Privacy Policy
Last updated: December 2024
Your privacy matters to us. This policy explains how we collect, use, and protect your data when you use M21Apps.
Table of Contents
1. Introduction
M21Apps is a suite of translation quality assurance tools provided by Multilingues21 – Traduções e Edições Técnicas Multilingues, Lda. (trading as M21Global), a company registered in Portugal.
We are committed to protecting your privacy and handling your data with transparency and care. This Privacy Policy explains what information we collect, how we use it, and what rights you have regarding your personal data.
Key Point: We do NOT store your uploaded documents. Files are processed in memory only and are immediately discarded after processing.
2. Data We Collect
We collect only the minimum data necessary to provide our services:
Account Information
- Email address – Required for authentication and communication
- Name – For personalization (optional)
- Company name – For business accounts (optional)
Usage Statistics
- Word counts – Number of words processed per month
- Error type frequencies – Aggregated statistics only (e.g., "10 punctuation errors"), not the actual content
- Timestamps – When you used the service
- Files processed count – Number of files analyzed
Payment Information
- Payments are processed securely by Stripe
- We do NOT store credit card numbers or bank details
- We only receive confirmation of successful payments and subscription status
Technical Data (Anti-Abuse)
- IP address – To prevent abuse and detect multiple free accounts
- Device fingerprint – A hash of browser characteristics (not personally identifiable)
3. Data We Do NOT Collect or Store
We've designed M21Apps with privacy-first principles. Here's what we explicitly do NOT collect or store:
Your Uploaded Files: Documents (MQXLIFF, DOC, DOCX, RTF, etc.) are processed entirely in memory. They are NEVER saved to our servers or any storage system. Once processing is complete, the file data is immediately discarded.
Document Content: The text of your translations is not retained after processing. We do not keep copies of your source or target content.
Generated Reports: PDF reports and analysis results are generated on-demand and streamed directly to your browser. They are not stored on our servers.
This means we cannot recover your files or reports after your session ends. You are responsible for downloading and saving any reports you need.
4. How We Use Your Data
We use the data we collect for the following purposes:
- Service Delivery: To provide and maintain M21Apps functionality
- Authentication: To verify your identity and manage your account
- Billing: To process payments and manage subscriptions
- Usage Tracking: To enforce plan limits and calculate overage
- Abuse Prevention: To detect and prevent misuse of free accounts
- Service Improvement: To analyze aggregated, anonymized usage patterns
- Communication: To send important service updates and support responses
We do NOT:
- Sell your data to third parties
- Use your data for advertising
- Share your data with marketing partners
- Profile you for targeted content
5. AI Processing and Your Data
M21Apps uses Anthropic's Claude API to provide AI-powered translation quality analysis. Here's how this works and what it means for your data:
How AI Processing Works
- Document segments are sent to Claude for quality analysis
- The AI identifies potential errors, inconsistencies, and quality issues
- Results are returned to your browser immediately
Anthropic's Data Policy
No AI Training: Anthropic does NOT use data from commercial API customers to train or improve their AI models. Your documents are never used for machine learning purposes.
- Retention: Anthropic retains API data for up to 7 days for abuse detection, then permanently deletes it
- No Training: Commercial API data is explicitly excluded from model training
- Security: Data is encrypted in transit and at rest
For more information, see Anthropic's data policy for commercial customers.
6. Third-Party Service Providers
We use carefully selected third-party services to provide M21Apps. All primary services store data in the European Union:
| Service | Purpose | Data Location |
|---|---|---|
| Supabase | Database & Authentication | EU (Frankfurt, Germany) |
| Vercel | Web Hosting | EU Edge Network |
| Stripe | Payment Processing | EU (PCI-DSS compliant) |
| Anthropic | AI Processing (Claude API) | US (data deleted after 7 days) |
| ConvertAPI | Document Conversion (PDF/DOCX to text) | EU (data deleted immediately after processing) |
| Resend | Transactional Emails | US |
We have data processing agreements with all subprocessors to ensure GDPR compliance.
7. Data Location and GDPR Compliance
European Data Storage
All persistent data (accounts, usage statistics, subscriptions) is stored on servers located in the European Union, specifically in Frankfurt, Germany.
GDPR Compliance
As a Portuguese company, we fully comply with the General Data Protection Regulation (GDPR). This includes:
- Lawful basis for processing (contract and legitimate interest)
- Data minimization (we only collect what's necessary)
- Purpose limitation (data used only for stated purposes)
- Storage limitation (data retained only as long as needed)
- Integrity and confidentiality (security measures in place)
- Accountability (we document our compliance)
Data Transfers
For AI processing (Anthropic) and email delivery (Resend), some data may be processed in the United States. Document conversion (ConvertAPI) is processed in the EU. All transfers are protected by Standard Contractual Clauses (SCCs) and the services' commitment to data protection.
8. Data Retention
We retain different types of data for different periods:
| Data Type | Retention Period |
|---|---|
| Account data | While account is active + 30 days after deletion |
| Usage statistics | 12 months (aggregated, anonymized) |
| Payment records | 7 years (legal requirement for tax purposes) |
| Anti-abuse data (IP, fingerprint) | 12 months |
| Uploaded documents | Not retained (processed in memory only) |
| Generated reports | Not retained (streamed directly to you) |
9. Your Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Access
You can request a copy of all personal data we hold about you.
Right to Rectification
You can request correction of inaccurate or incomplete data. You can also update your account information directly in your settings.
Right to Erasure
You can request deletion of your personal data ("right to be forgotten"). We will delete your account and associated data within 30 days, except where we're legally required to retain it.
Right to Data Portability
You can request your data in a machine-readable format.
Right to Object
You can object to certain processing activities.
Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time.
How to Exercise Your Rights
To exercise any of these rights, please contact us at support@m21global.com. We will respond within 30 days.
11. Security Measures
We take security seriously and implement multiple layers of protection:
Encryption
- In transit: All data is encrypted using TLS 1.3 (HTTPS)
- At rest: Sensitive data is encrypted in our database
- Authentication: Passwordless magic link via secure email
Access Controls
- Row-level security (RLS) in the database
- Role-based access controls
- API authentication for all endpoints
Infrastructure
- Hosted on enterprise-grade platforms (Vercel, Supabase)
- Regular security updates and patches
- DDoS protection
Reporting Vulnerabilities
If you discover a security vulnerability, please report it responsibly to support@m21global.com.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
- The "Last updated" date at the top indicates when changes were made
- For significant changes, we will notify you via email
- Continued use of M21Apps after changes constitutes acceptance
We recommend reviewing this policy periodically.
13. Contact Us
If you have questions about this Privacy Policy or your personal data, please contact us:
Multilingues21 – Traduções e Edições Técnicas Multilingues, Lda.
Av. Infante D. Henrique, no. 333H – Esc. 15
1800-282 Lisbon, Portugal
Email: support@m21global.com
VAT: PT507983815
Website: apps.m21global.com
We aim to respond to all privacy-related inquiries within 30 days.