Privacy Policy

Effective date: March 2026  ·  Last updated: March 2026

Contents

  1. Introduction
  2. Information We Collect
  3. How We Use Your Information
  4. AI Processing & Image Data
  5. Third-Party Services
  6. Data Retention
  7. Your Rights (GDPR / CCPA)
  8. Cookies & Tracking
  9. Security
  10. Changes & Contact

1. Introduction

MangaTranslate is a browser extension and web service that provides AI-powered manga and manhwa translation. It is operated by Bimal (contact: [email protected]).

This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have. By installing the MangaTranslate extension or using our service, you agree to this policy.

2. Information We Collect

Account information: When you sign in, we receive your email address and display name via Google OAuth or GitHub OAuth. We store this to create and maintain your account.

Usage data: We record the number of images you have translated, timestamps of translation requests, your target language selections, and your subscription tier. This data enforces your usage quota and is used to improve the service.

Payment information: Payments are processed entirely by Stripe. We never see, store, or handle your card number, CVV, or bank account details. We receive a Stripe customer ID and subscription status.

Technical data: We may log browser type, extension version, and error messages to diagnose bugs and improve reliability.

What we do NOT collect:

  • Manga or manhwa images (ephemeral — see Section 4)
  • Your reading history or browsing history
  • Location data or GPS coordinates
  • Advertising IDs or cross-site tracking identifiers
  • Any content from pages you visit other than the manga images you explicitly translate

3. How We Use Your Information

  • Provide and operate the translation service
  • Enforce your usage quota based on your subscription tier
  • Process subscription billing and send billing-related emails (receipts, failed payment notices)
  • Send service-critical communications (quota warnings, security alerts)
  • Respond to support requests you send us
  • Diagnose bugs and improve translation quality

We do not sell your data, use it for advertising, or share it with third parties for their own marketing purposes.

4. AI Processing & Image Data

Manga page images are transmitted to our servers for AI processing during translation. Images exist in server memory only for the duration of processing — typically under 10 seconds. Images are never written to disk and are never stored in any database.

Translation results — specifically, the translated text strings and bounding box coordinates for each speech bubble — are cached in Redis for up to 7 days, keyed by a perceptual hash (pHash) of the image content. This allows identical pages to be served from cache without re-processing. Original images are never cached or stored. The pHash key is a numeric fingerprint; the original image cannot be reconstructed from it.

AI training: Your images are not used to train any AI model. We use the Google Gemini API and OpenAI API under paid commercial API agreements. Both providers explicitly exclude paid API data from model training under their terms of service.

AI providers that process your data during translation:

  • Google LLC (Gemini API) — text extraction and translation
  • OpenAI LLC (fallback provider) — used only if primary provider is unavailable

5. Third-Party Services

  • Google OAuth: Authentication only. We receive your email and display name. We do not access Gmail, Google Drive, contacts, or any other Google data.
  • Google Gemini API: Processes manga images for text extraction and translation. Subject to Google Cloud API Terms of Service. Paid usage is not used for training.
  • OpenAI API: Fallback translation provider. Subject to OpenAI API Terms of Service. Paid usage is not used for training.
  • Stripe: Payment processing. Subject to Stripe Privacy Policy. We never handle raw payment credentials.
  • Railway: Backend API and database hosting. US-based servers. Subject to Railway's data processing terms.
  • Cloudflare: CDN for this website. Cloudflare may log standard web access data (IP address, request path, timestamp) per their privacy policy.
  • Google Fonts: Typography delivery. This website loads fonts from fonts.googleapis.com. Google may log the visitor's IP address and browser information when serving font files, per Google's Privacy Policy. No cookies are set by Google Fonts.

6. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of an account deletion request.
  • Translation cache: Auto-deleted after 7 days (Redis TTL). Not recoverable.
  • Usage logs: Retained for a reasonable period necessary to enforce usage quotas and detect abuse, then deleted.
  • Audit logs: Retained for a reasonable period to comply with security and legal obligations. Upon account deletion, audit log entries referencing your account are anonymized — your user identifier is replaced with a null value and the reason field is redacted — preserving the audit trail without retaining personal data.
  • Stripe billing records: Retained per Stripe's data retention policy (typically 7 years for financial records, as required by law).

7. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the following rights:

  • Access: View your account data and usage statistics in the extension Settings screen.
  • Correction: Contact [email protected] to correct inaccurate account information.
  • Deletion: Delete your account from the extension Settings screen, or by emailing us. Account deletion performs the following steps: (1) your database records, session tokens, and usage history are permanently deleted; (2) your Stripe subscription is cancelled and your Stripe customer record is deleted; (3) audit log entries referencing your account are anonymized (user identifiers nulled, reason redacted) to preserve the security audit trail without retaining personal data; (4) the shared translation cache uses content-based keys unrelated to user identity and expires automatically within 7 days — no per-user cache purge is performed or required.
  • Portability: Email [email protected] to request a data export in machine-readable format.
  • Opt-out of sale: We do not sell, rent, or share personal data for marketing purposes. There is nothing to opt out of.

8. Cookies & Tracking

This website uses no cookies, no analytics trackers, and no tracking pixels. There is no advertising, remarketing, or behavioral tracking on this website.

The browser extension uses chrome.storage.local for session tokens (encrypted JWT) and user preferences. This data is stored locally in your browser and transmitted only to our API for authentication purposes.

If analytics are added in the future, this section will be updated with 30 days notice, and opt-out options will be provided.

9. Security

  • All data transmitted between the extension and our backend is encrypted in transit via TLS 1.2 or higher.
  • We do not store passwords. Authentication is exclusively via OAuth (Google or GitHub).
  • API keys are stored hashed (bcrypt). Raw API keys are never stored.
  • Least-privilege access controls are applied to all database and server access.
  • We conduct regular security reviews and address vulnerabilities promptly.

Despite these measures, no system is perfectly secure. If you discover a security vulnerability, please email [email protected] responsibly.

10. Changes & Contact

We may update this Privacy Policy to reflect changes in our practices or for legal compliance. Material changes will be communicated via the extension popup with at least 14 days notice before they take effect.

Continued use of the service after changes take effect constitutes acceptance of the updated policy.

Contact: [email protected]

We aim to respond to all privacy-related requests within 5 business days.