Privacy Policy

Last updated: 27 November 2025

This Privacy Policy explains how Xieta AI Pvt Ltd ("Company", "we", "us", "our") collects, uses, shares and protects your personal data when you use our website www.asktranslator.com and related services (collectively, the "Service" or "AskTranslator").

This Policy is framed having regard to the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025, to the extent applicable, as well as Section 43A of the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, as amended from time to time.

By accessing or using AskTranslator, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Service.

1. Who We Are

For the purposes of the Digital Personal Data Protection Act, 2023, Xieta AI Pvt Ltd is the "Data Fiduciary" and individual users are "Data Principals".

2. Scope of This Privacy Policy

This Privacy Policy applies to:

  • Visitors to our website www.asktranslator.com
  • Users who create an account and log in to use AskTranslator
  • Users who upload documentsfor translation
  • Users who receive communications (emails, SMS, WhatsApp, in-app) related to their accounts, transactions, and offers

It does not apply to:

  • Third-party websites, services, or applications that are linked from our Service
  • Any processing performed solely by such third parties under their own privacy policies

3. Personal Data We Collect

We collect the following categories of personal data when you use AskTranslator.

3.1 Data You Provide Directly

Account and Profile Data

  • Full name
  • Email address
  • Mobile number

Content You Upload

  • Documents, and other content uploaded for translation
  • Any personal data contained within such documents or text (for example, names, addresses, contract details, etc.)

Communications with Us

  • Emails, support requests, feedback, and other correspondence
  • Responses to surveys or feedback forms

3.2 Data Collected Automatically

When you use the Service, we automatically collect certain technical data, including:

  • IP address
  • Device identifiers
  • Browser type and version
  • Operating system and device information
  • Date and time of access
  • Pages viewed, links clicked, and usage patterns
  • Session information and log data

We may use cookies, web beacons, pixels, and similar technologies to collect some of this information. See Section 9 (Cookies and Similar Technologies).

3.3 Data from Third Parties

We may receive limited personal data about you from third-party service providers, such as:

  • Email / SMS / WhatsApp delivery providers (e.g., delivery status, bounce information)
  • Payment gateways (e.g., partial transaction details, status – if/when you add payments)
  • Analytics tools (aggregated usage and performance information)

4. How We Use Your Personal Data

We process your personal data for the following purposes:

  1. To provide and operate AskTranslator

    • Creating and managing user accounts
    • Processing your uploaded documents and text for translation
    • Displaying translation results and maintaining your translation history (where applicable)

  2. To perform translations and related language processing

    • Converting and processing text for translation and language–related outputs
    • Using third-party AI / language APIs (e.g., Google Gemini) to process content and return results

  3. To communicate with you

    • Sending transactional messages (e.g., OTPs, login alerts, translation status, receipts)
    • Sending service notifications (e.g., policy updates, security alerts, feature announcements)
    • Sending promotional / coupon / marketing communications via email, SMS, WhatsApp, or in-app messages, where allowed by law and your preferences

  4. To receive payments through our third-party provider - PayU

  5. To improve the Service

    • Monitoring usage, performance, and trends
    • Troubleshooting, research, analytics, and product improvements
    • Developing new features and functionalities

  6. To ensure security and prevent misuse

    • Detecting and preventing fraud, abuse, and security incidents
    • Enforcing our Terms of Service and other policies

  7. To comply with law and legal requests

    • Responding to lawful requests, court orders, or regulatory requirements
    • Maintaining records as required under applicable laws

5. Legal Bases for Processing

Depending on the context, we process your personal data under one or more of the following legal bases:

  • Your consent – for example, for marketing communications or where required under the DPDP Act.
  • Performance of contract – to provide you with the AskTranslator service you have requested.
  • Compliance with legal obligations – to respond to legal or regulatory obligations.
  • Legitimate interests – for security, fraud prevention, service improvement, and business analytics, to the extent such interests are not overridden by your rights.

Where processing is based on consent, you have the right to withdraw your consent at any time as described in Section 11.

6. How We Handle Your Uploaded Documents and Content

Your uploaded documents and text are central to our Service. We treat them with care:

  1. Purpose limitation

    • We use the content of uploaded documents only for:

      • Translating or processing the text as requested by you
      • Improving the quality, accuracy, and performance of the Service in a privacy-respecting manner (for example, using aggregated or anonymised data where possible)

  2. Access controls

    • Access to your documents is restricted to authorised systems and, where strictly necessary, authorised personnel for operations, support, and troubleshooting.

  3. Storage location

    • Our primary application databases and storage buckets are hosted on Google Cloud servers located in India (e.g., India regions).

  4. Third-party AI processing

    • To provide high-quality translation and language services, we may send text (and therefore personal data contained in it) to third-party AI / language service providers such as Google Gemini APIs or similar services.
    • These providers may process the data on servers located outside India. They are engaged as service providers and are contractually required to use the data only to provide their services to us and to implement appropriate security measures.

  5. Sensitive or regulated data caution

    • AskTranslator is not designed for processing highly sensitive regulated identifiers (e.g., Aadhaar numbers), financial account details, or special category data (e.g., health information) unless strictly necessary.
    • We strongly encourage you to avoid uploading documents that contain more personal data than is necessary for translation.

  6. Retention

    • See Section 10 (Data Retention) for how long we keep your documents and related data.

7. Cross-Border Transfer of Personal Data

Although we primarily store personal data (including databases and Google Cloud Storage buckets) on servers located in India, some processing and transfer may occur across borders:

  1. Third-party service providers

    • We may use third-party providers for:

      • Email, SMS, and WhatsApp communication (e.g., Brevo or similar providers)
      • AI / language processing APIs (e.g., Google Gemini)
      • Payment Service provider -  PayU
      • Analytics and logging tools

    • These providers may be located outside India and may process personal data on their infrastructure in other countries.

  2. Legal framework

    • Cross-border transfers will be conducted in accordance with the Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025, including any restrictions or conditions imposed by the Government of India (such as a list of restricted countries or sector-specific conditions).

  3. Protections

    • We ensure that such transfers are subject to appropriate contractual, technical, and organisational safeguards, including:

      • Contractual obligations on service providers to protect personal data and use it only for specified purposes
      • Security controls such as encryption in transit and at rest (where applicable)
      • Limiting access to authorised personnel

By using the Service, you understand that your personal data may be processed in countries that may have different data protection laws than India, but we will take all reasonable steps to ensure that your data is treated securely and in accordance with this Policy.

8. Sharing of Personal Data

We do not sell your personal data.

We may share your personal data in the following limited circumstances:

  1. Service providers / data processors

    • Cloud hosting providers (e.g., Google Cloud)
    • AI / language processing providers (e.g., Google Gemini APIs)
    • Email, SMS, and WhatsApp communication providers (e.g., Brevo or similar)
    • Analytics, logging, and monitoring tools
    • Payment gateways and billing providers These parties act on our instructions and are bound by contractual obligations to protect your data.

  2. Business transfers

    • In connection with any merger, acquisition, asset sale, or reorganisation, your personal data may be transferred as part of the transaction. In such cases, we will ensure that the receiving entity is bound by obligations consistent with this Policy.

  3. Legal and regulatory obligations

    • Where required by law, regulation, legal process, or governmental request
    • To protect the rights, property, or safety of Xieta AI Pvt Ltd, our users, or the public
    • To detect and address security or fraud issues

  4. With your consent

    • We may share information with third parties if you have given us explicit consent to do so.

9. Cookies and Similar Technologies

We use cookies and similar technologies to:

  • Keep you logged in and maintain your session
  • Remember your preferences
  • Analyse usage, performance, and trends

You can configure your browser to block or delete cookies, but some parts of the Service may not function properly if you do so.

Where required by law, we may display a cookie notice or banner and obtain your consent for non-essential cookies.

10. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy or as required by law.

Indicatively:

  • Account data – kept for as long as your account is active and for a reasonable period thereafter to comply with legal obligations or resolve disputes.
  • Uploaded documents and translation data – "Uploaded documents are retained for a period of 90 days** to allow you to download your translation, after which they are removed from online access and moved to offline storage. Thereafter they are retained on offline storage as long as your account is active and for a reasonable period thereafter to comply with legal obligations or resolve disputes.
  • Logs and usage data – retained for a limited period for security, analytics, and operational purposes.

We may retain anonymised or aggregated data that does not identify you for longer periods.

11. Your Rights and Choices

Subject to applicable law, particularly the Digital Personal Data Protection Act, 2023, you may have the following rights as a Data Principal:

  1. Right to access – You can request confirmation of whether we process your personal data and obtain reasonable access to such data.
  2. Right to correction and updating – You can request correction or updating of inaccurate or incomplete personal data.
  3. Right to deletion / erasure – You can request deletion of your personal data, subject to legal and contractual limitations.
  4. Right to withdraw consent – Where processing is based on your consent (e.g., marketing communications), you can withdraw that consent at any time.
  5. Right to grievance redressal – You can raise a grievance with our Grievance Officer using the details in Section 15.
  6. Right to nominate – Where provided under applicable law, you may nominate another individual to exercise your rights in case of death or incapacity.

You can exercise many of these rights directly via your account settings (where available), or by contacting us at support@xieta.ai.

We may verify your identity before responding to certain requests and may decline requests where we are permitted or required to do so by law.

12. Marketing Communications

We may send you emails, SMS, WhatsApp messages, or in-app notifications regarding:

  • Transactional and service-related updates
  • Offers, discounts, and coupons
  • Product updates, newsletters, and promotions

You can opt out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in email communications, or
  • Replying with the prescribed opt-out keyword for SMS/WhatsApp where provided, or
  • Adjusting your communication preferences in your account (if available), or
  • Contacting us at support@xieta.ai with your request.

Even if you opt out of marketing, you may still receive transactional or service-related messages (e.g., account alerts, security notices).

13. Data Security

We implement reasonable security practices and procedures to protect your personal data from unauthorised access, alteration, disclosure, or destruction, consistent with the IT Act and the 2011 Rules. These measures include, where appropriate:

  • Access controls and authentication mechanisms
  • Segregation of environments and least-privilege access

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

14. Children’s Privacy

The Service is not intended for children under 18 years of age.

  • We do not knowingly collect personal data from children under 18.
  • If you are a parent or guardian and believe your child has provided us with personal data, please contact us so we can take appropriate action.
  • If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete such data, except where retention is required by law.

Where we are legally permitted or required to provide services to minors, we will obtain verifiable parental or guardian consent as required under applicable law.

15. Grievance Officer and Contact Details

In accordance with the IT Act, 2000 and the DPDP Act, 2023, we have designated a Grievance Officer:

  • Name: G.S. Nagra
  • Designation: Grievance Officer – AskTranslator
  • Email: grievance@xieta.ai
  • Postal Address: Xieta AI Private Limited, Plot No.25, 1st Floor, Industrial Area Phase-I, Chandigarh, India, 160002

If you have any questions, concerns, or complaints regarding this Privacy Policy or our handling of your personal data, you may contact the Grievance Officer using the details above. We will endeavour to respond within the timelines prescribed under applicable law.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in:

  • Legal or regulatory requirements
  • Our Service, technologies, or business practices

When we make material changes, we will:

  • Update the "Last updated" date at the top, and
  • Provide you with additional notice where required by law (for example, via email or an in-app notice).

Your continued use of the Service after any changes to this Policy will constitute your acknowledgment and acceptance of the updated Policy.

17. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact:

Xieta AI Pvt Ltd Xieta AI Private Limited, Plot No.25, 1st Floor, Industrial Area Phase-I, Chandigarh, India, 160002 Email: support@xieta.ai