Quick note on roles: For our websites, accounts, billing, support, and marketing, MultiLipi acts as a data controller. For content you send to our translation and SEO services (e.g., website text/media, glossary/translation memory), MultiLipi acts as your data processor under a Data Processing Addendum (DPA).
1) Who we are (Controller details)
Controller: MultiLipi Technologies Private Limited Contact:privacy@multilipi.com Postal address:75/17, Tagore Lane, Shipra Path, Mansarovar, Tagore Lane, Jaipur City, Rajasthan, India - 302020
2) Scope
This Policy applies to: website visitors; account owners and team users; prospects/partners/affiliates; candidates applying for jobs; and end users who view customer websites localized via MultiLipi (limited technical data).
It does not cover the privacy practices of customer websites localized using MultiLipi; those publishers remain responsible for their own sites and notices.
3) What data we collect and why
A. Website visitors
Technical data: IP address, user-agent, device/OS/browser info, pages viewed, referrer, timestamps, basic geolocation (city/country), error logs. Why: operate and secure our sites, prevent abuse, diagnose issues, measure performance. Legal bases: legitimate interests; consent where required for analytics/marketing cookies.
Cookies & similar tech: analytics, A/B testing, language preference, consent management. Legal basis: consent where required.
Account & usage: project/site metadata, languages, configuration, API keys (hashed where feasible), user actions in dashboard.
Content for processing: source text/media, translations, glossary and translation memory (TM), element-level overrides, and related metadata.
Translation workflow: In order to provide translation services, MultiLipi processes the textual content of our clients' webpages. When a page is translated, its text is sent to our servers and to our third‑party translation provider (e.g., Azure Translation Services). For performance optimization and caching, we may store the original text and its corresponding translation.
Billing: plan, invoices, tax IDs, payment status (card details handled by our payment processor).
Why: deliver the service, support, billing, security, quality, analytics, and product improvement. Legal bases: contract; legitimate interests; legal obligations (tax/accounting).
C. End users of customer websites
Strictly necessary technical data: request/response logs, IP, user-agent, URL/path, language preference cookie; limited geodata to choose the right language when configured. Why: serve localized pages, ensure availability/security, prevent abuse, measure platform performance (aggregate). Legal bases: legitimate interests.
D. Sales, marketing & affiliates
Leads/prospects: business contact data, company, role, interests, campaign touchpoints.
Newsletter & marketing: email, preferences; tracking limited to consented analytics.
Why: communicate about services, run campaigns, manage the affiliate program. Legal bases: consent for newsletters/certain cookies; legitimate interests for B2B outreach.
E. Support & communications
Support tickets/chats/emails: contact details, logs, screenshots/error snippets you share. Why: troubleshoot and resolve issues. Legal bases: contract; legitimate interests.
F. Job applicants
Application data: CV/resume, contact, experience, references (if provided). Why: recruitment/evaluation. Legal bases: legitimate interests; consent where required by local law.
Processor commitment: When we process your website content, glossary, or TM as a processor, we do so only on your documented instructions and do not use that content to train general models unless you have explicitly opted in.
Sensitive Data: The Services are not designed to process Sensitive Data (for example, special‑category data under GDPR, children’s data, government IDs, financial account or payment data, precise geolocation, or credentials/passwords/API keys/secrets). Please do not submit such content. Use exclusion controls, ignore/exclude selectors, "notranslate" attributes, robots/auth to prevent processing of content that should not be translated.
4) Legal bases (GDPR/UK GDPR)
Contract (Art. 6(1)(b)) to provide the service you subscribed to.
Legitimate interests (Art. 6(1)(f)) for security, fraud prevention, product improvement (in privacy-preserving ways), and B2B marketing, balanced against your rights.
Consent (Art. 6(1)(a)) for newsletters and certain cookies.
Legal obligation (Art. 6(1)(c)) for tax, accounting, and compliance.
5) How we use data (purposes)
Deliver, maintain, and improve the MultiLipi platform.
Provide translations, language routing, glossary/TM, analytics, and SEO features you enable.
Authenticate users, secure accounts, and detect/prevent abuse or fraud.
Provide support, onboarding, and training.
Send service notices, product updates, and (with consent) marketing.
Comply with laws, enforce terms, and protect our rights.
6) Cookies and tracking
We use essential cookies (security, session, language choice) and analytics/measurement cookies.
7) Data sharing & recipients
We share personal data only with:
Service providers / subprocessors who help host, operate, support, measure, and secure the service.
Payment processors and banks for billing.
Professional advisors (legal, accounting) under confidentiality.
Authorities when required by law.
Within your organization if you’re on a team plan.
With your direction/consent (e.g., integrations you enable).
8) International transfers
Where data is transferred outside your region (e.g., to service providers), we use appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and comparable UK addenda, and (where applicable) rely on adequacy decisions or providers’ certifications.
9) Security
We implement technical and organizational measures including encryption in transit, access controls, least-privilege administration, network protections, audit logging, and regular vulnerability management.
10) Retention
We retain data only as long as necessary for the purposes described above, then delete or irreversibly anonymize it, unless a longer legal retention applies. Typical periods:
Category
Examples
Purpose
Typical retention
Account & billing
Profile, plan, invoices, tax IDs
Provide service; tax/accounting
Term of contract + up to 7 years
Service logs
Edge/app logs, IP, user-agent
Security, diagnostics
Up to 12 months, then aggregate/anonymize
Support
Tickets, chat transcripts
Troubleshooting
Up to 24 months after resolution
Marketing
Newsletter lists, consent records
Communications
Until you unsubscribe/withdraw consent
Translation assets
Content, overrides, glossary/TM
Service delivery
Life of project/account; deleted on deletion request/closure after any grace period
11) Your rights (EEA/UK and similar regimes)
Subject to law, you may have the right to access, rectify, erase, restrict, object (including to processing based on legitimate interests), withdraw consent (for consent-based processing), and data portability. You may also complain to your local supervisory authority. To exercise rights, email privacy@multilipi.com.
12) Children
Our services are not directed to children under 16. We do not knowingly collect such data. If you believe a child has provided us personal data, contact us.
13) Data Processing Addendum (DPA)
We offer a DPA covering GDPR/UK GDPR Art. 28 obligations, SCCs (where relevant), subprocessor commitments, and breach notifications. You can view our standard DPA here or request a countersigned copy at privacy@multilipi.com.
14) Subprocessors
We engage carefully chosen subprocessors to deliver parts of the service. We require data protection commitments and limit access to what’s necessary. We maintain a public list of current subprocessors and will update it before materially adding or replacing a subprocessor, with notice if required by our DPA.
When features use third-party AI (e.g., quality suggestions or summaries), we contractually prohibit providers from using your content to train their models unless you explicitly opt in, and we minimize the data sent.
16) Processor commitments (on your behalf)
Process only on your documented instructions.
Implement appropriate security measures.
Assist with data subject requests related to content we process for you.
Notify you of personal-data breaches without undue delay.
Flow down obligations to authorized subprocessors.
Delete or return personal data at end of services (subject to legal retention), per the DPA.
17) International users
If you are located outside India, your data may be processed in countries with different data protection laws. We use the transfer safeguards described above and protect your data according to this Policy.
18) Changes to this Policy
We may update this Policy from time to time. The “Last updated” date shows the latest version. Material changes will be communicated through the service or by email where appropriate.
19) Contact
Questions, requests, or complaints about privacy?
Email: privacy@multilipi.com
Postal: 75/17, Tagore Lane, Shipra Path, Mansarovar, Tagore Lane, Jaipur City, Rajasthan, India 302020