Privacy Policy

1. Who We Are

LangRelay is operated by Chris Jayden, an Eenmanszaak (sole proprietorship) registered in the Netherlands.

Chris Jayden is the data controller for the personal data described in this policy. We are subject to Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR").

2. What Data We Collect

2.1 Account Data

When you create an account we collect: your name, email address, and a hashed password. If you sign in via an OAuth provider (e.g. GitHub) we receive only what that provider shares with us (typically name, email, and avatar URL).

2.2 Billing Data

Payments are processed by Stripe. We store your subscription plan and billing status. We do not store full card numbers or raw payment details. Those remain with Stripe under their own privacy policy and PCI DSS compliance.

2.3 Website & Translation Data

When you connect a website to LangRelay, our crawler visits the pages you specify to extract text content for translation. The extracted text and its translations are stored in our database. We do not access, store, or process any data beyond publicly visible page content.

2.4 Usage & Analytics Data

We collect internal product usage metrics (e.g., number of translated pages, API call counts) for billing and service improvement. These are tied to your account, not shared with third parties.

2.5 Communication Data

We use Bento (bentonow.com) to send transactional emails (e.g. account verification, billing receipts) and occasional product update emails. Your email address is shared with Bento for this purpose. You can unsubscribe from marketing emails at any time via the unsubscribe link in each email; transactional emails cannot be opted out of while your account is active.

2.6 Technical Logs

Our servers and hosting providers (Vercel, Railway, Cloudflare) may log IP addresses, request timestamps, and error traces for security, debugging, and abuse prevention. These logs are retained for up to 30 days.

3. Legal Basis for Processing (GDPR)

4. Data Sharing & Third Parties

We do not sell your personal data. We share it only with the following sub-processors, each bound by a Data Processing Agreement (DPA):

• Vercel Inc. (USA): application hosting and dashboard. Covered by Standard Contractual Clauses.
• Cloudflare Inc. (USA): translation proxy and CDN. Covered by Standard Contractual Clauses.
• Railway Corp. (USA): API and crawler hosting. Covered by Standard Contractual Clauses.
• Stripe Inc. (USA): payment processing. Covered by Standard Contractual Clauses and certified under EU-US Data Privacy Framework.
• Upstash Inc. (USA): caching layer (Redis). Covered by Standard Contractual Clauses.
• Bento / Bentonow.com: transactional and marketing email delivery.

We may disclose personal data if required to do so by law or in response to valid legal process from Dutch or EU authorities.

5. International Data Transfers

Some of our sub-processors are based outside the European Economic Area (EEA), primarily in the United States. Where personal data is transferred outside the EEA, we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on the EU-US Data Privacy Framework where applicable.

6. Data Retention

• Account data: Retained for the duration of your account. Upon account deletion, your personal data is deleted or anonymised within 30 days, unless we are required to retain it by law (e.g. tax records, up to 7 years under Dutch law).
• Translation data: Deleted within 30 days of project deletion or account deletion.
• Server logs: Retained for up to 30 days.
• Billing records: Retained for 7 years as required by Dutch tax law (Belastingdienst).

7. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights. To exercise any of them, contact us at support@langrelay.com.

• Right of access (Art. 15): You can request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You can ask us to correct inaccurate or incomplete data.
• Right to erasure (Art. 17): You can ask us to delete your personal data, subject to legal retention obligations.
• Right to restriction (Art. 18): You can ask us to restrict processing of your data in certain circumstances.
• Right to data portability (Art. 20): You can request your account data in a machine-readable format.
• Right to object (Art. 21): You can object to processing based on legitimate interests, including direct marketing.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

We will respond to requests within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Dutch supervisory authority:

8. Cookies

LangRelay uses only strictly necessary session cookies for authentication. We do not use tracking or advertising cookies. You do not need to accept any cookie banner to use this service.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include HTTPS encryption in transit, hashed password storage, and access controls on our infrastructure. However, no method of transmission over the internet is 100% secure.

10. Children

LangRelay is not directed at persons under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email and update the "Last updated" date at the top of this page. Continued use of the service after the effective date of changes constitutes acceptance of the updated policy.