Privacy Policy

Legal basis for processing

We process your personal data based on the following legal grounds, in accordance with the Personal Information Protection Law of the PRC, the EU GDPR, and other applicable regulations:

• Contract performance:Data necessary to provide translation services (e.g., document content, contact email).
• Legitimate interests:Prevent fraud, improve service quality, and ensure system security.
• Legal obligations:Comply with AML, KYC, tax reporting, and other statutory obligations.
• User consent:Uploading files and using our services indicates your explicit consent to this policy.

Withdrawal of consent:You may withdraw consent at any time, which may prevent us from continuing to provide services. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

1. Information collection

To provide translation services, we collect the following information:

• Files you upload (which may include bank statements, asset certificates, and sensitive personal data).
• Your contact email (used for quotes and delivery).
• Payment and transaction records (handled securely by third-party payment providers; we do not store your credit card numbers).

2. Use of information and confidentiality

We rely on your trust and strictly follow confidentiality obligations:

• Purpose limitation:Your files are used only for internal translation processing and are never used for advertising or sold to third parties.
• Minimum access:Only relevant translators and reviewers can access your files.
• Confidentiality agreements:All personnel with access to files have signed strict confidentiality agreements.

3. Data retention and deletion

To protect your data, we enforce strict lifecycle management:

• Default retention period:After order completion, files are retained for 7 days for review or revision requests.
• Automatic deletion:After 7 days, all original and translated files are permanently deleted and cannot be recovered.
• On-request deletion:You may request immediate deletion at any time; we will complete it within 48 hours of confirmation.

Verifiability of data deletion

To ensure transparency and auditability of deletion, we provide the following safeguards:

• Deletion confirmation:You may request a deletion confirmation email including the time and scope of deletion.
• Audit logs:All deletion operations are recorded in tamper-resistant audit logs, retained for 90 days for verification.
• Backup cleanup:After deletion, backups are purged in the next backup cycle (within 7 days at most).
• Third-party notification:If data has been shared with third-party providers (e.g., cloud storage), we will instruct them to delete it as well.
• Legal retention exceptions:If the law requires retention of transaction records (e.g., AML laws requiring 5 years), we delete them after the legal retention period ends.

4. Accuracy and disclaimers

Please read the following disclaimers carefully:

• Accuracy statement:We strive for accuracy through professional processing and human review, but we do not provide any express or implied guarantees of absolute accuracy, completeness, or fitness for a particular purpose.
• Third-party acceptance:Different countries and institutions (e.g., immigration offices, banks, schools) may have different requirements. You must confirm whether our service meets the target institution's requirements. Consequences of non-acceptance are the user's responsibility.
• Limitation of liability:To the maximum extent permitted by law, BankTranslate is not liable for any incidental, consequential, or indirect damages caused by delays, errors, or omissions (including lost profits or business interruption). Our total liability is capped at the fees you paid for the service.

5. Refund policy

We are committed to your satisfaction. For full details, please see the Refund Policy page. Summary:

• Full refunds:If we fail to deliver within the promised time or there are major objective translation errors (e.g., number errors, critical terminology errors) that cannot be resolved after correction, you may request a full refund.
• Non-refundable cases:Subjective differences due to unclear source files, missing terminology references, or user-side changes in need do not qualify for refunds.
• Application window:Within 7 days after delivery.

6. Cookies and tracking technologies

6.1 Types of cookies we use

We use the following cookies and similar technologies to improve your experience:

• Essential cookies:Maintain basic site functionality (e.g., session persistence, security verification). These cookies cannot be refused.
• Analytics cookies:Google Analytics collects anonymous usage data (e.g., traffic, time on site, device type). You can refuse via browser settings.
• Advertising cookies:Google Ads conversion tracking to evaluate ad performance. You can refuse via browser settings.

6.2 Managing cookies

• Browser settings:You can manage cookie preferences in your browser, including blocking or deleting cookies.
• No impact on core service:Refusing analytics or advertising cookies will not affect the basic use of translation services.
• Cookie retention:Analytics and advertising cookies are retained for up to 2 years. Essential cookies are deleted at the end of the session.

6.3 Third-party cookies

We use the following third-party services, which may set their own cookies:

• Google Analytics:Traffic analytics. Privacy policy: Google Privacy Policy
• Google Ads:Ad conversion tracking. Privacy policy: Google Ads Policy

7. Policy updates

We may update this Privacy Policy and Terms of Service from time to time. The updated version will be posted on the website with the date indicated. Continued use of the service indicates acceptance of the revised terms.

9. Cross-border data transfers

To provide translation services, your data may be transferred and stored outside mainland China:

• Server locations:We use Vercel cloud services. Data may be stored in data centers in the United States, Singapore, and other regions. Specific locations are dynamically assigned by Vercel for performance optimization.
• Transfer encryption:All cross-border data transfers use TLS 1.3 encryption to ensure security in transit.
• EU users (GDPR):If you are in the EU, we comply with GDPR requirements:
  • Transfers outside the EU are protected by appropriate safeguards.
  • You have the right to access, correct, and delete your personal data.
  • You may withdraw consent for processing (which may prevent continued service).
• California users (CCPA):If you are a California resident, you have the right to know what personal information we collect and to request deletion.

Specific safeguards for cross-border transfers

We adopt the following technical and legal measures to ensure secure cross-border data transfers:

• Standard Contractual Clauses (SCC):We sign EU-approved SCCs with third-party providers (e.g., Vercel) to ensure GDPR-level protection.
• Data minimization:We transfer only the minimum information required for translation to reduce unnecessary cross-border data flow.
• Transfer logs:We record the time, destination, and data type of each cross-border transfer for regulatory auditing.
• Local-first principle:We prioritize the data center closest to the user (e.g., EU users are routed to EU nodes when available).
• Regular assessments:We assess third-party data protection measures annually to ensure ongoing compliance.

Consent to cross-border transfer:By uploading files, you acknowledge and consent to cross-border data transfers.

10. Protection of minors

We place a high priority on protecting minors' privacy:

• Age restriction:This service is intended only for adults aged 18 and above.
• No collection from minors:We do not knowingly collect personal information from users under 18.
• Parent/guardian responsibility:If you believe a minor has used our service without guardian consent, please contact us immediately.
• Data deletion:If a user is identified as a minor, we will delete all data and terminate service within 48 hours.

11. Data security measures

We use industry-standard technical and administrative measures to protect your data:

Technical security measures

• Transport encryption:All data transfers use HTTPS/TLS 1.3 encryption.
• Storage encryption:Files stored on servers use AES-256 encryption.
• Access control:Multi-factor authentication (MFA) and role-based access control follow the principle of least privilege.
• Network isolation:Production and development environments are physically isolated to prevent unauthorized access.

Special protections for bank statements

For highly sensitive financial files (bank statements, asset certificates), we apply additional safeguards:

• End-to-end encryption:Files are encrypted upon upload, temporarily decrypted only during processing, and re-encrypted immediately after completion.
• Segmented storage:Source files and translations are stored separately in different encrypted partitions to prevent correlation attacks.
• Operational restrictions:Processing terminals disable screenshots, screen recording, and external storage devices.
• Watermark tracing:Internal files carry invisible digital watermarks so leaks can be traced to responsible personnel.
• Access auditing:All file access events are logged in real time (user, time, IP, action type).

Administrative security measures

• Staff training:All employees receive regular training on data security and privacy protection.
• Confidentiality agreements:All personnel with access to user data sign strict NDAs.
• Audit logs:All file access and download operations are logged and retained for at least 90 days.
• Regular audits:Quarterly internal audits and annual external security assessments.
• Incident response:We maintain a data breach response plan and notify affected users within 72 hours if a breach occurs.

Security limitations

Despite these measures, no system is 100% secure. We cannot guarantee:

• Complete prevention of cyberattacks, hacking, or data leaks.
• That third-party service providers (e.g., cloud providers) will never have security incidents.
• That data leaks will not occur due to user-side issues (e.g., password leakage, device loss).

User advice:Please safeguard your credentials, avoid accessing sensitive information on public devices, and keep your devices up to date with security patches.

8. Contact us

For legal or privacy-related questions, please contact our compliance team:support@banktranslate.com

Compliance email:compliance@banktranslate.com

Legal entity:Infinite Margin Technology Co., Ltd.

Registered address:Room 1703, Building 6, Tianfu Software Park, Chengdu Hi-Tech Zone, Sichuan 610041, China