Verbaverba.dev

Privacy Policy

Last updated: February 4, 2026

1. Data Controller

The data controller responsible for your personal data is:

CGL Łukasz Nawrocki
Sole Proprietorship
Poland
NIP: 7792359653
Email: support@verba.dev

2. Information We Collect

We collect the following categories of personal data:

  • Account Information: Email address, name, and password hash when you create an account.
  • Project Data: Translation keys, translation content, and project settings you create.
  • Usage Data: Information about how you use our service, including API calls, features used, and timestamps.
  • Technical Data: IP address, browser type, device information, and cookies for essential service functionality.
  • Payment Data: Billing information processed securely through our payment provider (Stripe). We do not store full payment card details.

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide you with our services (Art. 6(1)(b) GDPR).
  • Legitimate Interests: Processing for service improvement, security, and fraud prevention (Art. 6(1)(f) GDPR).
  • Legal Obligations: Processing required to comply with applicable laws (Art. 6(1)(c) GDPR).
  • Consent: Where required, we obtain your explicit consent for specific processing activities (Art. 6(1)(a) GDPR).

4. How We Use Your Information

  • To provide, maintain, and improve our translation management services.
  • To process AI-powered translations using third-party AI services.
  • To communicate with you about your account, updates, and support requests.
  • To process payments and manage subscriptions.
  • To ensure security and prevent fraud or abuse.
  • To comply with legal obligations.

We do not sell your personal data to third parties.

5. Data Sharing and Third Parties

We share your data with the following categories of recipients:

  • AI Translation Provider (xAI): Translation content is processed by xAI to generate AI translations. This data is processed according to their privacy policy.
  • Payment Processor (Stripe): Payment information is processed by Stripe Inc. for subscription billing.
  • Cloud Infrastructure (MongoDB Atlas): Data is stored on MongoDB Atlas cloud infrastructure.
  • Authentication Providers: If you use social login, data is shared with the respective provider (Google, GitHub).

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or reliance on the recipient's participation in recognized data protection frameworks.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. Upon account deletion, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, accounting, or reporting obligations.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access: Request a copy of your personal data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to Restriction: Request limitation of processing.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at support@verba.dev. We will respond within 30 days.

9. How to Request Your Data

You can request a complete export of all your personal data and project data at any time by sending an email to support@verba.dev with the subject line "Data Export Request". Please include the email address associated with your account.

We will verify your identity and provide your data in a commonly used, machine-readable format (JSON) within 30 days of receiving your request.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Secure password hashing.
  • Regular security assessments.
  • Access controls and authentication mechanisms.

11. Cookies

We use essential cookies required for the service to function, including session cookies for authentication. These cookies are strictly necessary and do not require consent.

We also use analytics cookies (Google Analytics) to understand how visitors interact with our website. These cookies are only loaded after you give explicit consent through our cookie banner. You can change your preference at any time by clearing your cookies and revisiting the site.

The analytics data we collect includes page views, session duration, and general usage patterns. This data is used solely to improve our service and is processed by Google in accordance with their privacy policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

13. Supervisory Authority

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority. In Poland, this is the President of the Personal Data Protection Office (UODO).

14. Contact Us

For any questions about this Privacy Policy or our data practices, please contact us at:

Email: support@verba.dev