Privacy Policy for Nuenki Platform

Last Updated: 2025-07-04

Our Approach to Privacy

This Privacy Policy explains how Nuenki ("we", "us") collects, uses, and protects your information when you use the Nuenki Platform ("Service"). Our policy is built on the following core commitments:

  • We do not sell your personal data.
  • Your data is never used for model training, either by us or our upstream providers.
  • We collect only the minimal information necessary to operate the Service.
  • You retain full ownership of the content you submit.

1. Information We Collect

We collect only the data required for account creation, payment processing, and the secure operation of the Service.

a. Information You Provide

  • Account Information: When you sign up, we receive your email address from your chosen identity provider (Google or GitHub). We use this for account management and service-related communications.
  • Payment Information: We use Stripe for payment processing. We do not see or store your full credit card number. We only receive a secure token from Stripe for billing purposes.
  • Marketing Source Information: To understand how users find our service, we may store referrer and UTM source information from your first visit in your browser's local storage. When you sign up, this information is associated with your account. We use this solely to evaluate the effectiveness of our marketing channels.

b. Information Collected Automatically

  • Service Metrics: We collect aggregated and anonymized performance metrics (e.g., average translation latency) for billing and to monitor the health of our Service. This data does not contain personal information and is retained for a maximum of 30 days.
  • Website Analytics: We use a privacy-friendly configuration of PostHog for general website analytics, which does not use cookies or track individual users across sessions.
  • Cookies: We use one essential cookie to maintain your login session. We do not use cookies for tracking or advertising.

2. How We Handle Your API Content

Your data is never, under any circumstances, used in model training or development, either by Nuenki or by our upstream providers.

We do not store the content of your API requests (your "Inputs" or the resulting "Outputs") on our systems after a request is completed. To provide the translation service, we must transmit your Inputs to our upstream AI Model Providers. Per our contracts with them, these providers:

  1. May temporarily retain request data for operational purposes, such as abuse monitoring, for a period generally not exceeding 60 days.
  2. Reserve the right to retain data for longer if it is flagged for a serious AI safety violation (e.g., for generating illegal or dangerous content).

This temporary processing by providers is a necessary function of the Service.

3. Data Sharing and Third-Party Sub-processors

To operate the Service, we rely on a limited number of trusted third-party service providers (sub-processors). We only share information that is essential for their function.

  • Cloud Infrastructure: To host our platform and databases, located in secure, enterprise-grade data centers.
  • AI Model Providers: We use specialized API providers to process translation requests. We vet these providers to ensure their contracts guarantee that customer data is never used for model training and is not retained beyond 60 days, except where the content has been flagged for investigation or to comply with binding legal obligations.
  • Payment Processing: Stripe, Inc. handles all payment transactions.
  • Transactional Email: We use Postmark and Tuta to send service-related emails.
  • Authentication: Google and GitHub provide secure account login services.

4. Data Retention Periods

  • API Content: As stated, we do not retain your API content. Our providers' temporary retention is detailed above.
  • Account Information: We retain your email and other account details while your account is active. This information is permanently deleted immediately upon account closure.
  • Transaction Records: We are required by UK law to retain financial records for at least 5 years.
  • Usage Metrics: Anonymous, non-personal metrics are deleted after a maximum of 30 days.

5. Your Data Protection Rights

In accordance with UK GDPR, you have the following rights regarding your personal data:

  • Right to Access: You can request a copy of the personal information we hold about you.
  • Right to Rectification: You can request the correction of inaccurate personal data.
  • Right to Erasure: You can delete your account at any time from your account settings page, which will initiate the immediate and permanent deletion of your personal data.

To exercise any of these rights, please contact us at [email protected].

6. General Information

Legal Basis for Processing

Our legal basis for processing your data is primarily Performance of a Contract (to provide the Service you requested), with some processing for Legitimate Interests (security, fraud prevention) and to comply with our Legal Obligations (financial records).

Security

We implement appropriate technical and organizational measures to protect your data, including encryption and secure infrastructure. However, no online service can be 100% secure.

Children's Privacy

Our Service is intended for users aged 18 and older. We do not knowingly collect data from children.

Data Protection Officer (DPO)

As a small enterprise, we are not required to appoint a formal DPO. All privacy-related inquiries can be directed to our contact email.

Updates to This Policy

We may update this policy from time to time. We will notify you of significant changes by posting the new policy on this page and, where appropriate, via email.

Contact Us

If you have any questions about this Privacy Policy, please contact us at [email protected].