Privacy Policy

Effective date: 25 July 2025

1. Controller

WHIZY, SASU (share capital €1,000), SIREN 938 696 143, 12 RUE DE LA PART-DIEU, 69003 LYON, France. VAT FR58938696143. Contact: [email protected].

2. What We Process

We do not create local user accounts. We rely on Discord OAuth. We process:

  • Discord identifiers: user ID, server (guild) ID, channel ID, message ID.
  • Language preferences and aggregated usage statistics.
  • Ephemeral translation / transcription / generation content: processed in memory only (not stored), except a temporary anonymous cache of repeated identical inputs (no link to a user).
  • Support tickets (deleted after resolution).
  • Payment data handled directly by Stripe (we receive status/metadata, never full card details).

We do not store IP addresses or device/User-Agent ourselves.

3. Purposes & Legal Bases

We process personal data for the following purposes:

  • Provide the Service (Discord bot features). Legal basis: performance of the contract (use of the bot).
  • Payment / invoicing. Legal basis: contract and legal obligation (accounting).
  • Technical operation, security, abuse prevention (logs, rate‑limit). Legal basis: legitimate interest.
  • Service improvement (optimisation, anonymous cache, statistics). Legal basis: legitimate interest.
  • User requests (support / deletion). Legal basis: legitimate interest / legal obligation.

We do not run marketing emails or third‑party analytics today. If this changes, we will update this Policy and request consent where required.

4. Cookies

Our website (https://itranslator.app) uses only internal cookies:

  • Session cookie (Discord OAuth): up to 365 days.
  • Referral cookie: 30 days.

No third‑party analytics and no consent banner at this time.

5. Processors / Recipients

We use providers to operate the Service:

  • Hosting / infrastructure: OVH (France/EU), Contabo (EU), Hetzner (EU).
  • Payment: Stripe.
  • Platform integration: Discord.
  • AI / LLM APIs: OpenAI, Mistral, Qwen, Groq.
  • Internal analytics / backups: our EU infrastructure.

We do not sell your data.

6. International Transfers

Some providers are outside the EEA (e.g. OpenAI, Stripe group, Discord, Groq, possibly Qwen). Transfers rely on EU Standard Contractual Clauses or equivalent safeguards. We minimise the data sent (mainly identifiers / ephemeral content).

7. Retention

  • Discord IDs & preferences: kept while you use the Service (deleted on request).
  • Technical logs (no IP): 12 months.
  • Ephemeral content: processed in RAM only, then discarded; anonymous cache kept as needed.
  • Payment / invoices: retained by Stripe and for legal accounting periods.
  • Support tickets: deleted after resolution.

8. Security

We apply reasonable measures: restricted staff access, TLS encryption in transit, provider‑level encryption at rest, monitoring and backups. No method of transmission or storage is 100% secure.

9. Your Rights

You may request access, rectification, deletion, restriction, portability or object to processing by emailing [email protected] or contacting us on Discord. We answer within one month and may verify identity via the Discord account or email.

10. Children

The Service is intended for users who meet Discord’s minimum age and French digital consent rules (15+). We do not knowingly process data of users below this threshold.

11. Complaints

You can lodge a complaint with the French supervisory authority (CNIL) at www.cnil.fr.

12. Changes

We may update this Policy. The latest version is posted on our website. Continued use after changes means you accept the updated Policy.

Questions? Contact us at [email protected].