Privacy Policy
Last updated: June 3, 2026
This Privacy Policy explains how Transable, operated by Nikolaj Kaluderovic ("we", "us", "our"), collects, uses, stores, and protects personal data when you use our website translation platform at transable.to (the "Service").
1. Data Controller
Nikolaj Kaluderovic
Email: [email protected]
Website: transable.to
2. Data We Collect
2.1. Account Data
When you register, we collect: email address, full name (optional), company name (optional), and a hashed password. We never store your password in plain text.
2.2. Project & Translation Data
When you use the Service, we process: domain names, API keys (stored as SHA-256 hashes), source text submitted for translation, translated text, and usage metadata (character counts, request timestamps, IP addresses, language pairs, cache hit/miss status).
2.3. Technical Data
We automatically collect: IP address, browser user-agent, referring URL, and request timestamps for security, rate-limiting, and abuse prevention.
2.4. Cookie Data
See our Cookie Policy for details.
3. How We Use Your Data
- Provide the Service — translate text, cache translations, manage projects
- Account management — authentication, plan enforcement, billing
- Security — rate limiting, CAPTCHA, IP blocking, abuse detection
- Analytics — usage statistics, cache performance, service improvement
- Communication — account emails, service updates (no marketing without consent)
4. Translation Memory & Caching
Translated text is stored in our translation memory (cache) to avoid re-translating identical content. This cache is scoped per project domain and target language. Public content may be cached permanently. Private/personal content is cached only per session with configurable TTL. Sensitive content (credit card numbers, SSNs) is never stored — translation is blocked for such content.
5. Third-Party Processors
We use the following third-party services to provide the Service:
- Google Gemini API — AI translation provider. Text is sent to Google's servers for translation. See Google's Privacy Policy.
- Cloudflare — CDN, DDoS protection, DNS. See Cloudflare's Privacy Policy.
- Hetzner — server hosting (Germany/EU). See Hetzner's Privacy Policy.
- GitHub — code hosting and CI/CD. See GitHub's Privacy Statement.
6. Data Retention
- Account data — retained while your account is active; deleted upon request
- Translation cache — public content cached permanently; session-scoped content expires per TTL; sensitive content never stored
- Usage logs — retained for 12 months for analytics, then aggregated/anonymized
- IP addresses — retained in usage logs for up to 12 months for security
7. Your Rights (GDPR)
If you are in the European Economic Area (EEA), you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Restrict processing — limit how we use your data
- Data portability — receive your data in a structured format
- Object — object to processing based on legitimate interests
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
8. Data Security
We protect your data using: HTTPS/TLS encryption in transit, hashed passwords (ASP.NET Identity with PBKDF2), hashed API keys (SHA-256), Cloudflare-only server access, Docker container isolation, and PostgreSQL with encrypted connections.
9. International Transfers
Our servers are located in Germany (EU). Translation requests are processed via Google Gemini API which may transfer data outside the EEA. Google operates under Standard Contractual Clauses (SCCs) for such transfers.
10. Children
The Service is not directed to children under 16. We do not knowingly collect data from children.
11. Changes
We may update this Privacy Policy. Material changes will be communicated via email or a notice on the Service.
12. Contact
Nikolaj Kaluderovic
Email: [email protected]