M21 Global

Privacy Policy

Last updated: December 2024

Your privacy matters to us. This policy explains how we collect, use, and protect your data when you use M21Apps.

Table of Contents

1. Introduction

M21Apps is a suite of translation quality assurance tools provided by Multilingues21 – Traduções e Edições Técnicas Multilingues, Lda. (trading as M21Global), a company registered in Portugal.

We are committed to protecting your privacy and handling your data with transparency and care. This Privacy Policy explains what information we collect, how we use it, and what rights you have regarding your personal data.

Key Point: We do NOT store your uploaded documents. Files are processed in memory only and are immediately discarded after processing.

2. Data We Collect

We collect only the minimum data necessary to provide our services:

Account Information

  • Email address – Required for authentication and communication
  • Name – For personalization (optional)
  • Company name – For business accounts (optional)

Usage Statistics

  • Word counts – Number of words processed per month
  • Error type frequencies – Aggregated statistics only (e.g., "10 punctuation errors"), not the actual content
  • Timestamps – When you used the service
  • Files processed count – Number of files analyzed

Payment Information

  • Payments are processed securely by Stripe
  • We do NOT store credit card numbers or bank details
  • We only receive confirmation of successful payments and subscription status

Technical Data (Anti-Abuse)

  • IP address – To prevent abuse and detect multiple free accounts
  • Device fingerprint – A hash of browser characteristics (not personally identifiable)

3. Data We Do NOT Collect or Store

We've designed M21Apps with privacy-first principles. Here's what we explicitly do NOT collect or store:

Your Uploaded Files: Documents (MQXLIFF, DOC, DOCX, RTF, etc.) are processed entirely in memory. They are NEVER saved to our servers or any storage system. Once processing is complete, the file data is immediately discarded.

Document Content: The text of your translations is not retained after processing. We do not keep copies of your source or target content.

Generated Reports: PDF reports and analysis results are generated on-demand and streamed directly to your browser. They are not stored on our servers.

This means we cannot recover your files or reports after your session ends. You are responsible for downloading and saving any reports you need.

4. How We Use Your Data

We use the data we collect for the following purposes:

  • Service Delivery: To provide and maintain M21Apps functionality
  • Authentication: To verify your identity and manage your account
  • Billing: To process payments and manage subscriptions
  • Usage Tracking: To enforce plan limits and calculate overage
  • Abuse Prevention: To detect and prevent misuse of free accounts
  • Service Improvement: To analyze aggregated, anonymized usage patterns
  • Communication: To send important service updates and support responses

We do NOT:

  • Sell your data to third parties
  • Use your data for advertising
  • Share your data with marketing partners
  • Profile you for targeted content

5. AI Processing and Your Data

M21Apps uses Anthropic's Claude API to provide AI-powered translation quality analysis. Here's how this works and what it means for your data:

How AI Processing Works

  • Document segments are sent to Claude for quality analysis
  • The AI identifies potential errors, inconsistencies, and quality issues
  • Results are returned to your browser immediately

Anthropic's Data Policy

No AI Training: Anthropic does NOT use data from commercial API customers to train or improve their AI models. Your documents are never used for machine learning purposes.

  • Retention: Anthropic retains API data for up to 7 days for abuse detection, then permanently deletes it
  • No Training: Commercial API data is explicitly excluded from model training
  • Security: Data is encrypted in transit and at rest

For more information, see Anthropic's data policy for commercial customers.

6. Third-Party Service Providers

We use carefully selected third-party services to provide M21Apps. All primary services store data in the European Union:

ServicePurposeData Location
SupabaseDatabase & AuthenticationEU (Frankfurt, Germany)
VercelWeb HostingEU Edge Network
StripePayment ProcessingEU (PCI-DSS compliant)
AnthropicAI Processing (Claude API)US (data deleted after 7 days)
ConvertAPIDocument Conversion (PDF/DOCX to text)EU (data deleted immediately after processing)
ResendTransactional EmailsUS

We have data processing agreements with all subprocessors to ensure GDPR compliance.

7. Data Location and GDPR Compliance

European Data Storage

All persistent data (accounts, usage statistics, subscriptions) is stored on servers located in the European Union, specifically in Frankfurt, Germany.

GDPR Compliance

As a Portuguese company, we fully comply with the General Data Protection Regulation (GDPR). This includes:

  • Lawful basis for processing (contract and legitimate interest)
  • Data minimization (we only collect what's necessary)
  • Purpose limitation (data used only for stated purposes)
  • Storage limitation (data retained only as long as needed)
  • Integrity and confidentiality (security measures in place)
  • Accountability (we document our compliance)

Data Transfers

For AI processing (Anthropic) and email delivery (Resend), some data may be processed in the United States. Document conversion (ConvertAPI) is processed in the EU. All transfers are protected by Standard Contractual Clauses (SCCs) and the services' commitment to data protection.

8. Data Retention

We retain different types of data for different periods:

Data TypeRetention Period
Account dataWhile account is active + 30 days after deletion
Usage statistics12 months (aggregated, anonymized)
Payment records7 years (legal requirement for tax purposes)
Anti-abuse data (IP, fingerprint)12 months
Uploaded documentsNot retained (processed in memory only)
Generated reportsNot retained (streamed directly to you)

9. Your Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete data. You can also update your account information directly in your settings.

Right to Erasure

You can request deletion of your personal data ("right to be forgotten"). We will delete your account and associated data within 30 days, except where we're legally required to retain it.

Right to Data Portability

You can request your data in a machine-readable format.

Right to Object

You can object to certain processing activities.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

How to Exercise Your Rights

To exercise any of these rights, please contact us at support@m21global.com. We will respond within 30 days.

10. Cookies

M21Apps uses only essential cookies necessary for the service to function:

Essential Cookies

  • Authentication cookies – To keep you logged in
  • Session cookies – To maintain your session state
  • Security cookies – To prevent CSRF attacks

What We Don't Use

  • No tracking cookies – We don't use Google Analytics or similar
  • No advertising cookies – We don't serve ads
  • No third-party cookies – Except for essential services

Because we only use essential cookies, we do not require a cookie consent banner under GDPR.

11. Security Measures

We take security seriously and implement multiple layers of protection:

Encryption

  • In transit: All data is encrypted using TLS 1.3 (HTTPS)
  • At rest: Sensitive data is encrypted in our database
  • Authentication: Passwordless magic link via secure email

Access Controls

  • Row-level security (RLS) in the database
  • Role-based access controls
  • API authentication for all endpoints

Infrastructure

  • Hosted on enterprise-grade platforms (Vercel, Supabase)
  • Regular security updates and patches
  • DDoS protection

Reporting Vulnerabilities

If you discover a security vulnerability, please report it responsibly to support@m21global.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

  • The "Last updated" date at the top indicates when changes were made
  • For significant changes, we will notify you via email
  • Continued use of M21Apps after changes constitutes acceptance

We recommend reviewing this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or your personal data, please contact us:

Multilingues21 – Traduções e Edições Técnicas Multilingues, Lda.
Av. Infante D. Henrique, no. 333H – Esc. 15
1800-282 Lisbon, Portugal

Email: support@m21global.com
VAT: PT507983815
Website: apps.m21global.com

We aim to respond to all privacy-related inquiries within 30 days.