Privacy Policy

1. Data Controller

Eivura SL is the data controller (responsable del tratamiento) for all personal data processed through the Traducet platform, in accordance with Regulation (EU) 2016/679 (GDPR) and Ley Orgánica 3/2018 (LOPDGDD).

• Company: Eivura SL
• Brand: Traducet
• CIF: B26588327
• Address: Avinguda de Roma 23, 43005 Tarragona, España
• Phone: +34 646 128 931
• Privacy contact: privacidad@traducet.com

At this time, Traducet has not appointed a Data Protection Officer because it is not legally required to do so based on its current processing activities. For any privacy or data protection request, users may contact the data controller at privacidad@traducet.com.

2. Data we collect

• Order data: email address, full name (optional), document type, language pair, urgency.
• Document files: the source document you upload. Official documents (birth certificates, criminal records, passports, academic transcripts, etc.) routinely contain special-category personal data such as name, date of birth, nationality, and family status. These files are treated with the highest level of access restriction and deleted automatically after delivery.
• Payment data: processed by Stripe. Traducet does not store card data.
• Account data (if you create an account): email address, hashed password (via Supabase Auth).
• Translator data: name, NIF/NIE, MAEC appointment number, IBAN, credential documents.
• Support correspondence: any messages sent to our support address.

3. Purposes of processing

• Delivering the sworn translation service ordered by the customer.
• Processing payment and issuing invoices.
• Sending order status notifications and the completed translation by email.
• Verifying translator credentials and managing translator accounts.
• Complying with accounting, tax, and commercial record-keeping obligations.
• Responding to support and privacy requests.
• Improving the platform through aggregated, anonymised analytics.

4. Lawful basis

Customer data: Processing is based on performance of a contract (Art. 6(1)(b) GDPR) for the delivery of the translation service. For special-category data contained in official documents, we rely on Art. 9(2)(f) (establishment, exercise, or defence of legal claims) and, where applicable, explicit consent captured at upload (Art. 9(2)(a)).

Translator data: Processing of translator personal data (NIF/NIE, IBAN, credentials) is based on performance of the service provider contract (Art. 6(1)(b)), compliance with legal obligations including tax and social security law (Art. 6(1)(c)), and legitimate interest in verifying professional qualifications and preventing fraud (Art. 6(1)(f)).

Analytics: Aggregated, anonymised analytics are processed on the basis of legitimate interest (Art. 6(1)(f)) in improving the platform.

5. Data retention

Source documents and delivered translations are automatically deleted 90 days after delivery, unless a legal hold applies. Order metadata (reference, status, amount) is retained for 6 years in accordance with commercial record-keeping obligations under Código de Comercio Art. 30, which exceeds the 4-year tax prescriptive period set by Ley General Tributaria Art. 66.

6. Data processors

We engage the following processors, each bound by an Article 28 Data Processing Agreement:

• Supabase — database and file storage (EU region, Frankfurt, Germany)
• Vercel Inc. — hosting and compute (US-based; transfers to the US are governed by Standard Contractual Clauses under GDPR Art. 46(2)(c))
• Stripe — payment processing
• Resend — transactional email delivery
• MAEC-appointed sworn translators — process uploaded documents solely to deliver the certified translation; access is limited to the assigned document

We do not sell personal data to third parties, use it for advertising, or share it with any party other than those listed above.

7. International transfers

All document storage and primary database processing takes place in the EU (Frankfurt). Where any sub-processor is located outside the EEA (notably Vercel, incorporated in the US), transfers are safeguarded by Standard Contractual Clauses approved by the European Commission under GDPR Art. 46(2)(c).

8. Your rights

Under GDPR and LOPDGDD you have the following rights in relation to your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — request deletion of your data where it is no longer necessary for the purpose it was collected, subject to legal retention obligations.
• Restriction — ask us to restrict processing in certain circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interest.
• Withdrawal of consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact privacidad@traducet.com. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In Spain: Agencia Española de Protección de Datos (AEPD) — aepd.es. If you reside in another EU/EEA member state, you may alternatively contact the supervisory authority of your country of habitual residence.

9. Security

Documents are stored encrypted at rest in private storage buckets. Access is only via short-lived signed URLs (5–15 minute expiry). Row-Level Security in our database ensures each user only accesses their own data. All connections use TLS.

10. Cookies and analytics

Traducet uses essential cookies required for the platform to function (session management, security tokens). We may also use anonymised analytics to understand how visitors use the site. No behavioural advertising cookies are used. For full details, see our Cookie Policy.

11. Online Dispute Resolution

For cross-border disputes, consumers may use the EU Online Dispute Resolution platform at ec.europa.eu/consumers/odr. Our contact for ODR purposes: hola@traducet.com.