Data Processing Addendum (DPA)

Effective Date: July 1, 2025

This Data Processing Addendum (“DPA”) is incorporated into the Terms of Service and applies when Polylingo processes personal data on behalf of customers in the course of providing services. This DPA ensures compliance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other relevant regulations.

1. Definitions

  • “Customer” refers to the entity or individual using Polylingo services.
  • “Personal Data” means any information relating to an identified or identifiable natural person.
  • “Processor” means Polylingo, which processes data on behalf of the Customer.
  • “Controller” means the Customer, who determines the purposes and means of processing.

2. Roles and Responsibilities

The Customer is the Data Controller, and Polylingo acts as the Data Processor. Polylingo will only process Personal Data on documented instructions from the Customer, unless required by law.

3. Purpose of Processing

Polylingo processes data solely to provide its translation and localization services, including content submission, API usage tracking, credit management, and plugin interaction.

4. Sub-Processors

Polylingo may engage trusted sub-processors for infrastructure (e.g., cloud hosting, AI engines, payment gateways). A list of sub-processors is available upon request. Polylingo ensures sub-processors comply with equivalent data protection obligations.

5. Data Security

Polylingo implements appropriate technical and organizational measures, including:

  • HTTPS encryption for all data in transit
  • Token-based API authentication
  • Role-based access control (RBAC)
  • Daily encrypted backups and infrastructure-level firewalling

6. Data Subject Rights

Polylingo assists Customers in fulfilling data subject requests under applicable laws, including access, rectification, deletion, and portability of data, within reasonable timeframes.

7. Data Transfers

Customer data may be transferred and processed outside of the country of origin (including to the EU, US, or Asia) based on appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions.

8. Data Retention & Deletion

Upon termination of the agreement, Polylingo will delete or return all personal data to the Customer, unless otherwise required by law. Deletion requests can be submitted to support@polylingo.app.

9. Audits

Upon reasonable notice and under confidentiality, the Customer may audit Polylingo’s data practices or request summaries of third-party security assessments (e.g., penetration testing, infrastructure certifications).

10. Liability

Each party shall be responsible for any damages or losses arising from its failure to comply with its respective obligations under this DPA and applicable data protection laws.

11. Contact

For questions or concerns about data processing or compliance, please contact us:

📧 support@polylingo.app
📍 Polylingo Technologies – Ho Chi Minh City, Vietnam