← Back to home

Privacy Policy

Last updated: May 22, 2026

In plain English: We collect only what's needed to run WeLocale. We never sell your data. EU and California residents have specific rights described below.

1. Who we are

WeLocale is a website localisation platform. This policy explains how we collect and process data when you use the admin dashboard, and when your websites use the WeLocale widget. For your account and billing data, WeLocale acts as a data controller. For the content of your websites that you send us for translation, WeLocale acts as a data processor on your behalf.

2. Data we collect

Account data

  • Email address and name (if provided)
  • Authentication metadata (session identifiers, login timestamps)
  • Subscription and billing metadata (plan, limits, invoices)
  • Payment information is handled by Stripe - we do not store card numbers

Website & widget data

  • Allowed domains, enabled languages, and widget configuration
  • Scan events and technical metadata (user agent, timezone)
  • Discovered source strings and their translations
  • Widget delivery logs (page URL, language served)

We do not intentionally collect sensitive personal data. Source strings may contain personal information only if your website content contains it - you are responsible for your content.

3. How we use data

  • Provide and operate the service (scanning, translation, widget delivery)
  • Process payments and manage subscriptions (via Stripe)
  • Secure the platform (fraud prevention, abuse detection, rate limiting)
  • Improve reliability and performance (error monitoring, diagnostics)
  • Send transactional and account emails (password reset, billing receipts, subscription updates)

4. Legal bases (GDPR)

For users in the European Economic Area (EEA), we process your data under the following legal bases:

  • %strong Contract performance - processing necessary to provide the service you subscribed to
  • %strong Legal obligation - retaining billing and tax records as required by law
  • %strong Legitimate interests - security, fraud prevention, service reliability, and product improvement
  • %strong Consent - analytics or marketing communications, where applicable (you may withdraw consent at any time)

5. Sub-processors

We share data with the following trusted service providers solely to operate WeLocale:

Infrastructure & payments

  • %strong Stripe - payment processing (US/EU)
  • %strong Cloud hosting provider - server infrastructure
  • %strong Mailjet - transactional email delivery

AI & translation

  • %strong OpenAI - AI-assisted translation (your strings may be sent to OpenAI for processing)
  • We use only the minimum data required and do not permit sub-processors to use your data for their own purposes

6. International data transfers

Some of our sub-processors are based in the United States. When we transfer personal data from the EEA to the US, we rely on Standard Contractual Clauses (SCCs) or other appropriate transfer mechanisms as required by GDPR.

7. Cookies & local storage

We use essential cookies for login sessions and security (CSRF protection). The widget may store the visitor's selected language in localStorage to respect their choice across pages. See our

Cookie Policy for details.

8. Data sharing

We share data only with the sub-processors listed above, strictly to operate WeLocale. We do not sell, rent, or trade personal data with third parties for their own marketing purposes.

9. Data retention

  • %strong Account and billing records: retained for 7 years for legal and tax purposes
  • %strong Website configuration and source strings: retained while your account is active
  • %strong Scan and access logs: retained for up to 90 days
  • %strong Deleted accounts: data is removed within 30 days of account deletion, except where retention is required by law

10. Your rights

Depending on where you are located, you may have the following rights regarding your personal data:

  • %strong Access - request a copy of the personal data we hold about you
  • %strong Rectification - request correction of inaccurate data
  • %strong Erasure - request deletion of your data ("right to be forgotten")
  • %strong Portability - request your data in a machine-readable format
  • %strong Restriction - request that we limit processing of your data
  • %strong Objection - object to processing based on legitimate interests

To exercise any of these rights, email us at

hello@welocale.com We will respond within 30 days.

11. California residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect and how it is used, the right to delete your personal information, and the right to opt out of the sale or sharing of personal information. WeLocale does not sell or share personal information. To exercise your rights, contact us at

hello@welocale.com

12. Security

We apply access controls, encryption in transit (TLS), and security best practices. No service can guarantee absolute security. In the event of a data breach that poses a risk to your rights, we will notify affected users as required by applicable law.

13. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email or in-app notification before they take effect.

14. Contact

Questions about privacy? Email us at hello@welocale.com