← Back to Lingomatic

Privacy Policy

Last updated: March 18, 2026

Lingomatic ("we", "our", "the app") is a Shopify application that provides AI-powered translation services for online stores. This policy describes how we collect, use, and protect your data.

1. Data Controller

Lingomatic acts as a data processor on behalf of you (the Shopify merchant), who is the data controller. We process your store content solely for the purpose of providing translation services as instructed by you through the app.

2. Data We Collect

When you install and use Lingomatic, we collect and store:

• Shop information: Your Shopify store domain, plan selection, currency, and app settings.
• Store content: Product titles, descriptions, collection details, page content, theme text, and other translatable fields from your Shopify store.
• Translations: AI-generated translations of your store content in your selected target languages.
• Glossary and preferences: Custom glossary entries, do-not-translate terms, and brand voice settings you configure.
• Usage data: Word usage transactions, translation history, and feature usage for billing and service operation.
• Server logs: We retain application error logs for debugging purposes. These may contain excerpts of content being translated at the time of an error. Error logs are subject to automatic size-based rotation and are not retained indefinitely.

We do not collect or store any customer personal data (names, emails, addresses, payment details) from your store's customers. The service is not intended for use by children under 18, and we do not knowingly collect data from minors.

3. Cookies and Tracking

Our landing page (lingomatic.io) uses PostHog analytics in cookieless mode. No cookies or local storage are used — we collect only anonymous, aggregated page view data. No personal information is collected from website visitors.

The Lingomatic app (app.lingomatic.io) uses PostHog analytics cookies to understand feature usage and improve the product. Your Shopify store domain is associated with analytics events so we can attribute usage to your account. PostHog does not collect your store content, translations, or payment information.

All analytics data is processed in the EU (Frankfurt, Germany) via PostHog EU Cloud. For full details, see our Cookie Policy.

We use Sentry for server-side error monitoring to detect and fix bugs. Sentry receives error reports and stack traces but does not track user behavior or browsing activity.

For Pro plan users, we offer an optional live chat feature powered by Crisp. The Crisp chat widget is only loaded when you explicitly open it from the Help page.

4. How We Use Your Data

• To translate your store content into your selected languages using AI models.
• To synchronize content between your Shopify store and our translation system.
• To process billing and word usage.
• To improve translation quality through your glossary and brand voice settings.
• To monitor and fix errors in the service (via error logs).

5. Sub-Processors

We share your store content with the following third-party services for processing:

• Requesty: AI model routing service. Your store text is sent through Requesty's infrastructure to reach the AI model providers listed below. Requesty processes the text solely to route it and does not retain your content after processing.
• AI model providers (via Requesty): Large language models from OpenAI, Anthropic, Mistral, Microsoft Azure, and Google Cloud generate translations. Lingomatic automatically selects the appropriate model. Only the text content is sent — no shop domain, customer data, or access credentials.
• Hetzner (Finland): Infrastructure hosting for our servers and database, located in the EU.
• PostHog (EU Cloud): Product analytics. Collects page views, feature usage, and device information. Processed in the EU (Frankfurt). See our Cookie Policy.
• Sentry: Error monitoring. Receives error reports that may include content excerpts at the time of failure.
• Crisp: Live chat support (Pro plan only, loaded on demand).

6. International Data Transfers

Your store content is hosted in the EU (Finland). For the purpose of generating translations, text content is routed through Requesty to AI model providers (OpenAI, Anthropic, Mistral) whose servers may be located in the United States. These transfers are necessary to perform the translation service you have requested. Only the text to be translated is sent — no shop identifiers, customer data, or credentials are included. These providers process the data solely to generate translations and do not retain your content after processing. Sentry (error monitoring) may also process data in the US.

Pro plan users can enable EU AI Processing, which routes all translation requests through Requesty to EU-based infrastructure (Microsoft Azure France/Sweden, Google Cloud Europe, Mistral EU), keeping your content within the European Economic Area.

7. Data Retention

• Your data is retained while the app is installed on your store.
• When you uninstall the app, your access token is immediately revoked.
• Within 48 hours of uninstall, all your data (content, translations, glossary, usage history) is permanently deleted from our systems via Shopify's mandatory data deletion process.
• Error logs containing incidental content excerpts are subject to automatic size-based rotation and are not retained indefinitely.

8. Shopify GDPR Compliance

Lingomatic implements all three mandatory Shopify GDPR webhooks:

• Customer data request: We acknowledge these requests. Since we do not store any customer personal data, no customer data is returned.
• Customer data erasure: We acknowledge these requests. No customer data needs to be deleted as we do not store any.
• Shop data erasure: Upon receiving this webhook (48 hours after app uninstall), we permanently delete all shop data, including content, translations, glossary entries, and usage history.

9. Data Security

• All data is transmitted over HTTPS with TLS 1.2/1.3 encryption.
• Access tokens are encrypted at rest using AES-256-GCM.
• Our database is hosted in the EU (Finland) with restricted access.
• Webhook communications are verified using HMAC-SHA256 signatures.

10. Breach Notification

In the event of a personal data breach that poses a risk to your rights, we will notify you without undue delay and no later than 72 hours after becoming aware of the breach, in accordance with GDPR Article 33. Notification will be sent to the email address associated with your Shopify store.

11. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

• Access: Export all your data at any time through the app's data export feature in Settings.
• Rectification: Edit any translation or glossary entry through the app.
• Erasure: Uninstall the app to trigger complete data deletion within 48 hours.
• Portability: Download your data in machine-readable JSON format via the data export feature.
• Objection: Contact us to object to specific data processing activities.

12. Data Processing Agreement

If you require a formal Data Processing Agreement (DPA) for your compliance needs, please contact us at privacy@lingomatic.io and we will provide one.

13. Legal Basis

We process your data based on the contractual relationship established when you install and use the app (GDPR Article 6(1)(b)). Your acceptance of our Terms of Service during onboarding constitutes this agreement.

14. Changes to This Policy

We may update this privacy policy from time to time. When we make material changes, we will notify you via the email associated with your Shopify store or through an in-app notice.

15. Contact

For privacy-related questions or data requests, contact us at privacy@lingomatic.io.