Lingua AI Translation

Privacy Policy

🔒 Privacy First 🛡️ High Security 📊 Data Minimization

Learn how we handle your information securely in full compliance with global privacy regulations.

Effective Date: May 19, 2026

1 Introduction & Acceptance of Terms

Welcome to the Privacy Policy for the Lingua - AI powered Instant Text Translation browser extension (hereinafter referred to as the "Extension", "Service", or "Software"), developed, operated, and maintained by Creatio Sistem Nusantara ("we", "us", or "our"). We hold your digital privacy in the highest regard and are committed to protecting your personal information.

This comprehensive Privacy Policy outlines our precise operations regarding the gathering, utilization, transmission, protection, and retention of user data when you interact with our Extension and associated services. It is designed to be fully compliant with global privacy frameworks, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Google Chrome Web Store Developer Program Policies.

By installing, accessing, or using the Extension in your browser, you acknowledge that you have read, comprehensively understood, and explicitly agree to the data practices described in this Privacy Policy. If you do not agree with these policies, you must immediately uninstall the Extension and cease all use of our services.

2 Information We Collect

In accordance with the strict principle of data minimization, we gather only the absolute minimum amount of information required to deliver our core AI translation services effectively. We do not collect data just for the sake of it. We classify the handled data into the following distinct categories:

  • Account Credentials & Profile Data: During the account registration process, we collect your email address and password. Your password is encrypted instantly using the strong, industry-standard bcrypt hashing algorithm before it ever reaches our database. We never see, store, or transmit your password in plaintext.
  • Service Usage Metadata: To enforce the monthly quota limitations associated with our subscription plans (e.g., the 300,000-word limit for the Pro plan), our servers keep track of the aggregate word counts processed by your account. This is a strictly numerical counter linked to your email address and does not contain the content of what you translate.
  • Transient Translation Material (Payloads): When you highlight text and trigger a translation or linguistic explanation, the specifically selected text is transmitted to our secure server to request processing from our AI engines. This payload is processed dynamically in-memory and is never written, logged, or stored on our servers or databases. It is immediately and permanently deleted from our server's RAM once the response is sent back to your browser.
  • Billing and Payment Information: If you upgrade to a premium plan, your payment is processed by our secure third-party merchant of record, Dodo Payments. We do not collect or store your credit card numbers or bank details. We only receive subscription status, transaction IDs, and billing cycle dates.
🚫 No Browsing History & Absolute Isolation Policy: We do NOT collect, read, analyze, log, or store your browsing history, web pages you navigate, search queries, cookies, form data, autofill inputs, or any sensitive personal information. The Extension remains completely passive in the background and only interacts with the specific text that you actively select and deliberately choose to translate.

3 How We Use Your Data

The limited information we collect is processed and utilized strictly for the transparent purposes described below:

  1. Core Service Operations: Processing the highlighted text payloads in real-time to return high-quality, AI-powered translations and grammar explanations directly to your extension window.
  2. Account Management & Authentication: Facilitating secure sign-in, maintaining active session validation via JWT (JSON Web Tokens) or secure bearer tokens, and enabling account recovery procedures (such as password resets).
  3. Quota & Plan Synchronization: Verifying your active subscription tier and tracking the monthly word counts to ensure correct plan limits and features are applied fairly.
  4. Transaction Verification: Mapping Subscription IDs from our payment processor (Dodo Payments) to your account to unlock and activate Pro features automatically upon a successful payment.
  5. Customer Support & Communications: Sending essential transactional emails (e.g., receipts, password resets, payment notifications), mandatory service updates, or responding directly to support tickets and inquiries you initiate.

4 Limited Use Disclosure (Chrome Web Store)

In strict compliance with the Chrome Web Store User Data Policy, specifically including the Limited Use requirements, we officially affirm the following constraints on our data practices:

  • Single Purpose Use: All user data collected through the Extension is used exclusively to provide, maintain, and improve the core AI-powered text translation functionality. No data is repurposed for any unrelated or secondary objective.
  • No Sale or Transfer to Third Parties: We absolutely do not sell, rent, lease, or transfer user data to third-party data brokers. Data is only transferred to subprocessors where strictly necessary to provide our service (i.e., sending text payloads to AI processors for the actual translation) or to comply with legally binding court orders.
  • No Advertising or Profiling: User data is never used or sold for personalized advertisements, retargeting campaigns, user profiling, or behavioral analytics.
  • No Creditworthiness Determination: User data is never used to determine credit eligibility, lending decisions, or financial scoring of any kind.
  • No Human Access Without Consent: Human personnel do not read or access user data unless: (a) the user provides explicit, written consent for a specific technical support case, (b) it is strictly necessary for security purposes such as investigating fraud or abuse, or (c) it is legally mandated to comply with applicable laws.
📜 Affirmative Limited Use Statement: The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

5 Data Retention & Deletion

We retain your personal data only for as long as is strictly necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations:

  • Account Data (Email, Hashed Password): Retained indefinitely for as long as your account remains active. Upon receiving an account deletion request, all associated records are permanently and irrevocably erased from our active databases within thirty (30) days.
  • Usage Statistics (Word Counts): Monthly word counters are automatically reset at the beginning of each billing cycle. Historical aggregate counts (numbers only) may be retained for up to twelve (12) months for capacity planning and service analytics, after which they are purged.
  • Translation Payloads (Highlighted Text): Never stored. All text submitted for translation or explanation is processed transiently in server RAM and discarded immediately after the AI response is generated and delivered back to the user.
  • Payment Records: Transaction IDs and subscription metadata provided by Dodo Payments are retained for the duration required by applicable international tax, accounting, and financial regulations (typically up to seven years), after which they are securely deleted.
  • Client-Side Data: All data stored locally in your browser via the chrome.storage.local API (such as custom keyboard shortcuts, target languages, and session tokens) is isolated to your machine and is deleted instantly when you uninstall the Extension.

How to request deletion: You may request the total deletion of your account and all associated personal data at any time by contacting our Data Protection Officer at support@creatiosistem.com. We will acknowledge and process valid erasure requests within thirty (30) calendar days.

6 Data Storage & Security Measures

We implement rigorous, industry-grade technical and organizational safeguards to ensure that your data is resilient against unauthorized access, modification, leak, or deletion:

  • Transport Layer Encryption (Data in Transit): All communications between your browser extension and our backend API endpoints are strictly encrypted using TLS 1.2 or higher (HTTPS). Any plaintext HTTP traffic is automatically rejected.
  • Cryptographic Salting & Hashing: User passwords are secured using standard salt-and-hash functions (bcrypt), preventing unauthorized extraction even in the highly unlikely event of database compromise.
  • Secure Authentication (Bearer Tokens): API requests utilize secure, short-lived tokens instead of storing or transferring raw user passwords during active session interactions.
  • Client-Side Storage Isolation: All configuration parameters (such as target languages, custom shortcuts, translation modes, and domain blacklists) are kept exclusively inside your browser's secure chrome.storage.local compartment. We never upload these user-specific configurations to our servers.

7 strictly No Remote Code Execution

In full compliance with Chrome Web Store Manifest V3 policies, this Extension does not load, execute, or evaluate any remotely hosted code. This ensures malicious scripts cannot be injected into your browser. Specifically:

  • No External Scripts: All JavaScript libraries, CSS frameworks, and assets (including SweetAlert2, Bootstrap, and Lucide icons) are bundled locally within the Extension package downloaded from the Chrome Web Store. No <script src="https://..."> tags are used in any Extension page.
  • No Dynamic Code Execution: The Extension strictly does not use eval(), new Function(), document.write(), or any other mechanism to dynamically create and execute code from external sources.
  • No WebAssembly from Remote Sources: No remotely hosted WebAssembly (.wasm) modules are loaded or executed.
  • API Data Only: All network requests to our server (creatiosistem.com) transmit and receive plain JSON data payloads exclusively. Server responses contain only text data (translation results, account metadata) and never executable code.
✅ Manifest V3 Compliance Validated: This Extension's Content Security Policy is strictly set to script-src 'self'; object-src 'self';, which forcefully prevents any form of remote code injection by the browser engine itself.

8 Third-Party Services & Subprocessors

To operate the Extension reliably, we partner with trusted global service providers to handle highly specialized actions (such as payment processing and AI execution). These processors are bound by strict Data Processing Agreements (DPAs) and confidentiality clauses:

Processor Service Category Data Shared Privacy Policy URL
OpenAI API / Anthropic Artificial Intelligence & Translation Only transient highlighted text payloads (Absolutely NO account context, email, or metadata is shared with the AI providers). OpenAI Privacy Policy
Dodo Payments Merchant of Record & Payment Processing Email address, payment subscription choices, billing details, and geographical data required for tax calculation. Dodo Payments Privacy Policy

We do not share, sell, or rent your personal information to third-party advertisers, data brokers, or marketing networks. All subprocessors are routinely audited to ensure compliant handling of user data under global GDPR and CCPA rules.

9 Chrome Permissions Justification (Least Privilege)

In strict accordance with Google Chrome Web Store Developer Policies, the Extension requests only the absolute minimum set of browser permissions necessary to execute its core functions:

Permission Requested Use-Case Classification Technical Justification (Why It is Required)
storage Local Data Storage Enables the saving of UI preferences, preferred target languages, custom shortcuts, and user login tokens locally and securely within the browser.
contextMenus UI/UX Integration Permits the Extension to add a custom context menu item ("Translate with Lingua") that appears when you right-click selected text.
notifications User Alerts Allows the Extension to display translation results as native system notifications in areas where DOM injection is restricted by Chrome (e.g. within PDF viewers or specialized Chrome pages).
activeTab Temporary User Interaction Grants temporary, highly restricted access to the active webpage's DOM for the sole purpose of rendering the floating translation box near your cursor. Access is revoked immediately when you switch tabs.
host_permissions: creatiosistem.com Secure Network Communication Allows the Extension to securely exchange data exclusively with our designated API endpoints to perform translation operations and authentication.

10 Your Comprehensive Privacy Rights (GDPR & CCPA)

Regardless of your geographic location, we respect and enforce your statutory rights concerning your personal data in full alignment with leading global frameworks (including the European General Data Protection Regulation - GDPR, and the California Consumer Privacy Act - CCPA):

  • Right to Access (Data Portability): You have the right to request access to and receive detailed reports of any personal data we hold about your account in a structured, machine-readable format.
  • Right to Rectification: You may request immediate corrections to any outdated, incomplete, or inaccurate personal details associated with your account.
  • Right to Erasure (Right to be Forgotten): You hold the power to request that we permanently and irrevocably delete your account and all associated records from our active servers.
  • Right to Restrict Processing: You may request that we halt processing of your data under specific conditions.
  • Right to Withdraw Consent: You may immediately withdraw your consent to any processing by uninstalling the Extension and deleting your account.
  • Non-Discrimination: We will not discriminate against you (e.g., by denying service or charging different prices) for exercising any of your privacy rights.

To exercise any of these rights, please send an explicit request to our support email at support@creatiosistem.com. We will review, acknowledge, and fulfill valid requests within thirty (30) days of receipt, completely free of charge.

11 Children's Privacy Protection (COPPA)

Our services are designed for a general adult audience and professionals. They are strictly not directed at children under the age of thirteen (13) (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 13.

If we learn that we have unintentionally collected personal information from a child under 13 without verifiable parental consent, we will take immediate steps to delete that information as quickly as technically possible. If you are a parent or guardian and believe we might have any information from or about a child under 13, please notify us immediately.

12 Changes & Updates to This Policy

We reserve the right to modify, amend, or update this Privacy Policy at any time to reflect changes in our practices, technology, or legal requirements. When updates are published, the "Effective Date" at the top of the document will be revised accordingly.

If we implement material or substantial modifications that alter your privacy rights or how we handle your data, we will provide a prominent, explicit notice within the Extension UI or notify you directly via the email address associated with your account prior to the change becoming effective. We encourage users to periodically review this page to remain informed of our ongoing privacy practices.

13 Contact & Support

If you have any questions, inquiries, complaints, or compliance concerns regarding this Privacy Policy, or if you wish to exercise your data rights, please contact our designated Data Protection Officer: