Paragraphs
Start free

Legal

Privacy Policy

Effective 2026-05-01 · BuiltByGo Ltd

Plain-English summary

We collect only what we need to run the service: your account info, your projects' content, basic usage telemetry. We don't sell data, we don't train AI models on your content. EU + US data residency at signup. Your GDPR rights are linked at the bottom — exercise any of them via privacy@paragraphs.co.uk.

This is placeholder copy. A privacy policy reviewed by data-protection counsel will replace this before launch.

1. Who we are

BuiltByGo Ltd, registered in England & Wales, operating paragraphs.co.uk and related services. Data controller for account-level personal data; data processor for content you upload to translate.

2. What we collect

  • Account data: email, name, organisation, hashed password, OAuth identifiers, profile photo if you upload one.
  • Project content: the source units you send for translation, their translations, glossary terms, settings.
  • Billing data: handled by Stripe; we receive last-4 + brand + country of card, not full card numbers.
  • Usage telemetry: API call volumes, word counts, error counts, model latency. Used for billing, SLA, and improving the service.
  • Marketing data: if you submit a form, the fields you submitted + UTM parameters + IP. Cookie consent state if you've used the site.

3. Why we collect it

To provide the service, bill you accurately, support you when you need help, and improve the product. Legal bases: performance of contract (account, billing, content), legitimate interest (security, fraud prevention), consent (marketing emails, optional analytics).

4. Where it lives

You pick EU (Frankfurt) or US (Virginia) at signup. Data residency is locked at the organisation level. Backups (R2) are stored in the same region. Sub-processors are listed at /legal/sub-processors.

5. How long we keep it

Account data: while you have an account + 30 days after cancellation, then deleted from production. Project content: same. Usage telemetry: aggregated after 12 months, raw data deleted at 24 months (or 7 years on Enterprise). Marketing leads: 24 months from last interaction unless you ask sooner.

6. Who we share it with

Our sub-processors, listed at /legal/sub-processors. Each is bound by data-processing terms. We do not sell personal data. We do not share it with advertisers.

7. AI training

We do not use Customer content to train AI models. The third-party AI APIs we use (DeepL, Anthropic) are contracted under their commercial APIs which exclude training on customer data. We don't run our own LLMs at present.

8. Your rights

You have the right to access, correct, delete, port, restrict, or object to our processing of your personal data. Exercise any right by emailing privacy@paragraphs.co.uk from the email associated with your account, or via the in-app account settings (faster). We respond within 30 days.

9. Cookies

Strictly-necessary cookies (theme preference, CSRF) are set without consent. Analytics cookies require explicit opt-in. See /legal/cookies.

10. Security

See /security for our encryption, access control, audit log, and disclosure policy.

11. Changes

We update this policy when our practices change. Material changes get 30 days' email notice. Minor wording updates are reflected at the top of the page (effective date).

12. Complaints

If you're not happy with how we've handled your data, you can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or your local supervisory authority.

13. Contact

privacy@paragraphs.co.uk for any privacy question.

Terms of Service
Master agreement
Privacy Policy
What data we hold, how, why
Data Processing Addendum
GDPR Article 28
Sub-processors
Who handles your data
Acceptable Use Policy
What you can and can't translate
Cookie Policy
First-party, mostly functional