Privacy Policy

This Privacy Policy explains how Forthwith LLC (“Forthwith,” “we,” “us,” or “our”) collects, uses, discloses, and retains personal data in connection with our website, dashboard, APIs, and CLI-based translation workflow (collectively, the “Service”).

Forthwith LLC is the data controller for personal data described in this Privacy Policy, except where we process personal data on behalf of our customers as a data processor (see Section 5). You can contact us at support@forthwith.dev for any privacy-related inquiries.

We collect and process only the data necessary to provide and improve the Service.

Account and organization information: email address, organization name, authentication data, onboarding details, and related account metadata.

Translation workflow information: source strings, plural forms, glossary terms, language settings, tone and domain settings, generated translations, failed-string details, and job metadata.

Billing information: plan selections, usage totals, Stripe customer and subscription identifiers, payment method identifiers, and billing event records. We do not store full payment card numbers.

Technical and usage information: IP addresses, browser or CLI metadata, request paths, session state, authentication cookies, audit logs, and rate-limiting signals.

We use personal data to provide, operate, and improve the Service, including to authenticate users, process translation jobs, deliver results, manage billing, prevent abuse, troubleshoot issues, and provide customer support.

We may also use personal data to communicate with you about your account, service-related updates, and changes to our policies or terms.

If you are located in the European Union or European Economic Area, we rely on the following legal bases under GDPR Article 6:

• Contract (Art. 6(1)(b)): Processing necessary to provide the Service, including account creation, authentication, translation processing, and billing.
• Legitimate interests (Art. 6(1)(f)): Security logging, fraud and abuse prevention, rate limiting, and service reliability. We assess our legitimate interests against your rights and implement appropriate safeguards.
• Consent (Art. 6(1)(a)): Where required, such as for optional marketing communications. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): Compliance with applicable legal requirements, including tax, accounting, and regulatory obligations.

Forthwith acts as a data controller for personal data related to account management, billing, and direct interactions with users.

When processing customer-submitted content (such as text submitted for translation), Forthwith acts as a data processor on behalf of its customers. Customers are responsible for ensuring they have the appropriate legal basis to submit personal data to the Service.

We make a Data Processing Agreement (DPA)available governing our processing of personal data on behalf of customers.

When you submit text for translation, we process that content and transmit it to third-party model providers to generate translation output.

Our current providers include Google and Anthropic. Providers may change over time as we evolve the Service.

We do not use customer-submitted content to train our models or those of our subprocessors.

You should ensure that you have appropriate rights and permissions to submit any content that may contain personal data.

We share personal data with trusted subprocessors that assist in operating the Service. We also disclose data where necessary to comply with law, enforce our terms, or protect rights, safety, and security.

We have data processing agreements in place with our subprocessors and require them to protect personal data in accordance with applicable law.

• Anthropic — Translation processing.
• Google — Translation processing.
• Stripe — Payment processing.
• Amazon Web Services (SES) — Transactional email delivery.
• Hetzner Online, Inc. — Hosting and infrastructure.
• Plausible Analytics — Privacy-friendly, cookieless analytics.

Subprocessors may process data in countries outside your jurisdiction, including the United States.

We use only strictly necessary cookies required for the operation and security of the Service. These cookies do not require consent under applicable law.

• Session cookies used for authentication, security, and request handling.
• An optional “remember me” cookie, set only at your request, to maintain your login session.
• Internal cookies used for administrative tooling (e.g., system diagnostics dashboards).

All cookies are signed and/or encrypted and cannot be read or modified by third parties.

We retain personal data only for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.

Translation input and output content is generally deleted after approximately 30 days. Job metadata, billing records, and security logs may be retained for longer periods based on operational and legal requirements.

We implement appropriate technical and organizational measures designed to protect personal data, including encryption in transit, access controls, and system monitoring. However, no method of transmission or storage is completely secure.

We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.

You may access, update, or delete certain account information through the Service or by contacting us at development@forthwith.dev.

If you are located in the European Union or European Economic Area, you have the following rights under the GDPR:

• Access (Art. 15): Request a copy of the personal data we hold about you.
• Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
• Erasure (Art. 17): Request deletion of your personal data, subject to applicable legal retention obligations.
• Restriction of processing (Art. 18): Request that we limit how we use your data in certain circumstances.
• Data portability (Art. 20): Request your personal data in a structured, machine-readable format.
• Objection (Art. 21): Object to processing based on our legitimate interests.
• Supervisory authority: Lodge a complaint with your local EU or EEA data protection supervisory authority.

To exercise any of these rights, contact us at support@forthwith.dev. We will respond within 30 days. We may verify your identity before processing your request.

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) give you the following rights:

• Right to know: Request disclosure of what personal information we collect, use, and share.
• Right to delete: Request deletion of your personal information, subject to certain exceptions.
• Right to correct: Request correction of inaccurate personal information we hold about you.
• Right to opt out of sale or sharing: Forthwith does not sell or share personal information with third parties for advertising or cross-context behavioral advertising purposes.
• Right to non-discrimination: We will not discriminate against you for exercising any of these rights.

To exercise your rights, contact us at support@forthwith.dev. We will respond within 45 days, with one 45-day extension permitted if we notify you of the need.

We may process personal data in countries outside your own, including the United States.

Where required, we rely on Standard Contractual Clauses approved by the European Commission and implement supplementary safeguards to protect personal data.

The Service is not directed to children, and we do not knowingly collect personal data from children under the age required by applicable law.

We may update this Privacy Policy from time to time by posting a revised version on this page. The updated version becomes effective when posted unless a later date is stated.

For questions or requests regarding this Privacy Policy, contact us at development@forthwith.dev.