Privacy Policy

Last updated: April 24, 2026

This Privacy Policy explains what information LiveTranslate ("we", "us") collects, how we use it, and the choices you have. The data controller is Bülent Tüm, Hürriyet Meydanı 30/A Çandar, 35500 Dikili, İzmir, Türkiye. Contact: bulenttum@gmail.com.

1. What we collect

a) Anonymous device identifier. The extension generates a random UUID on first install and stores it locally in your browser. This ID is used solely to associate your free trial and purchased credits with your installation. It is not linked to your name, email or any personal profile.

b) Audio snippets (during active use only). When you enable translation for a tab, the extension captures short audio chunks (typically 3–10 seconds) from that tab and forwards them through our backend to third-party AI services for transcription. Audio data is not stored on our servers. It is streamed through and immediately discarded once transcription and translation return.

c) Transcription & translation results. The resulting text is returned to your browser. We do not store the content of transcriptions or translations. They live only in your browser's memory during your session.

d) Usage metadata. For each transcription and translation call we record: the anonymous device ID, the duration in milliseconds billed against your quota, the target language, and a success/failure flag. This is used for billing integrity and aggregated analytics. We do not record the content of audio or text.

e) Payment data. Purchases are handled entirely by Paddle.com Market Limited, our Merchant of Record. We receive only: the fact that a payment succeeded, the price ID, the transaction ID, the amount, and the subscription/one-time status. We do not receive your credit card number, CVV, or billing address. For that data please consult Paddle's Privacy Policy.

f) Technical logs. Like any web service, our backend keeps short-lived access logs (request path, status code, IP address, user-agent, timestamp) for security and debugging. These are retained for up to 30 days.

2. Third-party services (sub-processors)

• OpenAI, L.L.C. — speech-to-text transcription (audio sent via API). Privacy policy. OpenAI states that API data is not used to train their models by default.
• DeepL SE — machine translation (text only). Privacy / Pro terms. DeepL Pro does not retain texts after translation.
• Supabase, Inc. — backend hosting (Postgres + serverless functions). Privacy policy.
• Paddle.com Market Limited — payment processing, invoicing, fraud prevention and tax. Privacy policy.
• Cloudflare, Inc. — CDN and DDoS protection in front of our website. Privacy policy.

By using the Service you consent to the transmission of audio and text content to these processors to the extent necessary to deliver the Service.

3. Legal basis (GDPR)

• Contract (Art. 6(1)(b)): to deliver the translation service you requested and to account for your purchased minutes.
• Legitimate interest (Art. 6(1)(f)): to prevent abuse, debug issues, and keep minimal security logs.
• Legal obligation (Art. 6(1)(c)): to maintain billing records via Paddle as required by tax law.

4. Cookies

The website itself does not set tracking cookies. The Paddle checkout iframe may set cookies strictly necessary for processing the payment and preventing fraud, as described in Paddle's privacy policy. The extension itself uses only local browser storage (chrome.storage.local), not cookies.

5. Data retention

• Anonymous device records & usage metadata: retained for as long as the device is active, plus up to 24 months for fraud-prevention and accounting purposes.
• Payment records: retained by Paddle for the period required by applicable tax law (typically 10 years).
• Audio data: not retained at any point.
• Transcription/translation text: not retained at any point.
• Technical logs: up to 30 days.

6. International transfers

Our backend is hosted in the European Union (Supabase EU region). Sub-processors (OpenAI, DeepL, Paddle, Cloudflare) may process data in the United States and other jurisdictions. These transfers are covered by Standard Contractual Clauses (SCCs) or equivalent safeguards offered by those providers.

7. Your rights

Depending on your jurisdiction (GDPR, UK GDPR, CCPA, KVKK) you may have the right to:

• Access the data we hold about you;
• Request correction of inaccurate data;
• Request deletion ("right to be forgotten");
• Request restriction or object to processing;
• Data portability;
• Withdraw consent at any time (this will not affect the lawfulness of processing before withdrawal).

To exercise any of these rights, email us at bulenttum@gmail.com with your device ID (visible in the extension's Account panel). For payment-related data, please also contact Paddle directly.

8. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has used the Service, contact us so we can delete the relevant records.

9. Security

We use TLS 1.2+ for all API traffic. Backend secrets (OpenAI / DeepL keys, Paddle webhook secret) are stored in Supabase environment variables, never in the extension itself. Database access is restricted via Row-Level Security policies.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date above reflects the most recent revision. Material changes will be highlighted on the extension's Account screen.

11. Contact

For privacy questions or to exercise your rights, email bulenttum@gmail.com.