Quick Summary: TAO is fully GDPR compliant. We never train on your data, you can export or delete your data anytime, and all processing happens in secure EU/US data centers.

Data Controller Information

Company: TAO Translation API Service

Data Protection Contact: privacy@toanother.one

Response Time: Within 72 hours for all data requests

Compliance Standards: GDPR (EU) 2016/679, CCPA, SOC 2 Type II

Your Rights Under GDPR

Right to Access

Request a copy of all personal data we hold about you, delivered in a portable format within 30 days.

Right to Rectification

Correct any inaccurate personal data through your dashboard or by contacting support.

Right to Erasure

Request complete deletion of your account and all associated data. Processed within 30 days.

Right to Portability

Export your data in standard formats (JSON, CSV) for transfer to other services.

Right to Object

Opt out of specific processing activities, including marketing communications.

Right to Restriction

Limit how we process your data while disputes are resolved.

Legal Basis for Processing

Processing Activity	Legal Basis	Purpose
Account Creation	Contract	To provide translation services
Translation Processing	Contract	Core service delivery
Billing & Payments	Contract & Legal Obligation	Payment processing and tax compliance
Security Monitoring	Legitimate Interest	Prevent fraud and abuse
Marketing (Optional)	Consent	Product updates and offers

Data We Collect

Account Information

Email address (required for account creation)
Name (optional, for personalization)
Company name (optional, for invoicing)
Billing address (for paid accounts only)

Translation Data

Source text submitted for translation
Translated output (stored for 30 days by default)
Glossary and terminology preferences
Language pairs and translation settings

Technical Data

API usage logs (request timestamps, volumes)
IP addresses (for security and rate limiting)
Browser type and version (for web interface)
Error logs (sanitized, no personal data)

Data Security Measures

Technical Safeguards

Encryption at Rest: AES-256 encryption for all stored data
Encryption in Transit: TLS 1.3 for all API communications
Access Controls: Role-based access with multi-factor authentication
Infrastructure: SOC 2 Type II certified data centers
Monitoring: 24/7 security monitoring and intrusion detection
Backups: Encrypted, geographically distributed backups

Data Retention

Data Type	Retention Period	Deletion
Translation History	30 days (configurable)	Automatic or manual
Account Data	Duration of account + 90 days	On request
Billing Records	7 years (legal requirement)	After legal period
API Logs	90 days	Automatic
Security Logs	1 year	Automatic

International Data Transfers

TAO processes data in secure facilities located in the European Union and United States. All international transfers comply with:

EU-US Data Privacy Framework
Standard Contractual Clauses (SCCs)
Appropriate safeguards under Article 46 GDPR

Third-Party Processors

We work with carefully selected third-party processors:

Processor	Purpose	Location
AWS	Infrastructure hosting	EU (Frankfurt)
Paddle	Payment processing	UK/EU

Cookie Policy

We use minimal cookies for essential functionality:

Session Cookies: Authentication and security (essential)
Preference Cookies: Language and theme settings (functional)
Analytics Cookies: Anonymous usage statistics (optional, requires consent)

Data Breach Procedures

In Case of Data Breach

Notification to authorities within 72 hours
Direct notification to affected users within 72 hours
Public disclosure if required by severity
Detailed incident report and remediation steps

Children's Privacy

TAO is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

How to Exercise Your Rights

Submit a Data Request

Via Dashboard: Settings → Privacy → Data Requests
Via Email: privacy@toanother.one
Response Time: Acknowledgment within 72 hours
Completion: Within 30 days (complex requests may take up to 90 days)

Required Information: Your account email, type of request, and verification of identity

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.

Updates to This Policy

We may update this GDPR compliance page periodically. Significant changes will be communicated via email to all account holders at least 30 days before taking effect.

Contact Us

Data Protection Inquiries: privacy@toanother.one

General Support: support@toanother.one

Response Time: Within 72 hours for all GDPR-related requests

GDPR Compliance & Data Protection