Targemus Privacy Policy
1. General Provisions
1.1. This Policy describes what personal data the Targemus service (the "Service", "we") processes, for what purposes, on what legal grounds, and what rights you have.
1.2. The data controller is Diliaver Akimov, an individual conducting business in the Republic of Türkiye (Sakarya Province, city of Serdivan). Contact for privacy matters: support@targemus.com.
1.3. We comply with applicable data protection law, including the EU General Data Protection Regulation (GDPR) and the Turkish Law on the Protection of Personal Data (KVKK).
1.4. Payments are handled by Paddle.com Market Limited as the Merchant of Record. With respect to payment data (card number, etc.), Paddle acts as an independent controller; we do not receive or store your payment-instrument data.
2. What Data We Process
2.1. Account data:
- email address;
- password — stored only as a cryptographic hash on the side of our authentication provider (Supabase); we do not see your password in plain text;
- when signing in with Google — the identifier of your Google account.
2.2. Content you save in the Service:
- entries of your personal glossary (pairs of "term → translation") that you create so that the Service maintains uniform (consistent) terminology in your translations. They are stored in our database and linked to your account.
2.3. Usage data (metadata):
- the number of translated characters, the language pair, the selected style, and the volume and time of a request — to enforce usage limits and operate the Service.
Important: we do not store the texts of your translations — neither the source text nor the result. Only the metadata listed above (counters and request parameters) remains in our database, but not the content of the translated text.
2.4. Technical data:
- IP address and approximate location (country/region) — for security and abuse prevention;
- anti-bot verification data (the Cloudflare Turnstile service);
- service logs and technical request identifiers.
2.5. Data stored in your browser rather than on our servers:
- translation history and post-editor drafts (in the browser's local storage, IndexedDB);
- interface settings — theme and language (localStorage).
This data stays on your device, and you can remove it by clearing the site data in your browser. When you sign out, the draft of the current translation and the saved translation settings are cleared automatically. Additionally, you can enable an option whereby the local translation history and post-editor drafts are also deleted each time you sign out. When you use the browser's private ("incognito") mode, all local data is deleted by the browser itself when the window is closed.
3. How Text Is Processed for Translation
3.1. To perform a translation, the text you enter is transmitted to a third-party artificial-intelligence technology infrastructure provider (the LLM provider) located in the United States. The transmission is transient in nature: the text is processed to produce the translation and is not stored by us.
3.2. Neither we nor the provider use your texts to train models. Under the commercial-use terms of the relevant application programming interface (API), the transmitted data is by default not used to train models.
3.3. We do not disclose the specific model name and provider in public documents, as this forms part of our technology. The categories of engaged processors are listed in Section 5; an extended list is provided upon reasoned request.
4. Purposes and Legal Grounds of Processing
| Purpose | Legal ground |
|---|---|
| Provision and operation of the Service, performing translations, enforcing usage limits | Performance of a contract (Terms of Service) |
| Accepting payment and issuing invoices | Performance of a contract; carried out through Paddle |
| Security, protection against abuse and fraud | Our legitimate interest |
| User support | Performance of a contract / legitimate interest |
| Website usage analytics | Consent (to be requested separately, see Section 9) |
| Compliance with legal requirements | Performance of a legal obligation |
5. To Whom We Transfer Data (Categories of Processors)
We engage a limited number of service providers that process data on our instructions:
- payment processing: Paddle (Merchant of Record);
- application hosting: Vercel;
- database and authentication: Supabase;
- AI translation infrastructure: LLM provider (USA) — see Section 3;
- bot protection: Cloudflare Turnstile;
- account sign-in: Google;
- web analytics: Google Analytics (to be connected later, with a consent request — see Section 9).
We do not sell your personal data to third parties.
6. International Data Transfers
6.1. Some providers are located outside your country:
- database, authentication, and glossary storage (Supabase) — East Asia region (Seoul, Republic of Korea);
- application hosting (Vercel) — USA (Washington, D.C.);
- AI translation infrastructure (LLM provider) — USA.
6.2. For such transfers, we rely on the safeguards provided by law (for example, standard contractual clauses) and on the contractual obligations of the providers.
7. Retention Period
7.1. Account data, the glossary, and usage metadata are stored for as long as your account exists.
7.2. Upon deletion of your account, we delete the data associated with it within a reasonable time after the request, except for information we are required to retain by law (for example, for accounting and dispute-resolution purposes).
7.3. Automatic server-side deletion on a timer is not currently applied; deletion is carried out at your request or upon deletion of your account.
8. Your Rights
8.1. Depending on the applicable law (GDPR/KVKK), you have the right to:
- access your data and obtain a copy of it;
- request correction of inaccurate data;
- request deletion of data;
- restrict or object to processing;
- receive your data in a portable format;
- withdraw previously given consent;
- lodge a complaint with a data protection supervisory authority.
8.2. To exercise your rights, write to support@targemus.com. We will respond within the time frames established by applicable law.
9. Cookies and Similar Technologies
9.1. At present, we use only necessary technologies:
- session cookies for sign-in and session maintenance (Supabase);
- browser local storage for interface settings (theme, language);
- technical anti-bot verification files (Cloudflare Turnstile).
9.2. Later, we plan to connect web analytics (Google Analytics). Before enabling it, we will display a banner requesting consent for the use of analytics/marketing cookies; analytics will not run without your consent.
10. Communications
We send only service (transactional) emails: registration confirmation, receipts and notices from Paddle, and subscription-status notifications. We do not send marketing emails without your separate consent.
11. Children
The Service is intended for persons aged 18 or over. We do not knowingly collect children's data.
12. Changes to the Policy
We may update this Policy. We will notify you of material changes through the website and/or by email. The current version is always available on the website with the date of update indicated.
13. Contact
For personal-data processing questions: support@targemus.com.