Privacy Policy
Last updated: March 31, 2026 · Company: SocketsIO · Contact: [email protected]
🔒 Short version: We don't store your translation content. Ever. We only keep what's necessary to run your account and process billing.
1. Who We Are
SocketsIO ("we", "us", "our") operates the translation API service at socketsio.com and api.socketsio.com. We provide machine translation services to developers and businesses worldwide.
For questions about this policy, contact us at [email protected].
2. Data We Collect
2.1 Account Information
When you register, we collect:
- Email address (required for account management and billing notifications)
- Password (stored as bcrypt hash — we never see your plaintext password)
- Plan selection and billing information (processed by Stripe — we do not store card numbers)
- Account creation timestamp
2.2 API Usage Data
For billing and rate limiting, we collect:
- Character count per API request (not the content itself)
- Request timestamps and response times
- Source and target language codes
- HTTP status codes and error types
- IP address (for rate limiting and abuse prevention)
2.3 What We Do NOT Collect
We never store, log, or retain the actual text content you send for translation. Translation inputs and outputs are processed in real-time memory and immediately discarded. No translation content is written to disk or databases.
2.4 Cookies and Tracking
We use minimal cookies:
- Session cookie: Required for dashboard login (expires on browser close)
- Preference cookie: Remembers your UI preferences (expires in 30 days)
We do not use third-party advertising cookies or cross-site tracking.
3. How We Use Your Data
We use collected data exclusively for:
- Service operation: Authenticating API requests, enforcing rate limits, tracking character usage against your plan quota
- Billing: Calculating monthly charges, sending invoices, processing payments via Stripe
- Security: Detecting abuse, preventing unauthorized access, rate limiting
- Service communications: Account notifications, billing alerts, critical security notices
- Service improvement: Aggregate (anonymized) usage statistics to improve performance
We do not sell, rent, or share your personal data with third parties for marketing purposes.
4. Data Storage and Security
Your account data is stored on servers located in the European Union (Google Cloud). We implement:
- TLS 1.3 encryption for all data in transit
- Encrypted storage for sensitive account data
- bcrypt password hashing (cost factor 12)
- JWT tokens with short expiry for API authentication
- Regular security audits and penetration testing
- Principle of least privilege for internal data access
5. Data Retention
- Account data: Retained while your account is active, deleted within 30 days of account deletion request
- Usage logs (aggregate): Retained for 13 months for billing dispute resolution
- Translation content: Never stored — zero retention
- IP logs: Retained for 7 days for security purposes, then deleted
6. Third-Party Services
We use the following third-party services:
- Stripe: Payment processing. Stripe handles all card data. See Stripe's Privacy Policy.
- Google Cloud: Infrastructure hosting. Data is processed under Google Cloud's data processing agreement.
- Cloudflare: DDoS protection and CDN. See Cloudflare's Privacy Policy.
We do not use Google Analytics, Facebook Pixel, or other advertising trackers.
7. Your Rights (GDPR)
If you are in the European Economic Area (EEA), you have the following rights:
- Right of access: Request a copy of your personal data
- Right to rectification: Correct inaccurate data
- Right to erasure: Request deletion of your account and data
- Right to portability: Export your data in machine-readable format
- Right to restrict processing: Limit how we use your data
- Right to object: Object to processing based on legitimate interests
To exercise any of these rights, email [email protected]. We respond within 30 days.
8. California Privacy Rights (CCPA)
California residents have the right to know what personal information we collect, request deletion of their data, and opt out of the sale of personal information. We do not sell personal information. To submit a request, contact [email protected].
9. Children's Privacy
Our service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, contact us immediately.
10. Changes to This Policy
We may update this policy periodically. Material changes will be communicated via email to registered users at least 14 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.
11. Contact
For privacy inquiries, data requests, or concerns: