Privacy Policy

Last updated: June 28, 2025

Welcome to LangWitch ("we," "us," or "our"). We're committed to protecting your privacy and complying with the European Union's General Data Protection Regulation (GDPR). This policy explains what personal data we collect, why we collect it, how we use it, and your rights.

1. What We Collect

Account Data
  • Email address, password, name, country
  • IP address, to help prevent abuse and secure user accounts
Service Data
  • AI chat messages you send to our assistant (stored for debugging and service improvement)
  • ConLang data you create or upload (words, translations, grammar rules, etc.)
Communications
  • If you opt in, we may send occasional announcements about new features or updates
  • Transactional emails (e.g., password resets, billing notifications)
Payment Processing
  • We use Stripe exclusively via their API. No credit card details are stored on our servers—only Stripe processes and holds that data.
Website Analytics & Cookies
  • Page views, browser information, and visit patterns (only with your consent)
  • IP address (hashed for privacy protection - we cannot identify you from this)
  • Session data to distinguish unique visitors while maintaining privacy
  • Referrer information to understand how users find our site
  • User agent and device information for compatibility and optimization

2. Why We Process Your Data

Service Delivery & Improvement
  • Powering the AI assistant and translation features
  • Debugging and improving the quality of our AI
Account Security & Abuse Prevention
  • Monitoring IP addresses to protect against malicious activity
Communications
  • Sending account-related messages (required)
  • Optional feature announcements (only if you opt in)
Billing & Subscriptions
  • Managing your subscription and payments via Stripe
Website Analytics & Improvement
  • Understanding how our website is used to improve user experience
  • Identifying popular features and content
  • Optimizing site performance and fixing technical issues
  • Measuring the effectiveness of our marketing efforts

3. Legal Basis for Processing

Under GDPR, we rely on:

  • Contract Performance: Processing your account data is necessary to provide the service you signed up for.
  • Legal Compliance: Keeping transaction records and security logs.
  • Legitimate Interests: Improving our service and preventing fraud (we balance this against your rights).
  • Consent: For optional announcements and website analytics—explicitly obtained via opt-in mechanisms (cookie banner and account settings).

4. Third-Party Services

We work with a few trusted partners:

Service Purpose Data Shared Location
Stripe Payment processing Customer ID, transaction amounts (no card data) Stripe's global network
OpenRouter AI assistant & translation API Chat messages & prompts United States (covered by SCCs)
Mailgun Sending transactional emails Your email address, message content United States (covered by SCCs)
Standard Contractual Clauses (SCCs): To transfer data outside the EU/EEA lawfully, we use EU-approved SCCs with our providers.

4a. Cookies & Website Analytics

We use cookies and similar technologies to analyze website traffic and improve your experience.

What We Track (with your consent)
  • Page visits and navigation patterns
  • Browser and device information for compatibility
  • Referrer sources to understand how users find us
  • Response times to optimize site performance
Privacy Protection
  • IP addresses are hashed - we cannot identify individual users
  • No third-party analytics - all data stays on our servers
  • Automatic cleanup - data older than 90 days is deleted
  • Bot filtering - automated traffic is excluded
Your Control
  • Consent required - analytics only work if you explicitly accept
  • Easy opt-out - withdraw consent anytime in your account settings
  • No impact on service - rejecting analytics doesn't affect functionality

5. Data Retention

  • Account & Service Data: Deleted immediately upon account cancellation or deletion.
  • Transactional Logs: Retained only as long as legally required (e.g., for tax reporting).
  • Analytics Data: Automatically deleted after 90 days. Personal identifiers are anonymized after 30 days for GDPR compliance.

6. Data Security

We take your security seriously:

  • Encryption in Transit: HTTPS/TLS (Let's Encrypt certificates)
  • Encryption at Rest: Industry-standard encryption on our servers
  • Access Controls: Limited to authorized personnel only

7. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Rectify any mistakes
  • Erase ("right to be forgotten") all your data
  • Restrict or object to certain processing
  • Withdraw consent for announcements and analytics tracking at any time
  • Data Portability: Receive your data in a machine-readable format

To exercise any right, please visit our Contact Page or email us at langwitch.net@gmail.com.

8. Updates to This Policy

We may update this policy occasionally. When we do, we will:

  • Revise the "Last updated" date at the top
  • Notify all registered users by email if changes are material

9. Contact Us

If you have questions or need assistance with your data, please reach out: