Legal

Privacy Policy

Effective: June 1, 2025 Last updated: June 1, 2025

Contents

1 — Who We Are
2 — Two Types of Data Subject
3 — Data We Collect from Customers
4 — Data Processed on Behalf of Customers (End-User Traffic)
5 — How We Use Customer Data
6 — Legal Bases for Processing
7 — Sharing Data
8 — Data Retention
9 — Your Rights
10 — Cookies & Tracking
11 — Security
12 — Changes to This Policy
13 — Contact

01Who We Are

Nativly ("we," "our," or "us") operates a website translation and localisation platform at nativly.app. This Privacy Policy explains what personal data we collect, why we collect it, how it is processed, and how we protect it.

For privacy-related questions or data requests, contact us at support@nativly.app.

02Two Types of Data Subject

Because Nativly sits between a website owner and their visitors, this policy covers two distinct groups:

Customers — website owners and developers who register for a Nativly account, connect their domain or script tag, and manage the Service from the dashboard. We are the data controller for Customer data.
End users — visitors to a Customer's website whose traffic passes through Nativly's edge network (DNS proxy integration). For this data, Nativly acts as a data processor on behalf of the Customer, who remains the data controller responsible for obtaining any necessary consents from their visitors.

If you are a visitor to a Nativly-powered website and have a privacy question about that site, please contact the website owner directly. Nativly does not control how Customers use their websites.

03Data We Collect from Customers

When you register and use Nativly, we collect:

Category	What it includes	Source
Account data	Full name, email address, hashed password	You, at registration
Google OAuth data	Name, email, and profile picture (if you sign in with Google)	Google
App configuration	Your connected domain(s), selected languages, widget preferences, DNS/CNAME settings	You, via the dashboard
Billing data	Subscription plan, billing cycle, and transaction records. Raw card details are handled by our payment processor — we do not store them.	You, at checkout
Usage & analytics	Dashboard activity, feature usage, and aggregated traffic metrics (e.g. page views per language, visitor country) for your connected apps	Automatically collected
Technical data	IP address, browser type, and session data for the Nativly dashboard	Automatically collected
Communications	Support emails and messages you send us	You

04Data Processed on Behalf of Customers (End-User Traffic)

When a visitor accesses a Nativly-powered translated URL, their HTTP requests pass through our edge network. This involves the transient processing of:

The visitor's IP address and request headers (to route and serve the translated page).
The URL and language preference selected.
Aggregated, anonymised traffic counts (used to populate the Customer's analytics dashboard).

We do not build profiles of individual end users, sell end-user data, or retain end-user request data beyond the time required to serve the response and generate aggregated metrics. We do not set tracking cookies on behalf of Customers' visitors.

Customers who use the DNS proxy integration are responsible as data controllers for their visitors' personal data and must ensure their own privacy notices address Nativly's involvement in serving their translated pages.

05How We Use Customer Data

We use Customer personal data to:

Create and authenticate your account and provide the Service.
Configure and operate your connected apps (DNS routing, script injection, language widget).
Process payments and manage your subscription.
Send transactional emails — account verification, password reset, billing receipts, and trial / renewal reminders.
Display analytics about your translated pages' traffic in your dashboard.
Respond to support requests and enquiries.
Detect and prevent fraud, abuse, and security incidents.
Comply with applicable legal obligations.
Improve the Service using aggregated, anonymised insights.

We do not sell Customer data to third parties, and we do not use it for targeted advertising.

06Legal Bases for Processing

Where GDPR or similar legislation applies, we rely on the following legal bases:

Contract — delivering the Service, managing your account, and processing payments.
Legitimate interests — improving the Service, ensuring network security, and preventing fraud, where not overridden by your rights.
Legal obligation — retaining billing and tax records as required by law.
Consent — optional communications such as newsletters. You may withdraw consent at any time.

07Sharing Data

We share personal data only in the following circumstances:

Infrastructure providers — cloud hosting, edge network, email delivery, and payment processing providers. All are under contractual obligations to process data only as instructed.
Google — if you use Google sign-in or if you use our Google Search Console URL submission feature on your behalf.
Legal requirements — if required by law, court order, or regulatory authority, or to protect the rights and safety of Nativly or others.
Business transfers — if Nativly is involved in a merger, acquisition, or asset sale, your data may be transferred. We will notify you before your data is subject to a different privacy policy.

We do not share data with advertisers or data brokers.

08Data Retention

We retain your personal data for as long as your account is active. When you delete your account, we delete or anonymise your personal data within 30 days, except where retention is required by law — for example, billing records for tax compliance may be kept for up to 7 years depending on jurisdiction.

Transient end-user request data (IP addresses, request headers) used for edge routing is not retained beyond the duration of the request and its contribution to aggregated analytics.

09Your Rights

Depending on your location, you may have the following rights over your personal data:

Access — request a copy of the data we hold about you.
Correction — ask us to correct inaccurate or incomplete information.
Deletion — request erasure of your data (the "right to be forgotten").
Portability — receive your data in a structured, machine-readable format.
Objection / restriction — object to or limit certain types of processing.
Withdraw consent — where processing relies on consent, withdraw it at any time without affecting prior processing.

To exercise any right, email support@nativly.app. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10Cookies & Tracking

On the Nativly dashboard and marketing site, we use:

Strictly necessary cookies — session tokens required for authentication. Cannot be disabled.
Functional cookies — remember your preferences (e.g. selected language, dashboard state).
Analytics — anonymised usage data to understand how Customers use the dashboard. No cross-site tracking or advertising cookies are used.

On Customers' translated websites served via Nativly's edge, we collect anonymised, aggregated data from visitor traffic — such as page views, language selections, and country of origin — to power the analytics shown in your dashboard. This data is not tied to individual identities and is not used for advertising or sold to third parties. We do not set persistent tracking cookies on your visitors' browsers.

11Security

We apply industry-standard security measures including TLS encryption for all data in transit, encrypted storage, hashed password storage, and role-based access controls that limit who within Nativly can access your data.

Our edge network infrastructure is designed so that end-user traffic is processed in memory for routing and never written to long-term storage in identifiable form.

In the event of a personal data breach that poses a risk to your rights, we will notify you and relevant supervisory authorities as required by applicable law.

12Changes to This Policy

We may update this Privacy Policy periodically. For material changes, we will notify you by email or via a dashboard notice at least 14 days before the updated policy takes effect. Your continued use of the Service after that date constitutes acceptance of the updated policy.

13Contact

For all privacy questions, data requests, or complaints:

Email: support@nativly.app

We aim to respond to all requests within 30 days.