Privacy Policy

Localizeflow Privacy Policy

Effective Date: January 17, 2026

Last Updated: January 17, 2026

This Privacy Policy explains how Localizeflow ("Localizeflow", "we", "our", or "us") collects, uses, and shares information when you use our websites, products, and services (collectively, the "Services"). This Policy is intended for business customers and users of our B2B SaaS localization platform.

Definitions

For the purposes of this Privacy Policy:

  • "Services" means the Localizeflow platform, including our web application, APIs, integrations (such as our GitHub App), related tools, and associated support.
  • "Customer" means the organization or entity that has entered into an agreement with Localizeflow to use the Services.
  • "User" means an individual who accesses or uses the Services on behalf of a Customer, such as an employee, contractor, or collaborator.
  • "Customer Content" (also referred to as "Client Data") means documentation, source files, repository content, localization assets, and any other data that a Customer or User submits to, stores on, or processes through the Services, including via our GitHub App integration.
  • "Personal Data" means any information relating to an identified or identifiable natural person, as defined under applicable data protection law.
  • "Subprocessors" means third-party service providers that process Personal Data on our behalf to support the provision of the Services.

Information We Collect

We collect different types of information depending on how you interact with the Services. This section describes the categories of information we collect.

User-provided information

We collect information that Users and Customers provide directly to us, including:

  • Account information such as GitHub user identifiers (for example, GitHub user ID and login), the email address provided to us by GitHub during OAuth sign-in (if available), organization or workspace name, and role or permissions within an account or workspace.
  • Profile and preference information such as language preferences, notification settings, and communication preferences.
  • Communication information, including messages you send to us via email or support channels, and feedback you provide about the Services.
  • Billing and payment information such as billing contact details, tax information, subscription plan details, and limited payment-related information (most payment card information is processed directly by our payment processor and is not stored by us).

Authentication for the Services is handled via GitHub OAuth. We do not collect or store user passwords (including hashed passwords) for the Services.

Customer Content (Client Data)

Customers and Users may upload or otherwise submit Customer Content to the Services. This may include, for example:

  • Documentation files such as Markdown, HTML, and other text-based formats.
  • Images, screenshots, diagrams, and other media used in documentation.
  • Notebooks (for example, Jupyter notebooks) and related assets.
  • Localization files and translation resources, including language files and related metadata.
  • Repository content accessed via our GitHub App integration, limited to the repositories and scopes authorized by the Customer.

As between the Customer and Localizeflow, the Customer retains all right, title, and interest in and to Customer Content. Customers are responsible for ensuring they have the necessary rights to use and provide Customer Content in connection with the Services.

Localizeflow processes Customer Content solely for the purpose of providing the Services and in accordance with the Customer's instructions, as described in the applicable agreement and this Privacy Policy.

To perform localization workflows, we may run containerized jobs that temporarily clone the repositories and paths a Customer has authorized via our GitHub App integration in order to generate translations and open pull requests. These working copies are short-lived and are not maintained as persistent full mirrors of Customer repositories outside of GitHub. We may, however, retain limited metadata and logs (for example, file paths, commit identifiers, language and token counts, and error information) for security, billing, troubleshooting, and analytics purposes, as further described in this Policy.

We do not use Customer Content to train generalized machine learning models that are available to other customers or third parties, unless a Customer has explicitly opted in to such use in a separate written agreement or configuration.

Automatically collected information

When you access or use the Services, we automatically collect certain information about your device and usage, including:

  • Log data such as IP address, browser type, operating system, device identifiers, referring URLs, pages viewed, links clicked, and the date and time of access.
  • Service usage information such as authentication events, API calls, localization workflows initiated, and configuration changes.
  • Diagnostic and performance information, including error reports, performance metrics, and other telemetry data used to maintain and improve the Services.

Integrated services (GitHub)

Localizeflow provides a GitHub App integration that allows Customers to connect their GitHub accounts and repositories to the Services. When you authorize the GitHub App and sign in with GitHub OAuth, we may receive information from GitHub, including:

  • Repository metadata (for example, repository names, owners, branches, and settings) for repositories that you authorize.
  • File contents and file metadata for documentation and related assets within authorized repositories, as required to perform localization workflows and generate pull requests.
  • Information about pull requests, commits, branches, and checks related to operations performed by the Services.
  • GitHub user and organization identifiers and permissions necessary to operate the GitHub App integration, scoped to the permissions you or your organization grant to the GitHub App.
  • The email address associated with your GitHub account (where GitHub makes it available to us under the permissions you grant), which we use for account creation and management, authentication-related notices, and other service-related communications.

The specific data we access from GitHub is limited to what is reasonably necessary to operate the integration and provide the Services. You can revoke the GitHub App's access at any time through your GitHub account settings; however, revoking access may impact your ability to use certain features of the Services.

How We Use Information

We use the information we collect for the following purposes:

  • Providing and maintaining the Services, including operating our GitHub App integration, processing Customer Content for localization workflows, generating translations (including through third-party LLM or translation APIs acting as our Subprocessors), creating and updating pull requests, and providing core product functionality.
  • Security and abuse prevention, including authenticating Users, monitoring suspicious or unauthorized activity, protecting against fraud, investigating security incidents, and enforcing our terms and policies.
  • Billing and account management, including processing subscription payments, managing invoices, detecting and preventing fraudulent transactions, and communicating with Customers about their accounts.
  • Support and communications, including responding to inquiries, providing technical support, sending operational notices (for example, about changes to the Services or security alerts), and obtaining feedback.
  • Improving and developing the Services, including analyzing usage patterns, troubleshooting, testing new features, and enhancing the performance and usability of the Services. Where we use Customer Content for internal quality and improvement purposes, we do so in accordance with our contractual obligations and do not use Customer Content to train generalized AI or machine learning models that are shared with other customers, unless explicitly agreed otherwise.
  • Legal and compliance, including complying with applicable laws, regulations, legal processes, and enforceable governmental requests, and protecting the rights, property, or safety of Localizeflow, our Customers, Users, or the public.

How We Share / Disclose Information

We do not sell Personal Data. We share information as described below and only as permitted by applicable law and our contractual obligations.

  • Subprocessors and service providers: We engage third-party Subprocessors to provide infrastructure, hosting, storage, analytics, email delivery, customer support tools, and payment processing. These providers may process Personal Data on our behalf and are contractually obligated to protect the data and use it only for the purposes of providing services to us.
  • Integrated services: When you use our GitHub App or other integrations, we may share information with those services as necessary to operate the integration, consistent with your settings and the permissions you grant.
  • Professional advisors: We may share information with our legal, financial, and other professional advisors as necessary for the provision of their services and subject to appropriate confidentiality obligations.
  • Compliance with law and protection of rights: We may disclose information if we reasonably believe it is necessary to comply with a law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Localizeflow, our Customers, Users, or others.
  • Business transfers: If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, information may be transferred as part of that transaction, subject to appropriate confidentiality protections and continued protection consistent with this Privacy Policy.
  • With your direction or consent: We may share information with third parties when you request or authorize us to do so, or when it is reasonably necessary to fulfill a Customer's instructions in connection with the Services.

We do not use Customer Content for advertising purposes or sell Customer Content or Personal Data.

Your Choices & Rights

Depending on your location and applicable law, you may have certain rights regarding your Personal Data, including the right to access, correct, update, or delete your Personal Data, or to object to or restrict certain processing activities.

In most cases, Localizeflow acts as a processor of Customer Content on behalf of a Customer. If you are a User or individual whose data is processed in a Customer account, requests to exercise your data rights should generally be directed to the relevant Customer (for example, your employer or organization), which controls the account.

If you contact us directly with a request relating to Customer Content, we may forward your request to the relevant Customer or notify the Customer, and we will support the Customer in responding to your request consistent with our contractual obligations.

You may also:

  • Update certain account information and preferences directly within the Services.
  • Opt out of marketing communications by following the unsubscribe instructions in those communications or by contacting us. You will continue to receive transactional or service-related communications that are necessary for providing the Services.

Third-Party Services

The Services may link to or integrate with third-party services, such as GitHub and other tools you choose to connect. Your use of those third-party services is subject to their own terms and privacy policies, not this Privacy Policy.

We are not responsible for the privacy or security practices of third-party services that are not operated by Localizeflow, and we encourage you to review the applicable privacy policies before using such services or enabling integrations.

Cookies & Interest-Based Advertising

We and our third-party partners use cookies and similar technologies (such as web beacons, pixels, and local storage) to operate and improve the Services, understand usage patterns, and measure performance. We may also use analytics services to help us understand how the Services are used.

You can control cookies through your browser settings and, where available, through cookie management banners or tools. If you disable certain cookies, some features of the Services may not function properly.

We do not serve interest-based advertising within the core product. To the extent our marketing websites use third-party analytics or advertising tools, you may be able to opt out of certain interest-based advertising through browser-based mechanisms, device settings, or industry tools where available in your region.

Minors

The Services are intended for use by business customers and are not directed to individuals under the age of 16. We do not knowingly collect Personal Data from children under 16. If we become aware that we have collected Personal Data from a child under 16 without appropriate consent, we will take reasonable steps to delete such information.

Data Security

We implement technical and organizational measures designed to protect Personal Data and Customer Content against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures take into account the nature of the data and the risks associated with processing it.

No method of transmission over the internet or method of electronic storage is entirely free of risk. While we work to protect information, we cannot guarantee absolute security. Customers are responsible for maintaining the security of their account credentials and for configuring appropriate access controls within their repositories and the Services.

Data Retention

We retain Personal Data and Customer Content for as long as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements, or as otherwise permitted by applicable law.

Customers may control certain retention periods and deletion behaviors within the Services or via our GitHub App (for example, by removing repositories, disabling the integration, or deleting projects). Upon termination of a Customer's subscription, we will handle deletion or return of Customer Content in accordance with our agreement with the Customer and applicable law.

Customers may request deletion of specific Customer Content or accounts by contacting us. We may retain certain transactional or log information for a limited period as necessary for security, auditing, and legal compliance.

International Data Transfers

Localizeflow may process and store information in countries other than the country in which it was originally collected, including in jurisdictions where data protection laws may differ from those in your jurisdiction.

When we transfer Personal Data internationally, we take appropriate measures to protect the data in accordance with this Privacy Policy and applicable law, which may include using standard contractual clauses or other lawful transfer mechanisms.

Data Controller vs Data Processor

For most processing of Customer Content within the Services, Localizeflow acts as a data processor (or equivalent term under applicable law) on behalf of the Customer, which acts as the data controller (or equivalent). This means that the Customer is responsible for determining the purposes and means of processing Customer Content, and we process such data only in accordance with the Customer's instructions and our agreement with the Customer.

In some limited cases, such as processing account, billing, and website visitor information for our own business operations, Localizeflow may act as an independent controller of Personal Data. When we act as a controller, we do so in accordance with this Privacy Policy and applicable data protection laws.

Customers remain responsible for providing any required notices and obtaining any necessary consents from individuals whose Personal Data is included in Customer Content.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will provide notice as appropriate under the circumstances, for example by updating the Effective Date at the top of this page, posting a notice within the Services, or sending an email notification to account contacts.

Your continued use of the Services after the effective date of any updated Privacy Policy constitutes your acceptance of the revised Policy.

Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, or if you wish to exercise your data protection rights, you may contact us at:

Email: support@localizeflow.com

When contacting us, please provide sufficient details to allow us to understand your request and respond appropriately, including (where applicable) the name of the Customer organization with which you are associated.

Subprocessors

Localizeflow uses third-party Subprocessors to provide infrastructure and other services necessary to deliver the Services. The categories of Subprocessors we may use include:

  • Cloud infrastructure and hosting providers.
  • Database and storage providers.
  • Monitoring, logging, and analytics providers.
  • Email and communication delivery providers.
  • Customer support and helpdesk platforms.
  • Payment processing and billing providers.
  • LLM and translation API providers used to generate or assist with translations.

We require our Subprocessors to implement appropriate security measures and to process Personal Data only as necessary to provide services to Localizeflow and our Customers.