PRIVACY POLICY – TRANSLATE AND TRANSFER PLUGIN
Blue Screen Media
Effective Date: December 12, 2025
Last Updated: December 12, 2025
1. INTRODUCTION
Translate and Transfer (“Plugin,” “we,” “us,” “our”) is a WordPress plugin that provides translation and content transfer services. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information when you use our Plugin, website https://www.scandialab.com/ and related services (collectively, “Services”).
We are committed to protecting your privacy. Please read this Privacy Policy carefully. If you do not agree with our practices, please do not use our Services.
2. WHAT INFORMATION WE COLLECT
Information Stored Locally (NOT shared with us)
The following information is stored only on your own WordPress site and is never sent to our servers:
- Target WordPress site URLs, usernames, and passwords
- Plugin configuration settings
- Custom terminology/wordbooks
- Training articles used for style tuning
- Target languages selected
- API provider selection (OpenAI or Claude)
- All blog posts, content, titles, and metadata you translate
We do not have access to this information.
Information Sent to Our Server
We collect only the minimum required for license management and billing:
- License key
- Domain name (your website URL)
- Plan type (Free, Pro, Agency)
- Token usage (Agency plan only – to track monthly usage for billing)
- Domain registration (to verify your license is used on authorized sites)
We do NOT receive your content, credentials, or API keys.
Information Sent to AI Providers (OpenAI/Anthropic)
When translating content, the following is sent directly from your WordPress site to your selected AI provider:
- Blog post content, titles, and metadata
- Featured images and inline images (downloaded from your site, uploaded directly to target sites)
- Training articles (if provided)
This data does not pass through our servers and goes directly to OpenAI or Anthropic.
Managed API Keys (Agency/Free Shared API Plans)
For users on Agency or Free plans with shared API access, we securely manage the OpenAI API key on our server. Your translation requests are sent directly from your WordPress site to OpenAI’s servers—we do not store your content.
Cookies and Similar Technologies:
- Session cookies (to keep you logged in)
- Authentication tokens
- Preference cookies (language, settings)
2.3 Payment Information
Payment processing is handled by third-party payment processors:
- Stripe
- Credit card information is NOT stored on our servers
- The payment processor handles all card data
- We receive: Transaction ID, amount, status, and billing email
- See payment processor’s privacy policy for details: https://stripe.com/en-dk/privacy
2.4 Information from Third Parties
We may receive limited information from the following third-party services:
AI Providers (OpenAI / Anthropic)
- For Agency and Free (shared API) plans: We have access to your usage information (API request counts, token usage) through the shared API key we manage on your behalf.
- For Pro and Free (own API) plans: You have your own OpenAI/Anthropic account. Usage information is visible only to you—we do not receive it.
- In all cases, we never receive or store the content you translate.
WordPress.org (Plugin Directory)
- We receive anonymized statistics such as total installation counts and plugin update checks. These statistics do not include any personal data about your site users.
Your Hosting Provider
- Your web host may provide server logs (IP address, browser type, timestamps) for security and performance reasons.
Payment Processor (Stripe via Paid Memberships Pro)
- Stripe may provide us with transaction and subscription details (transaction status, plan type, payment dates).
- We never receive or store full credit card numbers.
- For more information, see Stripe’s Privacy Policy: https://stripe.com/privacy
License Management (Our Server)
This information is used only for license validation, support, and preventing unauthorized use.
We store your domain name, license key, plan type, and token usage (Agency plan only) to manage your license and billing.
3. HOW WE USE YOUR INFORMATION
3.1 To Provide Our Services We use your information to:
- Deliver translation and content transfer functionality
- Process license activation and verify licensing
- Monitor token usage and translation limits (Agency plan and Free shared API only)
- Maintain translation job history and processing status
- Store your plugin configuration and settings
- Track license key usage across registered domains
3.2 To Communicate With You We use your information to:
- Send license keys and account information via email
- Send service notifications and important updates
- Respond to support requests and customer inquiries
- Notify about plan changes, expirations, or grace periods
- Notify about new features and service improvements
- Send promotional emails about new features and plans
3.3 For Security and Compliance We use your information to:
- Detect, prevent, and address fraud and license abuse
- Enforce our Terms of Service and licensing agreements
- Comply with legal obligations and tax requirements
- Protect against malicious, deceptive, or illegal activity
- Protect the rights, property, and safety of Blue Screen Media, our users, and the public
3.4 Legal Basis for Processing (GDPR) We process your information based on:
- Contract: Performance of the services you purchased
- Legitimate Interest: Improve service quality, prevent fraud, ensure security
- Consent: Marketing communications (only with your explicit consent)
- Legal Obligation: Tax compliance, regulatory requirements, law enforcement requests
4. WHO WE SHARE YOUR INFORMATION WITH
4.1 AI Service Providers
Claude API (Anthropic)
- When you select Claude as your AI provider
- Purpose: Translation of your post content
- Data sent: Post title, content, excerpt, and metadata
- Retention: Per Anthropic’s API privacy policy
- Link: https://www.anthropic.com/privacy
OpenAI API
- Link: https://openai.com/policies/privacy-policy
- When you select OpenAI as your AI provider
- Purpose: Translation of your post content
- Data sent: Post title, content, excerpt, and metadata
- Retention: Per OpenAI’s Privacy Policy
4.2 Payment Processors
- Stripe (via Paid Memberships Pro) receives payment information
- Stripe processes subscriptions, refunds, billing, and plan changes
- We never receive or store full credit card numbers
- See Stripe’s privacy policy: https://stripe.com/privacy
4.3 Legal and Enforcement
We may disclose your information if required by:
- Court order or legal process
- Government request or subpoena
- Law enforcement investigations
- Protection of legal rights and safety
- Compliance with applicable laws
4.4 Business Transfers
If we are acquired, merge with another company, or sell assets:
- Your information may be transferred as part of that transaction
- We will provide notice before your information becomes subject to another privacy policy
4.5 With Your Consent
We may share information:
- With your explicit permission
- When you authorize integration with third-party services
- For purposes you specifically approve
5. DATA RETENTION
We retain your information for as long as necessary to provide Services:
Account Information:
- Active accounts: Duration of subscription
- Deleted accounts: 30 days (backup recovery period)
- Then: Permanently deleted (archived records excepted)
Translation History & Logs:
- Stored temporarily in your WordPress database
- Automatically deleted after 30 days
- After deletion, no longer accessible for support or debugging
Payment & Billing Records:
- 7 years (legal and tax requirement)
- PCI compliance mandated
Emails & Support Communications:
- Duration of account + 2 years
- For legal/compliance reference
Deleted Data:
- Permanently deleted after the retention periods listed above
- Backup and recovery procedures are the responsibility of your hosting provider
Legal Hold:
- If required by law, we retain information longer
- We will notify you of legal requests (where permitted)
6. YOUR DATA RIGHTS
6.1 General Rights
You have the right to:
- Access: View your account information, license key, configuration, and translation history through your plugin dashboard. For a complete data export, use WordPress’s built-in personal data export tool or contact support.
- Correction: Edit your plugin settings, API provider selection, target sites, and terminology directly in the plugin. For corrections to license data or billing information, contact support.
- Deletion: Delete your account through Paid Memberships Pro settings. Your license data and translation history will be deleted according to our retention policy (see Section 5).
- Withdraw Consent: Opt out of promotional emails [if applicable]. Essential data processing cannot be opted out of as it is required to provide the service.
- Lodge Complaint: File a complaint with your local data protection authority (e.g., ICO in the UK, CNIL in France)
6.2 How to Exercise Your Rights
To exercise these rights:
- Email: privacy@www.scandialab.com
- Include in your request:
Your account email address
Specific right you are exercising (access, correction, deletion, export, etc.)
Reason for the request (if applicable) - Verification: We may request identity verification to confirm your identity before processing your request
- Response Time: We will respond to your request within 30 days (or the legally required timeframe in your jurisdiction)
- No Fees: We will not charge a fee for processing your request unless it is manifestly unfounded or excessive
6.3 Deletion Request Exceptions
We may retain information:
- To comply with legal obligations and tax requirements
- To maintain business and financial records (7 years for billing and payment records)
- To resolve disputes or investigate complaints
- To enforce our Terms of Service and other agreements
- For security purposes and to prevent fraud or abuse
- Aggregated or anonymized data that no longer identifies you
- At the request of law enforcement or legal authorities
6.4 GDPR Rights (European Users)
If you are in the EU/UK, you have additional rights:
- Right to Rectification: You can correct inaccurate personal data by updating your account settings or contacting support.
- Right to Erasure (“Right to be Forgotten”): You can request deletion of your account and personal data, subject to legal exceptions (see Section 6.3).
- Right to Restrict Processing: You can request to restrict processing of your data. However, some processing is essential to provide the plugin service (license validation, translation processing, API monitoring). We will accommodate requests where legally permissible.
- Right to Data Portability: You can request your personal data in a structured, portable format. Contact support to request a data export.
- Right to Object: You can object to processing of your personal data for marketing purposes. You can opt out of promotional emails through your account settings or by contacting us.
- Automated Decision-Making: The plugin uses automated processes for license validation, rate-limiting, and plan enforcement. These are technical controls, not profiling. If you have concerns about automated decisions affecting your access, contact support. Lodge Complaint: You have the right to file a complaint with your local data protection authority:
- UK: Information Commissioner’s Office (ICO) – https://ico.org.uk
- France: CNIL – https://www.cnil.fr
- Germany: BfDI – https://www.bfdi.bund.de
- Other EU countries: Your national data protection authority
6.5 CCPA Rights (California Residents)
If you are a California resident, you have rights under CCPA:
- Right to Know: You can request what personal information we collect, use, and share about you. We will provide this information in a portable format upon request.
- Right to Delete: You can request deletion of personal information we have collected about you, subject to legal exceptions (see Section 6.3). We will delete your data within 45 days.
- Right to Opt-Out: You can opt out of the “sale” or “sharing” of your personal information.
- We do not sell or share your personal information for commercial purposes. We only share data with service providers (OpenAI, Anthropic, Stripe) to provide our services, which is not considered a “sale” under CCPA.
- Right to Correction: You can request correction of inaccurate personal information. You can update most information directly in your account settings, or contact support for assistance.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. You will not be denied service or charged different prices for asserting your rights.
- Authorized Agent: You can appoint an authorized agent to submit requests on your behalf. Your agent must have written authorization from you and we may verify their authority.
- How to Exercise Your Rights: Submit your request to privacy@www.scandialab.com with your name, email, and specific request.
7. DATA SECURITY
7.1 Security Measures
We implement security measures:
- HTTPS/TLS Encryption: All communication between your WordPress site and our servers is encrypted via HTTPS/TLS.
- Secure Authentication: We use WordPress’s built-in authentication system with secure password hashing. We verify user identity with nonces before processing sensitive requests.
- Access Controls: Plugin features are restricted to authorized WordPress administrators only. We enforce role-based access control via WordPress capabilities.
- Local Storage: API keys and target site passwords are stored in your own WordPress database only. They never transmitted to or stored on our servers. You are responsible for securing your WordPress database.
- Third-Party Security:
- Payment processing is handled by Stripe, which is PCI-DSS compliant
- API requests to OpenAI and Anthropic use HTTPS encryption
- Your hosting provider implements firewalls and intrusion detection
7.2 No Guarantee
While we use industry-standard security, NO METHOD is 100% secure.
- We cannot guarantee absolute security
- You use our Services at your own risk
- Report security vulnerabilities to: privacy@www.scandialab.com
7.3 Your Responsibility
You are responsible for:
- Keeping your login credentials confidential
- Not sharing your license key publicly
- Using strong passwords
- Securing your WordPress sites
- Not storing sensitive data in post content
8. INTERNATIONAL DATA TRANSFERS
8.1 Data Processing Location
Our servers are hosted with WP Engine in Europe (Germany).
- Your data is processed and stored within the European Union
- No international data transfers occur
- Your data benefits from full GDPR protection
- Data residency complies with EU data protection regulations
If you are in the EU/UK:
- Your personal data remains within the EU/UK
- We comply with GDPR data residency requirements
- No adequacy decisions or Standard Contractual Clauses are required
8.2 Data Processing Agreements
For business customers requiring Data Processing Agreements (DPAs):
- Contact: privacy@www.scandialab.com
- We provide Data Processing Agreements upon request
- Available for Pro and Agency plans
- WP Engine also provides a DPA for their hosting services
9. THIRD-PARTY LINKS AND SERVICES
Our website and Plugin may contain links to third-party websites:
- Not Responsible: We do not control or endorse third-party privacy practices, security measures, or content. We are not responsible for their policies or practices.
- Review Their Policies: Before using any third-party service, review their privacy policy and terms of service. You are responsible for understanding their data practices.
- Separate Policies: This privacy policy covers only our services. Third-party services are governed by their own privacy policies, which are separate from ours.
- Key Third Parties Used by Our Plugin:
- OpenAI (https://openai.com/policies/privacy-policy) – AI translation provider
- Anthropic (https://www.anthropic.com/privacy) – AI translation provider (Claude)
- Stripe (https://stripe.com/privacy) – Payment processor
- Paid Memberships Pro (PMPro) – Membership management
- WP Engine (https://wpengine.com/privacy/) – Hosting provider
- Cookies and Tracking: Third-party services may set their own cookies and tracking technologies. Our plugin does not set cookies, but WordPress and third-party services may do so. Review their privacy policies for details. Links: We are not responsible for the accuracy, completeness, or legality of third-party websites or services linked from our site or plugin.
10 Information We Collect
10.1 In the past 12 months, we collected:
- Identifiers: Email address, IP address, WordPress username
- Commercial Information: License level, purchase history, payment information (processed by Stripe)
- Internet Activity: Website usage, translation requests, API call logs, token usage
- Professional Information: Name and company (if provided in account)
- Usage Inferences: Translation patterns, feature usage, language preferences
We do NOT collect: Geolocation, health information, biometric data, or precise location data.
10.2 Purpose of Collection
We collect information for:
- Providing translation and plugin functionality
- License activation and verification
- Preventing fraud and enforcing terms
- Legal compliance (tax records, regulatory requirements)
- Improving service quality and reliability
- Security and protecting against abuse
10.3 Your CCPA Rights
For details on your CCPA rights, see Section 6.5 (CCPA Rights) which includes:
- Right to Know what data we collect
- Right to Delete your personal information
- Right to Correct inaccurate data
- Right to Opt-Out of sale/sharing (we don’t do either)
- Right to Non-Discrimination for exercising your rights
10.4 We Do NOT Sell or Share Your Data
We do NOT:
- Sell your personal information
- Share your data for cross-context behavioral advertising
- Use your data for targeted advertising
Data Sharing: We share limited information with service providers to deliver our services:
- OpenAI/Anthropic: For translation processing
- Stripe: For payment processing
- Paid Memberships Pro: For account management
This sharing is NOT considered a “sale” under CCPA.
10.5 Exercising Your CCPA Rights
To exercise your rights:
No Discrimination: We will not penalize you for exercising your rights
Email: privacy@www.scandialab.com
Response Time: Within 45 days (up to 90 days for complex requests)
Verification: We will verify your identity before processing
No Fees: We will not charge for your requests
11. EUROPEAN PRIVACY RIGHTS (GDPR & UK GDPR)
11.1 Data Controller
Data Controller: Blue Screen Media
Address: Flæsketorvet 68, sal 1 1711 København
Email: privacy@www.scandialab.com
Website: https://www.scandialab.com/
11.2 Data Protection Officer (DPO)
[Only include if applicable – most SaaS companies don’t have one]
We do not currently have an appointed Data Protection Officer. If you have privacy concerns, contact us at privacy@www.scandialab.com.
11.3 Legal Basis for Processing
| Processing | Legal Basis | Purpose |
|---|---|---|
| Account creation & maintenance | Contract | Provide Services |
| Translation processing | Contract + Legitimate Interest | Deliver core functionality |
| API usage tracking | Contract + Legitimate Interest | Monitor plan limits and prevent abuse |
| Security monitoring | Legitimate Interest | Prevent fraud and protect systems |
| Service improvement | Legitimate Interest (anonymized data) | Improve reliability and features |
| Legal/tax compliance | Legal Obligation | Tax records, regulatory requirements |
| Marketing emails | Consent | Send updates (only with your permission) |
11.4 GDPR Rights
Right to Access (Article 15):
- Request a copy of your personal data
- You can view your account information in the plugin dashboard
- For a complete data export, contact privacy@www.scandialab.com and we will provide it within 30 days
Right to Rectification (Article 16):
- Request correction of inaccurate data
- Update your account settings directly in the plugin
- Contact support for corrections to license or billing information
Right to Erasure (Article 17 – “Right to be Forgotten”):
- Request deletion of your account and personal data
- Delete your account through Paid Memberships Pro
- Exceptions: Legal obligations (tax records, 7 years), dispute resolution, or security purposes (see Section 6.3)
Right to Restrict Processing (Article 18):
- Request we limit how we use your data
- Some processing is essential to provide the service (license validation, API monitoring)
- We will restrict processing where legally permissible
- Contact privacy@www.scandialab.com to discuss your specific situation
Right to Data Portability (Article 20):
- Receive your data in a structured, portable format
- You can export your account settings from the plugin dashboard
- For a complete data export including server-side information, contact support at privacy@www.scandialab.com
- We will provide this within 30 days
Right to Object (Article 21):
- Object to processing for marketing purposes
- Object to processing based on legitimate interest
- You can opt out of marketing emails or contact us at privacy@www.scandialab.com
Rights Related to Automated Decision-Making (Article 22):
- The plugin uses automated processes for license validation and rate-limiting
- These are technical controls, not profiling or automated decision-making in the GDPR sense
- You are not subject to decisions that produce legal or similarly significant effects
Right to Lodge Complaint (Article 77):
- You have the right to file a complaint with your local data protection authority
- You do not need to contact us first
- See Section 11.5 for contact information for your supervisory authority
12. COOKIES AND TRACKING
12.1 What This Plugin Does NOT Do
Our plugin does NOT:
- Set any tracking or analytics cookies
- Set marketing or retargeting cookies
- Install any cookie banners
- Track user behavior across websites
12.2 Cookies Set by WordPress/Other Services
The following cookies MAY be set by WordPress or third-party services (not by our plugin):
WordPress & PMPro Cookies:
- Session management (keeps you logged in)
- Security tokens (prevents unauthorized access)
- CSRF protection (prevents attacks)
Third-Party Service Cookies: When you use our plugin, these services may set cookies on their own domains:
- OpenAI – When you use their API for translation
- Anthropic – When you use their API for translation
- Stripe – When processing payments
- Your WordPress hosting provider – For security and performance
12.3 Your Website’s Cookies
If YOUR website uses analytics or tracking tools (Google Analytics, etc.), those are separate from our plugin and governed by your own privacy policy.
12.4 Cookie Control
- You can manage cookie preferences through your browser settings
- Most browsers allow you to accept or reject cookies
- You can clear cookies at any time
- Disabling cookies may affect website functionality
13. DO NOT TRACK (DNT)
Our plugin does not engage in tracking or behavioral monitoring, so Do Not Track (DNT) signals do not apply to our plugin.
However:
- If your WordPress website uses third-party analytics or advertising tools, those services may have their own DNT policies
- You can enable Do Not Track in your browser for additional privacy protection
- You can manage privacy settings in your browser at any time
14. SOCIAL MEDIA
14.1 Social Media Links
Our website includes links to social media:
- Facebook, Twitter, LinkedIn, etc.
- We do not control their privacy practices
- When you click these links and interact with social media platforms, they collect data according to their own privacy policies
- Review their privacy settings and policies before using
14.2 Social Login
Our plugin does not offer social media login (Facebook, Google, Apple, etc.). You log in using your WordPress account managed by Paid Memberships Pro.
15. POLICY UPDATES
15.1 Changes to This Policy
We may update this Privacy Policy:
- Effective Date: Changes become effective 30 days after posting (or as otherwise noted)
- Notification: We will notify you via email of material changes before they take effect
- For EU/UK Users: Material changes may require your explicit re-consent under GDPR
- Continued Use: Using our services after the 30-day notice period constitutes your acceptance of the updated policy
If you do not accept material changes:
- EU/UK users can withdraw consent and request account deletion (see Section 6.4)
- All other users continue under the previous policy terms for 30 days, after which you must accept the new policy or delete your account
15.2 What Constitutes Material Changes
We will provide advance notice for material changes, including:
- New ways we collect, use, or process your personal data
- Sharing your data with new third parties or for new purposes
- Reducing your privacy rights or protections
- Changing the legal basis for processing your data
- Major security or infrastructure changes
- Changes to data retention periods
- Changes to your ability to access or delete your data
Non-material updates (such as clarifications, minor wording changes, or formatting improvements) may be posted without advance notice.
15.3 Your Rights Regarding Policy Changes
Contact privacy@www.scandialab.com with questions about policy updates
You can withdraw your consent to processing at any time (see Sections 6.4 and 11.4)
You can delete your account if you disagree with policy changes
16. CONTACT INFORMATION
16.1 Questions and Requests
For privacy questions, requests, or concerns:
Email: privacy@www.scandialab.com
Mailing Address: Blue Screen Media Flæsketorvet 68, sal 1 1711 København Denmark
Website: https://www.scandialab.com/
16.2 Response Time
We aim to respond within:
- General Inquiries: 5 business days
- Data Requests: 30 days (or legal requirement)
- Complex Requests: Up to 60 days with notice
16.4 UK Representative
For UK GDPR inquiries (UK residents):
Representative: Blue Screen Media Email: web@bluescreen.dk Address: Flæsketorvet 68, sal 1 1711 København
17. ACKNOWLEDGMENT
By using Translate and Transfer, you acknowledge that you have read and understood this Privacy Policy and agree to our practices described herein.