Legal

Privacy Policy — MultiLipi

Last updated: 10 September 2025

Quick note on roles: For our websites, accounts, billing, support, and marketing, MultiLipi acts as a data controller. For content you send to our translation and SEO services (e.g., website text/media, glossary/translation memory), MultiLipi acts as your data processor under a Data Processing Addendum (DPA).

On this page

Who we are

Controller: MultiLipi Technologies Private Limited
Contact: privacy@multilipi.com
Postal address: 75/17, Tagore Lane, Shipra Path, Mansarovar, Tagore Lane, Jaipur City, Rajasthan, India - 302020

Scope

This Policy applies to: website visitors; account owners and team users; prospects/partners/affiliates; candidates applying for jobs; and end users who view customer websites localized via MultiLipi (limited technical data).
It does not cover the privacy practices of customer websites localized using MultiLipi; those publishers remain responsible for their own sites and notices.

What data we collect and why

We collect the following types of information:

  • Website visitors
    • Technical data: IP address, user-agent, device/OS/browser info, pages viewed, referrer, timestamps, basic geolocation (city/country), error logs. Why: operate and secure our sites, prevent abuse, diagnose issues, measure performance. Legal bases: legitimate interests; consent where required for analytics/marketing cookies.
    • Cookies & similar tech: analytics, A/B testing, language preference, consent management. Legal basis: consent where required.
  • Account holders / customers
    • Identity & contact: name, email, phone (optional), company, role.
    • Account & usage: project/site metadata, languages, configuration, API keys (hashed where feasible), user actions in dashboard.
    • Content for processing: source text/media, translations, glossary and translation memory (TM), element-level overrides, and related metadata.
    • Translation workflow: In order to provide translation services, MultiLipi processes the textual content of our clients' webpages. When a page is translated, its text is sent to our servers and to our third‑party translation provider (e.g., Azure Translation Services). For performance optimization and caching, we may store the original text and its corresponding translation.
    • Billing: plan, invoices, tax IDs, payment status (card details handled by our payment processor).Why: deliver the service, support, billing, security, quality, analytics, and product improvement. Legal bases: contract; legitimate interests; legal obligations (tax/accounting).
  • End users of customer websites
    • Strictly necessary technical data: request/response logs, IP, user-agent, URL/path, language preference cookie; limited geodata to choose the right language when configured. Why: serve localized pages, ensure availability/security, prevent abuse, measure platform performance (aggregate). Legal bases: legitimate interests.
  • Sales, marketing & affiliates
    • Leads/prospects: business contact data, company, role, interests, campaign touchpoints.
    • Newsletter & marketing:email, preferences; tracking limited to consented analytics.
    • Affiliates: identity/contact, payout details, cookie-based attribution. Why: communicate about services, run campaigns, manage the affiliate program. Legal bases: consent for newsletters/certain cookies; legitimate interests for B2B outreach
  • Support & communications
    • Support tickets/chats/emails: contact details, logs, screenshots/error snippets you share. Why: troubleshoot and resolve issues. Legal bases: contract; legitimate interests.
  • Website visitors
    • Application data: CV/resume, contact, experience, references (if provided). Why: recruitment/evaluation. Legal bases: legitimate interests; consent where required by local law.
Processor commitment: When we process your website content, glossary, or TM as a processor, we do so only on your documented instructions and do not use that content to train general models unless you have explicitly opted in.
Sensitive Data: The Services are not designed to process Sensitive Data (for example, special‑category data under GDPR, children’s data, government IDs, financial account or payment data, precise geolocation, or credentials/passwords/API keys/secrets). Please do not submit such content. Use exclusion controls, ignore/exclude selectors, "notranslate" attributes, robots/auth to prevent processing of content that should not be translated.

How we use data

We use your information to:

Deliver, maintain, and improve the MultiLipi platform.

Provide translations, language routing, glossary/TM, analytics, and SEO features you enable.

Authenticate users, secure accounts, and detect/prevent abuse or fraud.

Provide support, onboarding, and training.

Send service notices, product updates, and (with consent) marketing.

Comply with laws, enforce terms, and protect our rights.

Cookies

We use essential cookies (security, session, language choice) and analytics/measurement cookies.

Data sharing

We do not sell your personal data. We may share your information only with:

  • • Service providers / subprocessors who help host, operate, support, measure, and secure the service.
  • • Payment processors and banks for billing.
  • • Professional advisors (legal, accounting) under confidentiality.
  • • Authorities when required by law.
  • • Within your organization if you’re on a team plan.
  • • With your direction/consent (e.g., integrations you enable).

International transfers

Where data is transferred outside your region (e.g., to service providers), we use appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and comparable UK addenda, and (where applicable) rely on adequacy decisions or providers’ certifications.

Security

We implement technical and organizational measures including encryption in transit, access controls, least-privilege administration, network protections, audit logging, and regular vulnerability management.

Retention

We retain data only as long as necessary for the purposes described above, then delete or irreversibly anonymize it, unless a longer legal retention applies. Typical periods:

CategoryExamplesPurposeTypical retention
Account & billingProfile, plan, invoices, tax IDsProvide service; tax/accountingTerm of contract + up to 7 years
Service logsEdge/app logs, IP, user-agentSecurity, diagnosticsUp to 12 months, then aggregate/anonymize
SupportTickets, chat transcriptsTroubleshootingUp to 24 months after resolution
MarketingNewsletter lists, consent recordsCommunicationsUntil you unsubscribe/withdraw consent
Translation assetsContent, overrides, glossary/TMService deliveryLife of project/account; deleted on deletion request/closure after any grace period

Your rights

Subject to law, you may have the right to access, rectify, erase, restrict, object (including to processing based on legitimate interests), withdraw consent (for consent-based processing), and data portability. You may also complain to your local supervisory authority. To exercise rights, email privacy@multilipi.com.

Children

Our services are not directed to children under 16. We do not knowingly collect such data. If you believe a child has provided us personal data, contact us.

Data Processing Addendum (DPA)

We offer a DPA covering GDPR/UK GDPR Art. 28 obligations, SCCs (where relevant), subprocessor commitments, and breach notifications. You can view our standard DPA here or request a countersigned copy at privacy@multilipi.com.

Subprocessors

We engage carefully chosen subprocessors to deliver parts of the service. We require data protection commitments and limit access to what’s necessary. We maintain a public list of current subprocessors and will update it before materially adding or replacing a subprocessor, with notice if required by our DPA.View our current subprocessors here.

AI & model providers

When features use third-party AI (e.g., quality suggestions or summaries), we contractually prohibit providers from using your content to train their models unless you explicitly opt in, and we minimize the data sent.

Processor commitments (on your behalf)

Process only on your documented instructions.
Implement appropriate security measures.
Assist with data subject requests related to content we process for you.
Notify you of personal-data breaches without undue delay.
Flow down obligations to authorized subprocessors.
Delete or return personal data at end of services (subject to legal retention), per the DPA.

International users

If you are located outside India, your data may be processed in countries with different data protection laws. We use the transfer safeguards described above and protect your data according to this Policy.

Changes to this Policy

We may update this Policy from time to time. The “Last updated” date shows the latest version. Material changes will be communicated through the service or by email where appropriate.

Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: