PRIVACY POLICY

Last Updated: January 5, 2026

1. Introduction

This Privacy Policy explains how Reflo ("we," "us," or "our") collects, uses, and safeguards your information when you use our AI document translation platform (the "Service"). We are committed to strong, industry-standard data security practices as a core principle of our business.

2. Information We Collect

2.1. Information You Provide

Account Data
When you create an account directly, we collect your name, email address, password (stored in hashed form), and billing details. Payment information is processed securely by third-party payment providers such as FastSpring and is not stored on our servers.

Google Sign-In (OAuth) Data
If you choose to sign in using Google Sign-In, we collect only the basic profile information provided by Google, including:

  • Your Google account email address
  • Your Google account display name
  • Your Google profile image (if available)

We do not access your Google password, Gmail content, Google Drive files, contacts, calendars, or any other Google services.

User Content
We collect the files you upload for translation, such as PDF, Word, or image files.

2.2. Automatically Collected Information

Usage Data
This includes IP address, browser type, device information, and interaction logs, such as the number of pages translated and system error rates.

Cookies
Cookies are used to maintain login sessions (including Google Sign-In), ensure platform stability, and analyze service performance.

3. How We Use Your Data

We process your data based on applicable legal grounds, including contract performance and legitimate interests under GDPR, for the following purposes:

  • To Provide the Service
    Processing uploaded files to generate translated documents.

  • To Manage Accounts and Authentication
    Including account creation, login (including Google Sign-In), billing, credit calculation, and subscription management.

  • To Improve Service Performance
    Using operational metadata, excluding document content, to optimize system reliability, performance, and error handling.

  • Service Communication
    Sending essential transactional emails such as invoices, password resets, security notices, and service updates. Marketing communications are sent only with your consent.

Note on AI Training
We do not use your uploaded documents, translated outputs, or Google account information to train or improve any general-purpose artificial intelligence models.
All documents are processed solely to deliver the translation service and are handled within isolated, secure processing environments.

4. Data Retention Policy

We retain personal data only for as long as necessary to provide the Service and meet legal obligations.

  • User Content (Input and Output Files)

    • Free & Lite Plans: retained for up to 7 days, then permanently deleted
    • Pro & Volume+ Plans: retained for up to 30 days, then permanently deleted

  • Account and Google Sign-In Data
    Retained while your account remains active or as required by applicable tax or legal obligations.

You may request account deletion and data removal at any time.

5. Sharing Your Information

We do not sell personal data.

We share information only in the following limited circumstances:

  • Service Providers
    Trusted third-party partners that support our infrastructure, payment processing, and AI model services, all subject to strict Data Processing Agreements.

  • Google OAuth Services
    Google processes authentication requests as part of the Google Sign-In flow. Reflo does not share uploaded documents or translated content with Google.

  • Legal Requirements
    When disclosure is required by law, regulation, or valid legal process.

6. International Data Transfers

Your data may be processed on secure servers located in the United States or the European Union. Where required, we implement appropriate safeguards, including Standard Contractual Clauses, to protect your information.

7. Your Data Rights (GDPR / CCPA)

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request deletion of your account and associated data
  • Request data portability

To exercise these rights, please contact [email protected].

8. Security

We apply enterprise-grade security measures, including AES-256 encryption for data at rest and TLS 1.3 encryption for data in transit.
While no system is completely secure, we continuously improve our safeguards to protect your information.

9. Changes to This Policy

We may update this Privacy Policy to reflect changes in features, subscription tiers, or legal requirements. Material changes will be communicated via email or through a prominent notice within the Service.

10. Contact Us

If you have questions about this Privacy Policy or our data protection practices, please contact:

Reflo Data Protection Officer
Email: [email protected]

Privacy Policy | Reflo