Privacy Policy

Last updated: December 5, 2024

Effective date: December 5, 2024

1. Data Controller

In accordance with the EU General Data Protection Regulation (GDPR) 2016/679 and Spanish Organic Law 3/2018 on Personal Data Protection and Digital Rights (LOPDGDD), the data controller responsible for your personal data is:

Opus Lingua

Email: privacy@opuslingua.com

Location: Spain, European Union

2. Introduction

Opus Lingua ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our AI-powered translation service for Dynamics 365 files ("Service"). We process your data in compliance with the EU General Data Protection Regulation (GDPR) and applicable Spanish data protection laws.

3. Legal Basis for Processing

Under the GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance (Art. 6(1)(b) GDPR) - Processing necessary to provide our translation services, manage your account, and fulfill our contractual obligations.
  • Legitimate Interests (Art. 6(1)(f) GDPR) - Processing for fraud prevention, security, service improvement, and business analytics, where these interests do not override your fundamental rights.
  • Legal Obligation (Art. 6(1)(c) GDPR) - Processing required to comply with tax, accounting, and other legal requirements.
  • Consent (Art. 6(1)(a) GDPR) - Where applicable, for marketing communications and non-essential cookies. You may withdraw consent at any time.

4. Personal Data We Collect

4.1 Data You Provide Directly

  • Account Information: Full name, email address, password (encrypted)
  • Profile Information: Company name, job title, language preferences
  • Payment Information: Billing details (processed securely by Stripe; we do not store full card numbers)
  • Communication Data: Support requests, feedback, and correspondence
  • Content Data: Translation files you upload (Excel, XLIFF, CRM Translation ZIP files)

4.2 Data Collected Automatically

  • Technical Data: IP address, browser type and version, operating system, device information
  • Usage Data: Pages visited, features used, timestamps, translation job statistics
  • Log Data: Server logs, error reports, performance metrics
  • Cookie Data: Session identifiers, preferences (see Section 10 for details)

4.3 Data from Third Parties

  • OAuth Providers: If you sign in via Google or Microsoft, we receive your name, email, and profile picture
  • Payment Processor: Stripe provides us with transaction status and billing address verification

5. How We Use Your Personal Data

We use your personal data for the following purposes:

  • Service Delivery: To create and manage your account, process translation jobs, and deliver translated files
  • Payment Processing: To process credit purchases and manage billing
  • Communication: To send service notifications, job completion alerts, and respond to support requests
  • Service Improvement: To analyze usage patterns, fix bugs, and improve our AI translation quality
  • Security: To detect fraud, prevent abuse, and protect our systems and users
  • Legal Compliance: To comply with legal obligations, tax requirements, and respond to lawful requests
  • Marketing (with consent): To send promotional communications about new features or offers

6. Data Sharing and Third-Party Processors

We share your personal data with the following categories of recipients:

Recipient Purpose Location
Anthropic (Claude AI) AI translation processing USA*
Stripe Payment processing USA/EU*
Microsoft Azure Cloud hosting & file storage EU (West Europe)
Google (OAuth) Optional authentication USA*
Microsoft (OAuth) Optional authentication USA/EU*

* For transfers outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and verify that recipients provide adequate safeguards for your data.

We do NOT:

  • Sell your personal data to third parties
  • Share your translation content with other users
  • Use your content for training AI models without explicit consent

7. International Data Transfers

Some of our third-party service providers are located outside the European Economic Area (EEA). When we transfer your personal data outside the EEA, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs): EU-approved contractual safeguards
  • Adequacy Decisions: Transfers to countries recognized by the EU as providing adequate protection
  • Supplementary Measures: Additional technical and organizational measures where necessary

You may request a copy of the safeguards we use by contacting us at privacy@opuslingua.com.

8. Data Retention

We retain your personal data only for as long as necessary:

  • Account Data: Retained while your account is active. Deleted within 30 days of account deletion request.
  • Uploaded Files: Automatically deleted 30 days after upload.
  • Translated Files: Available for download for 30 days, then automatically deleted.
  • Transaction Records: Retained for 7 years as required by Spanish tax law.
  • Server Logs: Retained for 90 days for security and debugging purposes.
  • Support Communications: Retained for 3 years after resolution.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: TLS 1.3 for data in transit; AES-256 encryption for data at rest
  • Access Control: Role-based access, multi-factor authentication for administrative access
  • Infrastructure: Enterprise-grade Azure hosting with SOC 2 Type II certification
  • Monitoring: Continuous security monitoring and intrusion detection
  • Password Protection: Passwords are hashed using industry-standard algorithms
  • Regular Audits: Periodic security assessments and vulnerability testing

While we take all reasonable precautions, no method of transmission over the Internet is 100% secure. We encourage you to use strong passwords and enable two-factor authentication.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

10.1 Essential Cookies (Required)

Necessary for the website to function. Cannot be disabled.

  • .AspNetCore.Identity.Application: Authentication session
  • .AspNetCore.Antiforgery: Security token for form submissions
  • CookieConsent: Records your cookie preferences

10.2 Functional Cookies (Optional)

Enable enhanced functionality and personalization.

  • UserPreferences: Language and display preferences

You can manage cookie preferences through our cookie consent banner or your browser settings. Note that disabling essential cookies may affect service functionality.

11. Your Rights Under GDPR

As a data subject under EU law, you have the following rights:

📋 Right of Access (Art. 15)

Request a copy of your personal data and information about how it is processed.

✏️ Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete personal data.

🗑️ Right to Erasure (Art. 17)

Request deletion of your personal data ("right to be forgotten").

⏸️ Right to Restriction (Art. 18)

Request temporary restriction of processing in certain circumstances.

📦 Right to Portability (Art. 20)

Receive your data in a structured, machine-readable format.

✋ Right to Object (Art. 21)

Object to processing based on legitimate interests or direct marketing.

How to Exercise Your Rights

You can exercise most of these rights through your Account Settings page, or by contacting us at privacy@opuslingua.com. We will respond to your request within 30 days.

12. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos - AEPD):

Agencia Española de Protección de Datos (AEPD)

C/ Jorge Juan, 6

28001 Madrid, Spain

Website: www.aepd.es

Phone: +34 901 100 099

We encourage you to contact us first to resolve any concerns. We are committed to working with you to achieve a fair resolution.

13. Automated Decision-Making

Our service uses artificial intelligence (AI) to perform translations. This is a core part of our service and is necessary to fulfill our contract with you. The AI processing is limited to translation of content you provide and does not involve profiling or automated decisions that produce legal effects concerning you.

14. Children's Privacy

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. If we discover that a child under 16 has provided us with personal data, we will delete such information promptly.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:

  • We will update the "Last updated" date at the top of this page
  • We will notify registered users via email at least 30 days before changes take effect
  • For significant changes, we may require you to acknowledge the new policy

16. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Data Protection Inquiries

Email: privacy@opuslingua.com

General Support

Email: support@opuslingua.com

We aim to respond to all privacy-related inquiries within 5 business days.

View Terms of Service → Contact Us