Privacy Policy

Company Information

Name: Nuenki
Country: United Kingdom
Contact Email: [email protected]

Data We Collect

  • Email Address: Collected during signup for account creation and communication.
  • Password (Hashed): Stored securely for account authentication.
  • Payment Information: User and subscription IDs, as well as the currency used for payments via Stripe. Your full payment details are handled by Stripe and inaccessible to Nuenki.
  • Translation Data: Text sent for translation is cached anonymously on our server in Helsinki.
  • Analytics Data: Anonymised data collected via Posthog, and, if you consent via our popup (shown only to users arriving from a Facebook ad), data collected via the Facebook Pixel for advertising purposes.
  • Source Log: Information about what website you came from (sourced from the HTTP referrer header and utm_source URL parameter) and what page you first visit is stored when you first load Nuenki. It is anonymously sent as analytics data at that first point, and non-anonymously sent to the server when you signup - but only after agreeing to the privacy policy and terms of service. This data is stored alongside your user account in order to determine the success of various marketing sources, including Facebook ads when tracked via the Facebook Pixel with your consent.
  • Affiliate Code: If you sign up using an affiliate link, your account will be associated with the corresponding affiliate token to track referrals. If you consent via our popup, this token is stored in your browser's local storage as affiliateID, along with your consent decision as affiliateConsent (see "Local Storage" below).
  • Affiliate Program Data: If you join the Affiliate Program, we collect your PayPal email address, earnings, amounts paid out, and, if applicable, details of alternative payment methods you arrange with us.

Purpose of Data Collection

  • Service Provision: To provide and maintain our browser extension service.
  • Payment Processing: To manage payments and subscriptions via Stripe.
  • Service Improvement: To analyse usage patterns through Posthog and the aforementioned Source Log system in order to improve and market our service. Additionally, with your consent (via a popup shown only to users from Facebook ads), we use the Facebook Pixel to track ad performance and optimise marketing campaigns on Facebook.
  • Affiliate Program: To track referrals, calculate commissions, and process payouts for affiliates.

Legal Basis for Processing

  • Contractual Necessity: Processing is necessary for the performance of the service you have requested and for participation in the Affiliate Program.
  • Legitimate Interests: We process anonymised analytics data to improve our service and share anonymised logs with affiliates to support the Affiliate Program.
  • Consent: We rely on your consent for account creation, data processing, storing affiliate tokens in local storage, and, if applicable, tracking via the Facebook Pixel (shown only to users from Facebook ads), which can be withdrawn by deleting your account or declining the consent popup.

Data Sharing

We share data with the following third-party services:

Translation Services

Nuenki uses multiple translation services depending on the situation. The data sent for translation isn't linked to the user who requested the translation.

  • DeepL: Handles primary, very-low-latency translation processing. Data is handled in accordance with their privacy policy, available here.
  • Groq: Handles secondary, low-latency translation processing using Large Language Models. Groq's privacy policy is available to read here.
  • Amazon Bedrock: Handles tertiary, high-latency translation processing via the Claude 3.5 model. Amazon Bedrock has a no-logging, no-sharing, no-training policy with regards to user queries.
  • Anthropic: Handles quaternary, very-high-latency translation processing via the Claude 3.5 model. Anthropic's privacy policy is available to read here.
  • OpenAI: Handles translation processing using Large Language Models. OpenAI states that data submitted via their API is not used for training their models. Their privacy policy can be found here.

Affiliate Program

If you sign up using an affiliate link, anonymised logs about signups, upgrades, and page loads may be shared with the affiliate whose link you used. This data is not linked to your personal identity and is used to track referral success and calculate commissions.

Other Services

  • Cloudflare: We utilise Cloudflare for two main purposes:
    • Content Delivery Network (CDN): All data exchanged between your device and our servers passes through Cloudflare's network. Cloudflare decrypts this data, then re-encrypts it before sending it to our servers, facilitating bot protection, DDoS protection, performance enhancements through caching, and other technical services. This data is processed in line with Cloudflare's Terms of Service and Privacy Policy. You can view their privacy policy here.
  • Posthog: Posthog collects anonymised data about website usage.
  • Facebook (Meta): If you arrive from a Facebook ad (detected via utm_source=fbad) and consent via our popup, we share data with Facebook via the Facebook Pixel to track ad performance and optimise marketing campaigns. This includes events like page views and conversions, sent only after your explicit consent. Facebook's privacy policy is available here.
  • Stripe: Manages payment processing. Stripe handles all payment details, including storage and charging. Nuenki itself never accesses your payment information. You can view their privacy policy here.
  • Postmark: Nuenki uses Postmark to deliver password reset emails and alert developers to abnormal billing errors. You can view their privacy policy here.
  • Tuta: Nuenki uses Tuta, a privacy-focused email service, for direct correspondence. You can view their privacy policy in English here or the original German here.

International Data Transfer

All personal data processing occurs within the European Economic Area (EEA). Our servers are situated in Helsinki, Finland. Some translation services (OpenAI, Anthropic, Amazon Bedrock) and, if consented to, the Facebook Pixel involve transfer of data to the United States. Translation requests are anonymised and not associated with the user who requested them, while Facebook Pixel data (e.g., page views, conversions) is linked to your activity but only sent with your consent via the popup shown to users who arrived at the website via a Facebook Ad. Their privacy policies are stated above.

Data Retention

  • Account Data: Kept until account deletion. Account data may persist within logs until they are automatically removed within 14 days.
  • Affiliate Program Data: For affiliates, PayPal email, earnings, and payment details are kept until account deletion or termination from the Affiliate Program, whichever comes first.
  • Analytics Data: Anonymised and stored indefinitely, including Facebook Pixel data if you consent via the popup shown to users from Facebook ads.
  • Translation Data: Cached indefinitely, subject to change based on usage. The extensive translation cache is necessary in order to make Nuenki economically viable. Nuenki does not store who translated what; all cache entries are anonymous. Cached translations remain after account deletion - because your translations are not associated with your account, it's not possible to delete them when you delete your account.

Data Security Measures

We employ robust security measures to safeguard your data, including:

  • Password Hashing: All passwords are securely hashed.
  • Secure Cloud Servers: Utilising SSH keys, firewalls, and access controls.
  • Regular Penetration Testing: Conducting routine penetration testing of our code.
  • Security-focused design: Nuenki's technical architecture, design choices, and code have been planned and implemented with security in mind.

User Rights

  • Access and Rectification: Contact us at [email protected] to access or correct your data, including Affiliate Program data if applicable.
  • Erasure: You can delete your account via the website's account page, which will erase your data, including Affiliate Program data if you're an affiliate.
  • Consent Withdrawal: Withdraw your consent by deleting your account or, for Facebook Pixel tracking and affiliate token storage in local storage, by declining the consent popup.

Cookies

We use the following cookies for basic functionality, not for tracking purposes. Cloudflare also uses functional cookies, as described in their documentation. Additionally, if you arrive from a Facebook ad (via utm_source=fbad) and consent via our popup, the Facebook Pixel may set cookies to track ad performance and website activity. This is optional and only occurs with your explicit consent. You can view Facebook's privacy policy here.

NamePurposeDuration
tokenThis is a session token that authenticates your logged-in status, ensuring you remain logged in as you navigate the site.Until logout
signup-tokenAllows you to bypass the login process once after signing up.Until used
fbcookieconsentStores your consent decision for the Facebook Pixel, shown only to users from Facebook ads. Set to "yes" or "no" based on your choice.1 year

Data Analytics

Nuenki uses Posthog in privacy-friendly (no consent required) mode. No data is stored to cookies or local storage, nor are users tracked between sessions. Additionally, if you arrive from a Facebook ad and consent via our popup, we use the Facebook Pixel to collect data for ad performance and optimisation, shared with Facebook as outlined above.

Local Storage

Nuenki stores the HTTP referrer header and utm_source URL attribute in local storage, submitting the data upon user signup to track approximately how users are finding Nuenki. This is part of the aforementioned Source Log and may be shared with Facebook via the Pixel if you consent through the popup shown to Facebook ad users. If you use an affiliate link and consent via our popup, the affiliate token is stored as affiliateID and your consent decision as affiliateConsent in local storage to facilitate referral tracking. You can decline this via the popup, and it will not be stored.

Children's Privacy

Our service isn't intended for individuals under 18. We enforce this through our Terms of Service and by requiring valid payment methods. If you believe we might hold information relating to a child you're responsible for, please contact [email protected].

Data Breach Response

In the event of a data breach, we will:

  • Contain the Breach: Immediately halt unauthorised access.
  • Assess the Impact: Determine the breach's scope.
  • Notify Affected Users: Inform users via email about the breach and steps taken.

Data Protection Officer

We do not have a designated Data Protection Officer.

Updates to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on our website.

Contact Information

If you have any questions or concerns about this Privacy Policy or how we handle your personal data, please contact us at [email protected].