Security & Compliance

We handle confidential legal and business documents every day. Here's how we protect your data and which certifications back our commitments.

How Your Data Flows

UploadYour document is transmitted over encrypted HTTPS (TLS 1.2+). No unencrypted data ever leaves your browser.

ProcessingThe AI processes your document in real-time in our EU infrastructure. No data is stored for training. No data is retained after the response.

DeliveryYour translated document is returned securely. Enable auto-delete to remove all traces immediately after download.

Our AI Providers

Google CloudGemini models via Vertex AI

Data processed in EU (europe-west1, Belgium)
Enterprise Vertex AI - covered by Google Cloud DPA
ISO 27701 certified (privacy information management)
Your data is never used to train models
Encrypted at rest (AES-256) and in transit (TLS 1.2+)

AnthropicClaude models via API

Zero Data Retention - no storage after API response
DPA with EU Standard Contractual Clauses (SCCs)
SOC 2 Type II audited security controls
Your data is never used to train models
Encrypted at rest and in transit

Our Commitments

Encryption EverywhereAll data encrypted in transit (TLS 1.2+) and at rest (AES-256).

EU Data ProcessingAI processing runs in Google Cloud europe-west1 (Belgium). Your data stays in the EU.

No Training on Your DataYour documents are never used to train AI models. This is guaranteed by our vendor agreements.

Auto-Delete & Zero RetentionEnable auto-delete to remove documents immediately after download. Zero Data Retention mode available.

Access ControlsJWT-based authentication, role-based access, and audit logging for all operations.

Compliance DocumentationDPAs, certifications, and data handling agreements available for review below.

Sub-processor Register

We rely on the following third-party sub-processors who may process personal data on our behalf. Each is bound by a Data Processing Agreement meeting UK GDPR requirements.

Sub-processor	Purpose	Location	Transfer Mechanism
Anthropic PBC	AI translation (Claude)	USA	UK IDTA / SCCs + ZDR
Google Cloud (Vertex AI)	AI translation (Gemini)	EU (Belgium)	EU region + Google Cloud DPA
Stripe Inc.	Payment processing	USA / EU	UK IDTA / SCCs
Microsoft Azure	Infrastructure hosting	EU (Netherlands)	UK IDTA / SCCs
Functional Software (Sentry)	Error monitoring	USA	UK IDTA / SCCs
LinkedIn Corporation	OAuth authentication (Sign In with LinkedIn)	USA	UK IDTA / SCCs
Microsoft Corporation (Entra ID)	OAuth authentication (Sign In with Microsoft)	USA / EU	UK IDTA / SCCs + Microsoft DPA

We will notify you of any intended changes to sub-processors by updating this register.

Data Breach Response

In the event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you without undue delay and in any event within 72 hours of becoming aware of the breach, as required by UK GDPR Article 33. Notification will be made by email to your registered address.

Breach notifications will include: the nature of the breach, the categories and approximate number of individuals and records affected, the likely consequences, and the measures we have taken or propose to take to address the breach.

We will also notify the ICO where required. A record of all breaches is maintained in our internal breach register regardless of whether notification to the ICO or individuals is required.