Updated: October 25, 2018

What the GDPR is

The GDPR is a new comprehensive data protection law in the EU that updates existing laws to strengthen the protection of personal data. It replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state. It is effective from May 25, 2018. EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organization that works with EU residents' personal data in any manner, regardless of location, has obligations to protect the data. We fully understand this, so we collect as little personal data as possible and safeguard it as well as we can.

Who the GDPR applies to

The GDPR applies to all organizations operating in the EU or processing "personal data" of EU and Switzerland residents.

What data the GDPR applies to

Under the GDPR, the concept of "personal data" is very broad and covers any information relating to an identified or identifiable individual (also called a "data subject"). Personal Data is anything that you could conceivably use to identify a person within a larger group. That includes name, address, email, ip address, cookies, location etc.

What personal data we collect and why

When you register:

  • We collect email addresses for the account system. Every account is unique due to the uniqueness of the email address, which is used to identify you as a user, log you in, notify you, connect you with your collaborators.
  • We collect names in order to make the interaction between you and your collaborators easier.
  • We collect IP addresses in order to detect the misuse of the system, combat abuse, and for logging purposes.

When you make a purchase (subscription, characters, human translations):

  • We collect first names, last names, addresses, cities, countries only from paying customers, for billing purposes.

When you integrate POEditor with another service:

  • When you connect with GitHub, BitBucket, GitLab or VSTS, we collect and store your username for those services, so we can read/write language files from/to your repos.

How long is the data processed

The processing starts when you create an account and ends when you delete it or ask us to remove the data.

Where your personal data is stored

The majority of our users are from the EU, so all the data is stored in data centers in EU countries for optimal performance. The only personal data that leaves the EU is the name and email we send to our payment processor, Stripe, which is located in the US. All other third party services are located within the EU.

What do we do to safeguard the data

POEditor has high standards for security and actively maintains appropriate technical and organizational measures for protection of the security, confidentiality and integrity of data.

Cookies

  • We set a cookie for logging you in. There's no way to avoid that. Cookies are essential for keeping you authenticated.
  • We use Google Analytics and they set a few cookies on their own. While this service monitors your behavior, Google promises all data is anonymized.
  • We use UserVoice for feedback services. That sets a cookie as well to track your movement. We don't tell them who you are, so they shouldn't know any personal information about you, unless you have an account with them.
  • You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting, you won't be able to use your account.

You have the right to:

  • Access and Export your data. You can contact us at info@poeditor.com and ask for a copy of your personal data.
  • Update your data. You can access your account and update any of your data. All your personal data is viewable and editable in your account.
  • Delete your data ("The right to be forgotten") or Object processing. You can achieve that by deleting your account. We do not keep your personal information after your account is deleted.

3rd parties with whom personal information may be shared

Party name Data disclosed Purpose Observations
Stripe, Inc.
Compliance
email, name To associate the Stripe Customer ID with a POEditor identifier for better billing tracking and fraud detection Only for users with subscriptions
Amazon SES
Compliance
email, name We use Amazon SES for email delivery
Slack
Compliance
email, name, IP Some events are notified in a private channel POEditor uses. Name and email are used to identify the user. For example, we get notified when the system detects an abuse so we can act swiftly.
Automattic Inc. (Gravatar) Compliance email Gravatar provides an avatar based on the email of an user, if the user has a Gravatar account. We send only an encrypted hash of your email, not the actual email.

PS: this sharing is made via a secure, encrypted connection.

Personal data in localization content

We assume all the content you are managing in POEditor does not contain any personal data. If the strings you are translating do contain personal information, make sure you redact it before loading it into POEditor. That information is viewed by your collaborators, and it is sent to third party services for automatic or human translation if you request this, so it's not in our direct control.

Changes to this policy

We reserve the right to make changes to this policy at any time by giving notice on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the top. If you object to any of the changes to this policy, you must cease using this service and can request removal of the personal data.

Get in touch with us

If you have any concern about the well-being of your personal data you shared with us, please contact us at info@poeditor.com. We'll work with you to sort things up and make sure your data is and remains safe.