Privacy Policy

Last updated: May 13, 2026

Who We Are

TranslateInDesign is operated by One Day Build, located in Goa, India. One Day Build is the data controller for personal data processed through translateindesign.co (“the Service”).

For privacy inquiries and data requests: privacy@translateindesign.co

Our Commitment

TranslateInDesign is built on a privacy-first architecture. Your files are never retained beyond what is strictly necessary to complete translation and give you time to download your output. This policy explains exactly what we collect, how we use it, your rights, and what we do not do.

1. What We Collect

Files You Upload

When you upload an IDML file, it is received by our servers for processing only. Your file:

Is held in temporary storage during translation
Is automatically and permanently deleted within 30 days of job completion
Is never used for model training or analytics
Is never logged as text content

Account and Payment Information

If you create an account or make a payment, we collect:

Email address
Payment information (processed via Paddle — we do not store raw card numbers)
Transaction records required for billing and receipts

Usage Metadata

We collect minimal technical metadata to operate the Service:

Browser type and version
General geographic region (country level)
Pages visited and session duration
Translation job status (success/failure — no content)

We do not log the text content of your files at any point.

2. Lawful Basis for Processing (GDPR)

For users in the EU/EEA and UK, we process personal data on the following bases under GDPR Article 6:

Processing Activity	Lawful Basis
Processing uploaded files for translation	Art. 6(1)(b) — performance of a contract
Account management	Art. 6(1)(b) — performance of a contract
Payment processing	Art. 6(1)(b) — performance of a contract
Transactional emails	Art. 6(1)(b) — performance of a contract
Usage analytics (aggregate)	Art. 6(1)(f) — legitimate interest (service reliability)
Marketing communications	Art. 6(1)(a) — consent (opt-in only)
Financial record retention	Art. 6(1)(c) — legal obligation

3. How We Use Your Information

To provide the Service: We pass your file content to the Anthropic Claude API for machine translation. This is the only third-party service that receives your file text, and it is used solely for translation.
To process payments: We share necessary payment details with our payment processor, Paddle.
To communicate with you: We may send transactional emails (receipts, error notifications, deletion confirmations) to your email address via Resend.
To improve reliability: We use aggregate (non-personal) usage metrics to monitor system health.

4. What We Do Not Do

We do not sell, rent, or share your file contents with any third party beyond Anthropic Claude for translation.
We do not use your files to train AI models.
We do not retain file content after the 30-day purge window.
We do not build advertising profiles from your usage.
We do not log translation output text.

5. Subprocessors and Third-Party Services

Service	Purpose	Data Shared	Location
Anthropic Claude API	Machine translation	File text content (ephemeral)	USA
Supabase	Database and authentication	Account data, job metadata	USA
Paddle	Payment processing	Name, email, billing details	UK
Resend	Transactional email	Email address	USA
Railway	Application hosting	Encrypted data in transit	USA
Google Analytics	Usage analytics (aggregate)	Anonymised usage data	USA

We will update this table if we add new subprocessors. We do not share your data with any parties not listed here.

6. Data Retention

Data Type	Retention Period
Uploaded IDML files	30 days post-completion, then permanently deleted
Translation output files	30 days post-completion, then permanently deleted
Failed/cancelled job files	48 hours, then permanently deleted
Payment records	7 years (legal requirement)
Account data	Until account deletion requested
Usage metadata	90 days (aggregate only)

After the 30-day window closes, we cannot recover your files. Download your translated output promptly.

7. Security

All data is transmitted over TLS. Files are processed in isolated, ephemeral containers. We do not store encryption keys alongside your data. Access to production systems is restricted to authorised personnel.

8. Your Rights

Depending on your location, you may have rights over your personal data. EU/EEA/UK users have the following rights under GDPR:

Right	Description
Access (Art. 15)	Request a copy of personal data we hold about you
Rectification (Art. 16)	Correct inaccurate personal data
Erasure (Art. 17)	Request deletion of your personal data (see below)
Restriction (Art. 18)	Request we limit processing of your data
Portability (Art. 20)	Receive your data in a structured, machine-readable format
Objection (Art. 21)	Object to processing based on legitimate interest
Withdraw consent (Art. 7(3))	Withdraw consent for marketing at any time

To exercise any of these rights, email: privacy@translateindesign.co

You also have the right to lodge a complaint with your local supervisory authority (e.g., your national Data Protection Authority).

9. Data Deletion Process

To request deletion of your account and all associated personal data:

Email privacy@translateindesign.co with subject: “Data Deletion Request”
Include your account email address
We will verify your identity and confirm receipt within 3 business days
Deletion will be completed and confirmed by email within 30 days

What we delete: account record, translation job history, uploaded files (if not already purged), translation outputs (if not already purged), waitlist entry, and marketing consent records.

What we cannot delete: payment transaction records are retained for 7 years under applicable financial law. We will flag your account as deleted in our payment processor but cannot erase legally required billing records.

10. Cookies

We use cookies and similar technologies as described below. You can manage your cookie preferences via the banner shown on your first visit.

Category	Purpose	Can be declined?
Strictly Necessary	Session management, authentication, security	No — required for the Service to function
Analytics	Understanding aggregate usage patterns (no cross-site tracking)	Yes — does not affect Service functionality
Marketing	Not currently used	N/A

11. International Data Transfers

One Day Build is based in India. Our subprocessors are primarily based in the USA. Data transfers from the EU/EEA to these providers are covered by Standard Contractual Clauses (SCCs) and provider-specific data processing agreements where applicable.

12. EU/EEA Representative (Article 27)

We are exempt from the requirement to appoint an EU/EEA representative under GDPR Article 27(2). Our processing of EU personal data is occasional, does not include special category data as defined in GDPR Article 9, and is unlikely to result in a risk to the rights and freedoms of natural persons.

EU supervisory authorities may contact us directly at privacy@translateindesign.co.

13. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children.

14. Changes to This Policy

We will update this page with a revised “Last updated” date if this policy changes. We will not retroactively apply less protective practices to data collected under prior versions.

15. Contact

One Day Build
Goa, India

For privacy questions, data requests, or to exercise your GDPR rights: privacy@translateindesign.co

We respond to all requests within 3 business days.