Data Retention Policy
Last updated: May 30, 2026
We keep your data only for as long as we need it to provide the Services, meet legal obligations, and prevent abuse. The windows below are the maximum periods we retain each class of data; data is removed by scheduled maintenance once it ages past its window. This page is a detailed companion to our Privacy Policy and Security & Compliance page — if anything here appears to conflict with the Privacy Policy, the Privacy Policy governs.
Account, translations & operational data
| Data | Retention | Notes |
|---|---|---|
| Account & profile data | While active | Kept as long as your account is active. |
| Deleted accounts | 30 days | Soft-deleted with a 30-day recovery window, then permanently removed. |
| Translation Memory entries | Indefinite | Retained as part of the community Translation Memory. You may request removal of entries you contributed. |
| API & translation request logs | Up to 90 days | Per-request operational logs used for diagnostics and abuse prevention. |
| Server logs | Up to 90 days | Request and translation-routing diagnostics, including IP addresses and access metadata, used to operate and debug the service. |
| Billing & subscription records | See note | Payments are processed by our payment provider (LemonSqueezy, the merchant of record), which retains invoice and tax records as required by law — we do not store full card details. We keep your subscription status and character-usage accounting while your account is active and for the period required for billing accuracy and tax compliance. |
| Login attempts | Up to 90 days | Used for brute-force detection and account-lockout. |
| System health snapshots | Up to 30 days | Internal uptime / health metrics. |
| Audit logs | Up to 180 days | Security-relevant account and admin actions. |
| Revoked API keys | 90 days | Revoked keys are flagged and hard-deleted after the retention window. A revoked key stops working immediately. |
| Login sessions | 7 days | Dashboard sign-in sessions expire after 7 days; a session can be invalidated immediately on password change. |
| Disconnected sites | 90 days | A site with no plugin heartbeat is auto-disabled after 90 days; reconnecting at any time reactivates it. |
Quality & usage analytics
To make translations better over time, we keep aggregate quality and usage signals. These do not expose your message content to other customers.
| Data | Retention | Notes |
|---|---|---|
| Quality & feedback metrics | Up to 365 days | Aggregated quality signals that improve translation accuracy over time. |
| Translation Memory feedback events | Up to 180 days | Accept / reject / edit signals used for trust scoring. |
| Usage ledger | Up to 365 days | Character-usage accounting for billing transparency. |
| Language demand telemetry | Up to 365 days | Anonymous, aggregate language-pair demand — no message content. |
Backups & disaster recovery
Backups exist to recover the platform after a failure, not for long-term archival. Until a backup ages out of its rotation window, deleted data may still exist inside an encrypted backup — this is standard practice and required for reliable disaster recovery. Because the recovery window is short (about two weeks), residual copies of deleted data are purged well within our deletion commitments.
| Data | Retention | Notes |
|---|---|---|
| Daily database backups | 2 days | Encrypted daily database snapshots, kept on a short rolling window for quick rollback of accidental changes. |
| Point-in-time recovery | up to ~14 days | A weekly base backup plus archived encrypted transaction logs let us restore the database to a recent point in time after a failure. The recovery window spans roughly two weeks; these backups exist only for disaster recovery and are not customer-accessible. |
WordPress plugin translations
Translations rendered on your WordPress site are stored in your own database by the plugin. Their retention is entirely under your control — uninstalling the plugin or clearing its cache removes them. We never copy your site's rendered output into our systems beyond the Translation Memory entries described above.
We only ever receive the source text you send for translation — never your visitors' personal data, order details, or customer records unless that information is itself contained in the text submitted. We recommend using placeholder tokens (e.g. {customer_name}) instead of real personal data in translatable strings. See our Privacy Policy for how plugin data is handled.
Exporting & deleting your data
You are always in control. From Settings you can:
- Export all of your data — account, translations, and Translation Memory in a machine-readable format (GDPR Article 20).
- Delete your account — and all associated personal data (GDPR Article 17). Deletion completes within 30 days of the request. Residual copies in backups are purged within the backup rotation window described above.
We may retain a limited subset of data beyond these periods where required to comply with a legal obligation (for example, invoice and tax records held by our payment provider), to resolve a dispute, or to enforce our agreements. We will not keep your data longer than necessary for those purposes.
For cookie lifetimes and consent records, see our Cookie Policy. To request removal of specific Translation Memory entries you contributed, or for any other retention question, contact [email protected]. We respond within 30 days.
Data residency
Your data is hosted in the European Union (Amsterdam). A Data Processing Agreement (DPA) is available for business customers.