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy on our website
Updating the "Last updated" date
Sending an email for significant changes

12. Contact Us

For privacy-related questions or to exercise your rights, contact us:

Email: hello@proxylang.dev

General Inquiries: hello@proxylang.dev

Business Registration: 797-28-01733

Location: Seoul, South Korea

We will respond to privacy requests within 30 days.