At MisterTranslate we take the protection of your personal data very seriously. This Privacy Policy describes how we handle the information we collect through our website https://mistertranslate.com and our automatic translation service for WordPress, in accordance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

1. Data controller

The controller of your personal data is:

  • Company name: CAES Marketing SL
  • Tax ID: B01718949
  • Address: Avda. Ernest Lluch 32, TCM-2 Planta 3, 08302 Mataró (Barcelona), Spain
  • Email: info@mistertranslate.com
  • Website: https://mistertranslate.com

2. Data we collect

We collect only the data that is strictly necessary to provide the service and comply with our legal obligations. Depending on your relationship with us, the data processed may be:

  • Identification and contact data: first name, last name, email address, telephone (optional).
  • Tax data: NIF/CIF, tax address, country, required to issue invoices as required by tax regulations.
  • Transaction data: purchase history of word packs, amounts, dates. We do not store the full details of your bank card; the payment gateway processes them directly.
  • Service credentials: Client ID and Secret Key that we generate so that the WordPress plugin can authenticate against our API.
  • Browsing data: IP address, browser type, pages visited, time spent, referrer, obtained through cookies and similar technologies (see Cookies Policy).
  • Content sent for translation: the texts that the plugin sends to our API to be translated. These texts are processed ephemerally; they are not stored permanently except for the essential technical records (error logs, word usage metrics).
  • Support communications: messages and attachments that you send us when requesting help.

3. Purposes of processing

We process your data for the following purposes:

  • Provision of the contracted automatic translation service, including the management of your account at /cuenta/, the issuance of credentials and the accounting of your word balance.
  • Administrative management, invoicing and compliance with tax and accounting obligations.
  • Customer service and resolution of technical issues.
  • Sending essential operational communications (purchase confirmation, incidents, service changes).
  • Sending commercial communications about news, improvements or promotions, provided that you have given your express consent. You may revoke it at any time.
  • Statistical analysis and service improvement, using aggregated or pseudonymised data whenever possible.
  • Fraud prevention and ensuring the security of the platform.

4. Legal basis for processing

The lawfulness of the processing is based, depending on the purpose, on the following legal bases of Article 6 GDPR:

  • Performance of a contract (Art. 6.1.b GDPR): provision of the service, account management, invoicing and support.
  • Compliance with a legal obligation (Art. 6.1.c GDPR): retention of invoices and accounting documentation for the statutory periods.
  • Legitimate interest (Art. 6.1.f GDPR): platform security, fraud prevention and service improvement with aggregated data.
  • Consent (Art. 6.1.a GDPR): sending commercial communications, use of non-technical cookies.

5. Retention periods

We retain data for the time strictly necessary for the purposes for which it was collected:

  • Account and contractual relationship data: as long as you keep your account active and, after its closure, for the limitation periods of possible liabilities.
  • Billing data: 6 years in accordance with the Commercial Code and tax regulations.
  • Content sent for translation: ephemeral processing; technical logs are kept for a maximum of 30 days unless there is a legal obligation.
  • Commercial communications: until you revoke your consent.
  • Browsing data and cookies: as indicated in the Cookies Policy.

6. Data recipients

To provide the service we share certain data with providers who act as data processors under a contract signed in accordance with Art. 28 GDPR:

  • Artificial intelligence providers: OpenAI (OpenAI, L.L.C., USA) for processing translations. Texts are sent to their APIs and processed under policies that prohibit model retraining with enterprise API data.
  • Payment gateways: Stripe and/or PayPal to process payments securely in accordance with the PCI-DSS standard.
  • Hosting and CDN provider: to host the website, the API and the databases in data centers located preferably in the European Union.
  • Transactional email provider: for sending operational emails (invoices, credentials, support).
  • Public authorities and Courts when there is a legal obligation to provide the information.

7. International transfers

Some of our providers, such as OpenAI, are located outside the European Economic Area, specifically in the United States. These transfers are carried out with the appropriate safeguards provided for by the GDPR: adherence to the EU–U.S. Data Privacy Framework when the provider is certified, and failing that, by signing Standard Contractual Clauses approved by the European Commission (Decision 2021/914). Additional technical measures are also applied, such as encryption in transit (TLS) and pseudonymisation where applicable.

8. User rights

In accordance with Articles 15 to 22 of the GDPR, you may exercise the following rights at any time:

  • Access: obtain confirmation as to whether we are processing your data and access it.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure (“right to be forgotten”): request the deletion of your data when it is no longer necessary.
  • Objection: object to the processing on grounds relating to your particular situation.
  • Restriction of processing: request that the use of your data be temporarily limited.
  • Portability: receive your data in a structured, commonly used and machine-readable format.
  • Withdrawal of consent at any time, without retroactive effect.
  • Not to be subject to automated decisions with significant legal effects.

To exercise these rights you can send an email to info@mistertranslate.com indicating the right you wish to exercise and attaching a copy of an identification document. We will respond within a maximum period of one month.

If you believe that your rights have not been properly addressed, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD), with address at Calle Jorge Juan 6, 28001 Madrid, or through its electronic headquarters www.aepd.es.

9. Data security

We apply appropriate technical and organisational measures to ensure a level of security appropriate to the risk: TLS encryption in communications, password hashing, role-based access control, encrypted backups, access logging and staff training. We review and update these measures regularly.

10. Amendments

We may update this Privacy Policy to adapt it to legal, technical or service changes. We will notify you of any material changes by email or by means of a prominent notice on the website. The date of the last update appears at the end of the document.

Last updated: 14 April 2026

Shopping Cart