Privacy Policy AccessibleTranslator B.V.

1. Introduction

AccessibleTranslator B.V. ("we", "us", "our" or "AccessibleTranslator") takes your privacy very seriously. This privacy policy explains how we collect, use, share and protect personal data when you use our services.

What we do: AccessibleTranslator is an AI-powered platform that automatically transforms complex texts into cognitively accessible content for people with diverse cognitive needs.

2. What data do we collect?

2.1 Account data upon registration

When you create an account, we collect:

• Email address (required for login and communication)
• Name (for personal communication)
• Password (securely stored with bcrypt encryption)
• User type (e.g., Corporate, Therapist, Education - for personalized experience)

2.2 Billing data (for paid subscriptions)

For professional and API subscriptions, we request:

• Company name
• Billing address (street, postal code, city, country)
• VAT number (if applicable)
• Contact details for billing inquiries

2.3 Text data for processing

• Input texts that you have simplified
• Selected transformation settings (which accessibility profiles you select)

2.4 Usage data

• Word consumption (how many words you have processed)
• Processing records (when you used the service, with which settings, but without the content)
• API keys (if you use the API - securely stored)

2.5 Technical data

• IP addresses (automatically logged by our hosting provider Railway for security - stored for max. 30 days)
• Language preference (stored in browser cookie for better user experience)

3. How do we use your data?

3.1 Primary purposes

• Service delivery: Process your texts into accessible versions
• Account management: Login, password resets, subscription management
• Billing: Generate invoices and process payments
• Customer service: Provide support for questions or problems

3.2 Communication

• Transactional emails: Welcome messages, password resets, invoices (via Mailjet)
• Service updates: Important changes to our service (via Mailjet)

3.3 Security and compliance

• Fraud prevention: Detect unusual activities
• Legal obligations: Comply with Dutch and EU legislation
• System security: Monitor performance and prevent security incidents

4. Text processing and AI services

4.1 How does our text processing work?

1. You input text via our website or API
2. We forward the text to Anthropic Claude API with your selected settings
3. Claude processes the text and sends back the accessible result
4. We show you the result and immediately delete all text data from our systems

4.2 Data processing by Anthropic (Claude)

• Retention period: Standard 30 days at Anthropic (commercial API customers)
• Training: Anthropic does NOT use your text data for training their AI models
• Location: Anthropic processes data in the United States with appropriate security measures
• Compliance: Anthropic complies with international privacy standards and offers Data Processing Agreements

For sensitive information: Our platform is not designed for processing medical records, personally identifiable health information, or other particularly sensitive personal data. Do not use the service for such content unless you have explicit consent and comply with applicable regulations.

5. Cookies and tracking

5.1 What cookies do we use?

We keep cookies minimal and use:

• Language preference cookie: Remembers your preferred language (functionally necessary)
• Authentication: Keeps you logged in during your session (functionally necessary)

5.2 What we do NOT use?

• No tracking cookies: We do not use Google Analytics, Facebook Pixel, or other tracking
• No marketing cookies: No cookies for advertising or behavioral profiling
• No third-party scripts: Minimal external dependencies for better privacy

You can manage cookies through your browser settings. Disabling functional cookies may limit the functionality of our service.

6. Sharing of data

6.1 With whom do we share data?

• Anthropic (Claude API): Only text content for processing (30 days retention, no training)
• Mailjet: Email addresses for sending transactional emails
• Mollie: Billing data for payment processing
• Railway (hosting): Technical data for hosting our service

6.2 When do we share data?

• Legal obligation: As required by Dutch or EU legislation
• Security: In case of serious security incidents or lawful requests from authorities
• Business transfer: In case of sale or transfer of our business (with prior notice)

6.3 International data transfers

Some of our service providers (especially Anthropic) are located outside the EU. These transfers are protected by:

• Appropriate safeguards: Data Processing Agreements and Standard Contractual Clauses
• Commercial guarantees: Contractual obligations for data protection
• Limited retention: Minimal retention periods and no use for training

7. Security of your data

7.1 Technical measures

• Encryption: All data encrypted during transport (TLS/SSL) and storage
• Access control: Limited system access based on role necessity
• Password security: Bcrypt encryption for passwords
• Infrastructure security: Professional hosting via Railway with security monitoring

7.2 Organizational measures

• Privacy by Design: Minimal data collection and processing
• Regular reviews: Periodic review of security measures
• Incident response: Procedures for reporting and handling data breaches
• Staff training: Awareness of privacy and data protection

7.3 Retention and deletion

• Account data: Retained as long as your account is active
• Billing data: 7 years for fiscal obligations
• Text content: Not retained - immediately deleted after processing
• Server logs: max. 30 days by hosting provider for security purposes

8. Your rights under the GDPR

As a data subject, you have the following rights:

8.1 Right to information and access

• Access: Request what data we have about you
• Copy: Receive a copy of your personal data
• Explanation: Understand how we use your data

8.2 Right to rectification and erasure

• Correction: Have incorrect data corrected
• Deletion: Have your account and data deleted
• Restriction: Request temporary stop of processing

8.3 Right to data portability

• Export: Receive your data in a machine-readable format
• Transfer: Have data sent directly to another service provider (where technically possible)

8.4 Right to object

• Object: To certain forms of data processing
• Opt-out: From marketing communication (via link in emails)

8.5 How to exercise your rights?

Send an email to privacy@accessibletranslator.com with:

• Your name and email address
• Clear description of your request
• Copy of identity document (for verification)

We respond within 30 days to your request.

9. Specific provisions for different users

9.1 For healthcare providers and professional users

Important: Our platform is not designed for processing Special Categories of Personal Data (such as medical records, health information) without additional agreements. For business customers who process third-party personal data through our service, a Data Processing Agreement is available.

9.2 For API users

• Own responsibility: API customers are responsible for complying with privacy legislation in their applications
• Technical documentation: Detailed information about data processing available in API documentation
• Flexible settings: Possibility of custom retention settings for enterprise customers

10. Managing cookies and preferences

10.1 Browser settings

You can manage cookies through your browser:

• Chrome: Settings > Privacy and security > Cookies
• Firefox: Options > Privacy & Security
• Safari: Preferences > Privacy
• Edge: Settings > Cookies and site permissions

10.2 Consequences of disabling

• Disabling functional cookies: May affect login and language choice
• Complete cookie blocking: May disrupt some functions of our service

11. Changes to this policy

11.1 Updates

• Notification: We communicate important changes via email
• Website: Current version always available on our website
• Date: Last modification date is at the top of this document

11.2 Material changes

For significant changes, we may request your explicit consent before implementing them.

12. Contact and complaints

12.1 Privacy questions

Email: privacy@accessibletranslator.com
General support: support@accessibletranslator.com

12.2 Filing complaints

If you are not satisfied with how we handle your privacy:

1. First contact us: privacy@accessibletranslator.com
2. Dutch Data Protection Authority: If our response is not sufficient, you can file a complaint with the Dutch supervisory authority

13. Special provisions

13.1 Minors

Our service is primarily aimed at professionals and organizations. For use by minors, consent from parents/guardians is required.

13.2 Accessibility of this policy

This privacy policy is written in accessible language. For an even simpler version, you can contact us at privacy@accessibletranslator.com.

13.3 Language versions and legal implications

Official language: This privacy policy is drafted in Dutch and forms the legally binding version.

Translations: AccessibleTranslator may provide translations in other languages (English, German, etc.) for the convenience of international customers.

Legal precedence: In case of contradictions, ambiguities or disputes between different language versions, only the Dutch text has legal force.

Interpretation: All contractual obligations, rights and procedures are interpreted according to the Dutch version of this privacy policy.

Customer responsibility: Customers are responsible for correct understanding of the Dutch text and cannot derive rights from any translation errors in other language versions.