Privacy Policy
Last updated: November 26, 2025
1. Introduction & Scope
This Privacy Policy explains how Frenglish Inc. ("Frenglish", "we", "us") collects, uses, and protects personal information when you visit our website, use our web application, SDKs or APIs, WordPress plugins, reverse proxy solution, or contact us for support (together, the "Services").
This Policy should be read together with our Terms of Use. By accessing or using the Services, you agree to the practices described here.
This Privacy Policy is intended to be simple and transparent. It focuses on the most important facts about how we handle personal information.
2. Who We Are and Roles
Frenglish Inc. is a company based in the Province of Quebec, Canada. For most personal information related to user accounts, billing, and analytics, Frenglish acts as a data controller. For translation content that you submit to be processed, Frenglish generally acts as a data processor on behalf of your organization.
The person responsible for the protection of personal information (our Privacy Officer) is Philippe Castonguay. You can contact the Privacy Officer at [email protected].
When we refer to “personal information” in this Policy, we mean any information about an identifiable individual, as defined by applicable privacy laws.
3. Data We Collect
3.1 Account and authentication data
When you create or access an account, we collect information provided by you or your login provider, such as your email address, name (if available), and an identifier from our authentication provider. We do not store your password. All authentication flows are handled by Auth0, and we store the Auth0 user ID and basic profile data returned by Auth0.
3.2 Billing and subscription data
If you subscribe to a paid plan, we collect and store your Stripe customer ID, subscription details, and billing status. Stripe processes your payment information on our behalf. We do not store full credit card numbers or CVC codes on our servers.
3.3 Service usage and telemetry
We collect information about how you use the Services, such as the number of words translated, languages used, translation rules applied, API key usage, project and domain configuration, and technical logs (for example, timestamps, response status, and performance metrics). This may include IP addresses and browser/user-agent information.
3.4 Translation content
To provide translations, we process the content you send to us, such as website pages, HTML, documents, glossaries, and other text or files you upload or route through our reverse proxy or WordPress plugin. This content may occasionally contain personal information if you choose to include it.
You can control what content is sent to Frenglish. For example, when using our website translation tools, you can exclude specific pages or elements from translation. If content is translated by mistake, you can contact us to request deletion.
3.5 Support and communications
If you contact us by email or through in-app support, we collect the information you provide, such as your contact details, message content, and any screenshots or files you send so that we can respond to your request.
3.6 Analytics and logs
We use tools such as Grafana, Google Analytics, and Vercel Analytics to understand how our website and app are used. These tools collect aggregated information such as page visits, traffic sources, and basic technical data. We use this data to monitor reliability, troubleshoot issues, and understand how people use our Services.
4. How We Use Data
We use personal information for the following main purposes:
- To create, secure, and manage user accounts, teams, and projects.
- To provide and operate translations and related features, including storing content and translations so you do not have to retranslate the same content.
- To measure usage (such as translated word counts) and enforce subscription limits and billing.
- To monitor performance, reliability, and potential abuse of the Services, and to debug and improve our endpoints and infrastructure.
- To respond to support requests and maintain a history of interactions for customer service purposes.
- To understand website and product usage, including traffic and conversion patterns, so we can improve our user experience and onboarding.
- To comply with legal and regulatory obligations and to protect our rights and the security of the Services.
Where required by law (for example, for certain analytics or marketing activities), we rely on your consent. For most core uses (account management, translations, billing, security), we rely on our contractual obligations to you and our legitimate interest in operating and improving the Services.
5. Use of AI and Customer Content
Frenglish uses third-party AI and translation providers to process your content and generate translations. We send only the content that is necessary to fulfill your translation request, and we receive translated text in return.
We do not use your content or translations to train our own machine learning models. We also configure our third-party AI providers, where possible, so that your data is not used to train or improve their general models.
We do not store prompts or raw AI responses separately from your translated content. We keep the resulting translations and related metadata so that we can serve them again, keep translations consistent, and avoid retranslating the same content unless you delete it or request deletion.
8. Data Retention
We keep personal information only for as long as necessary to fulfill the purposes described in this Policy, to operate the Services, and to comply with legal and accounting obligations.
- Account and billing data is retained while your account is active and for a reasonable period afterward to maintain records of transactions, comply with tax and legal obligations, and handle potential disputes.
- Translation content is retained so that we can serve translations again, maintain consistency, and avoid retranslating the same content. You can delete content yourself where the interface allows it, or you can contact us to request deletion. We may also remove older or unused content over time to manage storage, and we only keep the most recent versions of a given file or content. Older versions may be automatically deleted when newer versions are available.
- Logs and analytics data are kept for a limited period required for security, troubleshooting, and usage analysis, after which they are deleted or anonymized.
We maintain backups of our databases for disaster recovery. When personal information is deleted from our active systems, it may remain in backups for a limited time until those backups are overwritten in the normal course of operations.
9. Security
We take security seriously and implement technical and organizational measures designed to protect personal information against loss, misuse, unauthorized access, disclosure, alteration, and destruction.
- Access to production systems is limited to a small number of authorized personnel.
- We use two-factor authentication (2FA) for critical services and administrative access where possible.
- We avoid storing plaintext passwords or secrets and use secure key management practices.
- Data is protected using strong encryption in transit (HTTPS) and encryption at rest for stored data.
- We maintain regular database backups to support recovery in case of incidents.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. However, we work to keep risk proportionate and reasonable based on the nature of the data and our Services.
If we become aware of a security incident that affects personal information, we will investigate and, where required by law, notify affected users and relevant authorities.
10. Your Rights
Depending on where you live and which laws apply, you may have the following rights regarding your personal information:
- To access the personal information we hold about you.
- To request correction of inaccurate or incomplete personal information.
- To request deletion of your personal information, subject to legal and contractual limits.
- To object to certain uses of your personal information, such as direct marketing.
- To withdraw consent where our processing is based on your consent (for example, certain optional analytics or marketing).
To exercise these rights, please contact us at [email protected]. We may ask you for information to help verify your identity before responding to your request.
You also have the right to lodge a complaint with the privacy regulator in your jurisdiction, such as the Commission d'accès à l'information in Quebec, the Office of the Privacy Commissioner of Canada, or your local data protection authority in the European Economic Area, if you believe your rights have been violated.
11. Children
The Services are intended for businesses and professionals and are not directed to children under the age of 14.
We do not knowingly collect personal information from children under 14. If we become aware that we have collected personal information from a child, we will take steps to delete it as soon as reasonably possible, unless we are legally required to retain it.
12. Contact and Complaints
If you have any questions about this Privacy Policy, our privacy practices, or if you wish to exercise your rights, you can contact our Privacy Officer at [email protected].
You also have the right to contact the relevant privacy or data protection authority in your jurisdiction if you believe we have not addressed your concerns satisfactorily.
13. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes to our Services, our practices, or applicable laws.
When we make changes, we will update the “Last updated” date at the top of this page. For significant changes, we may also provide additional notice, such as by email or through the Service.
We encourage you to review this Privacy Policy periodically to stay informed about how we handle personal information.