Privacy Policy

Last updated: May 8, 2026

This Privacy Policy explains what information LiveTranslate ("we", "us") collects, how we use it, where it is stored, who we share it with, and the choices you have. The data controller is Bülent Tüm, Hürriyet Meydanı 30/A Çandar, 35500 Dikili, İzmir, Türkiye. Contact: bulenttum@gmail.com.

Quick summary (TL;DR)

• What we collect: anonymous device ID, optional e-mail (only if you opt-in to "Protect my account"), short audio snippets while translation is active, usage metadata, and payment confirmations from Paddle.
• Why: to provide live transcription & translation, to bill minutes correctly, and to let you restore your minutes after re-installation.
• Where it goes: our backend on Supabase (EU); audio is forwarded to OpenAI for transcription; text is forwarded to DeepL for translation; payments are handled by Paddle.
• How long: audio and translation text — not stored at any point; usage metadata up to 24 months; technical logs up to 30 days; payment records as required by tax law.
• Sold or used for ads? No. We do not sell user data. We do not run advertising. We do not use your data to train AI models.

1. What we collect

a) Anonymous device identifier. The extension generates a random UUID on first install and stores it locally in your browser (chrome.storage.local). This ID is used solely to associate your free trial and purchased credits with your installation. It is not linked to your name or any personal profile by itself.

b) E-mail address (optional, opt-in only). The extension offers a "Protect my account" feature in the side panel. If — and only if — you choose to use it, you may enter an e-mail address. We then send you a 6-digit verification code; once you confirm it, your e-mail is linked to your anonymous device ID on our backend. This is used exclusively to let you restore your remaining minutes if you reinstall the extension or switch browsers. We do not send marketing e-mails. You can skip this step entirely and the extension remains fully functional.

c) Audio snippets (during active use only). When you press "Start translation" on a tab, the extension captures short audio chunks (typically 3–10 seconds) from that tab and forwards them through our backend to OpenAI for speech-to-text. Audio data is not stored on our servers or in our database. It is streamed through and immediately discarded once transcription returns. Audio capture stops the moment you press "Stop" or close the side panel.

d) Transcription & translation results. The resulting text is returned to your browser. We do not store the content of transcriptions or translations. They live only in your browser's memory during your session.

e) Usage metadata. For each transcription and translation call we record on our backend: the anonymous device ID, the duration in milliseconds billed against your quota, the source and target language code, and a success/failure flag. This is used for billing integrity, abuse prevention, and aggregated analytics. We do not record the content of audio or text.

f) Payment data. Purchases are handled entirely by Paddle.com Market Limited, our Merchant of Record. We receive only: the fact that a payment succeeded, the price ID, the transaction ID, the amount, and the subscription/one-time status. We do not receive your credit card number, CVV, or billing address. For that data please consult Paddle's Privacy Policy.

g) Technical logs. Like any web service, our backend keeps short-lived access logs (request path, status code, IP address, user-agent, timestamp) for security and debugging. These are retained for up to 30 days.

h) Locally stored preferences. Settings such as your chosen UI language, source/target language, font size and color preferences are stored only in your browser's local storage. They never leave your device.

1.1 What we do not collect or do

• We do not collect your name, address, phone number, browsing history, or contacts.
• We do not record audio from your microphone — the extension only captures audio from the active browser tab via tabCapture, and only while you have explicitly started translation.
• We do not access content of pages other than to inject a small subtitle overlay when you enable "Subtitle mode".
• We do not sell or rent personal data to anyone.
• We do not use your data — including audio, transcripts and translations — to train any AI model.
• We do not run advertising trackers or third-party analytics inside the extension.

2. Who we share data with (sub-processors)

We share the minimum data necessary with the following processors. We do not share data with anyone else and we do not sell data to third parties.

• OpenAI, L.L.C. — speech-to-text transcription. Audio chunks captured during active translation are sent via API. Privacy policy. OpenAI states that API data is not used to train their models by default.
• DeepL SE — machine translation (text only). Privacy / Pro terms. DeepL Pro does not retain texts after translation.
• Supabase, Inc. — backend hosting (Postgres database + serverless functions, EU region). Stores: device IDs, usage metadata, optional verified e-mail addresses, quota balances. Privacy policy.
• Paddle.com Market Limited — payment processing, invoicing, fraud prevention and tax. When you purchase minutes, you interact directly with Paddle's checkout (opened in a new browser tab). Privacy policy.
• An e-mail delivery provider (transactional only). When you opt in to "Protect my account", a one-time 6-digit verification code is sent to your e-mail through Supabase's transactional e-mail provider. No marketing or newsletter e-mails are ever sent.
• Cloudflare, Inc. — CDN and DDoS protection in front of our website and the checkout page. Privacy policy.

By using the Service you consent to the transmission of the data described above to these processors to the extent necessary to deliver the Service.

3. Legal basis (GDPR)

• Contract (Art. 6(1)(b)): to deliver the translation service you requested and to account for your purchased minutes.
• Legitimate interest (Art. 6(1)(f)): to prevent abuse, debug issues, and keep minimal security logs.
• Legal obligation (Art. 6(1)(c)): to maintain billing records via Paddle as required by tax law.

4. Cookies

The website itself does not set tracking cookies. The Paddle checkout iframe may set cookies strictly necessary for processing the payment and preventing fraud, as described in Paddle's privacy policy. The extension itself uses only local browser storage (chrome.storage.local), not cookies.

5. Data retention

• Anonymous device records & usage metadata: retained for as long as the device is active, plus up to 24 months after last activity for fraud-prevention and accounting purposes.
• Verified e-mail address (only if you opted in): retained until you ask us to delete it, or up to 24 months after your last activity. We will erase it on request — see Section 7.
• Pending verification codes: deleted automatically within 30 minutes.
• Payment records: retained by Paddle for the period required by applicable tax law (typically 10 years).
• Audio data: not retained at any point by us. It is streamed through and discarded as soon as the AI provider returns a transcript.
• Transcription/translation text: not retained at any point on our servers.
• Technical logs: up to 30 days.

6. International transfers

Our backend is hosted in the European Union (Supabase EU region). Sub-processors (OpenAI, DeepL, Paddle, Cloudflare) may process data in the United States and other jurisdictions. These transfers are covered by Standard Contractual Clauses (SCCs) or equivalent safeguards offered by those providers.

7. Your rights

Depending on your jurisdiction (GDPR, UK GDPR, CCPA, KVKK) you may have the right to:

• Access the data we hold about you;
• Request correction of inaccurate data;
• Request deletion ("right to be forgotten");
• Request restriction or object to processing;
• Data portability;
• Withdraw consent at any time (this will not affect the lawfulness of processing before withdrawal).

To exercise any of these rights, email us at bulenttum@gmail.com with your device ID (visible in the extension's Account panel) and, if applicable, the e-mail you used to protect your account. We will respond within 30 days. For payment-related data, please also contact Paddle directly.

You can also delete the extension at any time. Uninstalling the extension removes the locally stored device ID and all preferences from your browser. To additionally remove the corresponding records on our backend (verified e-mail, usage metadata, remaining quota), please contact us as described above.

8. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has used the Service, contact us so we can delete the relevant records.

9. Security

We use TLS 1.2+ for all API traffic. Backend secrets (OpenAI / DeepL keys, Paddle webhook secret) are stored in Supabase environment variables, never in the extension itself. Database access is restricted via Row-Level Security policies.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date above reflects the most recent revision. Material changes will be highlighted on the extension's Account screen.

11. Contact

For privacy questions or to exercise your rights, email bulenttum@gmail.com.