Privacy Policy

Last updated: May 26, 2026

1. Introduction

Welcome to sproe.ch ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Swiss German translation service.

This policy complies with the EU General Data Protection Regulation (GDPR) and Swiss data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

sproe.ch
Contact: [email protected]

3. Data We Collect

3.1 Account Information

• Email address
• Display name (if provided)
• Profile photo (if using Google sign-in)
• Authentication provider (email or Google)
• Account creation date

3.2 Usage Data

• Translation requests (input text, selected dialect, output text)
• Audio playback usage
• Quota usage (daily/monthly translation and audio counts)
• Feature usage patterns
• Session information and timestamps

3.3 Technical Data

• IP address (for security and fraud prevention)
• Browser type and version
• Device information
• Analytics data (via Google Analytics 4)

4. How We Use Your Data

We use your personal data for the following purposes:

4.1 Service Provision

• Authenticate your account and manage access
• Process translation and TTS requests
• Enforce usage quotas based on your tier
• Provide translation history and favorites

4.2 Service Improvement

• Analyze translation quality and user feedback
• Monitor service performance and reliability
• Develop new features and improvements

4.3 Communication

• Send service-related notifications
• Respond to support requests
• Notify about important changes to the service

4.4 Legal Compliance

• Comply with legal obligations
• Detect and prevent fraud or abuse
• Enforce our Terms of Service

5. Legal Basis for Processing (GDPR)

We process your personal data based on:

• Consent: You provide consent when creating an account
• Contract: Processing is necessary to provide our services
• Legitimate Interests: Service improvement, security, and fraud prevention
• Legal Obligation: Compliance with applicable laws

6. Data Retention

• Account Data: Retained while your account is active
• Translation History: 30-day rolling retention period
• Quota Data: Retained while account is active, reset daily/monthly
• Analytics Data: Aggregated data retained for 26 months (Google Analytics default)

Upon account deletion, all personal data is permanently deleted immediately, except where retention is required by law.

7. Data Sharing and Disclosure

We do not sell your personal data. We share data only with:

7.1 Service Providers (Third-Party Processors)

We work with the following third-party data processors under GDPR/revFADP Data Processing Agreements:

AI Translation Services

• Google (AI Platform):
  • Purpose: AI-powered Swiss German translation
  • Data Shared: Input text for translation, selected dialect
  • Location: International (Google infrastructure, may process data outside Switzerland)
  • Retention: Translations processed in real-time; user data not retained by Google

Text-to-Speech Services

• Microsoft Azure Cognitive Services:
  • Purpose: Text-to-speech audio generation
  • Voice: Swiss German female voice
  • Data Shared: Translated text for audio generation
  • Location (tier-specific):
    • Free tier: EU regions (community capacity)
    • Personal/Pro tiers: Swiss regions only
  • Retention: Audio generated in real-time; no long-term storage by Microsoft
  • Compliance: Microsoft GDPR Data Processing Agreement applies
  • Note: Audio is delivered temporarily; your account data and translations are stored in Swiss-hosted infrastructure regardless of tier

Backend Infrastructure

• Google Firebase (Google Cloud Platform):
  • Purpose: User authentication, database storage, cloud functions
  • Services: Firebase Auth, Firestore Database, Cloud Functions v2
  • Data Shared: User profiles, translation history, phrasebooks, quota data
  • Location: Switzerland
  • Retention: Data retained until account deletion or as per retention policy
  • Compliance: Google Cloud GDPR Data Processing Agreement applies

Quality Monitoring

• Langfuse (Observability Platform):
  • Purpose: Translation quality tracking and monitoring
  • Data Shared: Translation metadata, quality metrics (non-user-identifiable data only)
  • Location: Oracle Cloud, Swiss-hosted
  • Retention: 30 days for quality review, then deleted
  • Privacy: No personally identifiable information (PII) is sent to Langfuse

Analytics

• Google Analytics 4:
  • Purpose: Usage statistics and service improvement
  • Data Shared: Anonymized usage patterns, device info, session data
  • Location: Google data centers (EU/US)
  • Retention: 26 months (Google Analytics default)
  • Control: You can opt out via browser settings or ad blockers

All third-party processors are contractually bound to comply with GDPR and Swiss revFADP requirements. Data Processing Agreements (DPAs) are in place where required.

7.2 Legal Requirements

We may disclose your data if required by law, court order, or to protect our rights and safety.

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

• HTTPS encryption for all data transmission
• Firebase security rules to restrict data access
• Secure authentication with Firebase Auth
• Regular security audits and updates
• Data hosted in Switzerland

9. Your GDPR Rights

You have the following rights regarding your personal data:

9.1 Right to Access

Request a copy of all personal data we hold about you. You can:

• Use the "Export My Data" feature in Settings to download your data in JSON format
• Email [email protected] to request a complete data export

Response time: We will provide your data within 30 days of your request (as required by GDPR).

9.2 Right to Rectification

Request correction of inaccurate or incomplete data:

• Update your profile information directly in Settings
• Contact us at [email protected] for assistance with data corrections

9.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data:

• Use the "Delete My Account" feature in Settings for immediate account deletion
• Email [email protected] to request data deletion

Deletion timeline: Account deletion is immediate and irreversible. All associated data (profile, translations, history, phrasebooks) is permanently deleted within 30 days.

9.4 Right to Restrict Processing

Request limitation of processing under certain circumstances.

9.5 Right to Data Portability

Receive your data in a structured, machine-readable format (JSON export).

9.6 Right to Object

Object to processing based on legitimate interests.

9.7 Right to Withdraw Consent

Withdraw consent at any time by deleting your account.

10. Cookies and Tracking

We use the following cookies and tracking technologies:

10.1 Essential Cookies (Required)

• Firebase Authentication Tokens: Session cookies for user authentication and authorization
  • Purpose: Maintain logged-in session
  • Duration: Session-based (until logout or browser close)
  • Cannot be disabled (required for service functionality)

10.2 Analytics Cookies (Optional)

• Google Analytics 4: Usage statistics and service improvement
  • Purpose: Track page views, feature usage, user flows
  • Duration: Up to 26 months
  • Opt-out: Disable via browser settings or use ad blockers

10.3 Local Storage

• User Preferences: Stored in browser local storage
  • Dialect selection (last used dialect)
  • Theme preferences (dark/light mode)
  • Translation history for guest users (not synced to server)

You can disable non-essential cookies through your browser settings, but this may limit analytics functionality. Essential cookies cannot be disabled as they are required for the service to function.

For more details, see our Cookie Policy.

11. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies.

12. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately.

13. International Data Transfers

Your data is primarily stored in Switzerland. Translation inputs are processed by Google (international infrastructure). Some service providers (Google, Microsoft) may process data in other regions. All transfers comply with GDPR requirements through:

• Standard Contractual Clauses (SCCs)
• Privacy Shield (where applicable)
• Adequate data protection safeguards

Tier-Specific Data Processing:

• All tiers: Account data, translations, history, and authentication - stored in Switzerland
• Free tier: TTS audio generated via EU Azure regions for cost efficiency (temporary delivery only, not stored)
• Personal/Pro tiers: TTS audio generated in Swiss Azure regions (EU regions for Free tier)

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. The "Last updated" date at the top indicates the latest revision.

15. Contact Us

For questions, concerns, or to exercise your rights, contact us:

Email: [email protected]
Response time: Within 30 days (as required by GDPR)

16. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority. For Switzerland:

Federal Data Protection and Information Commissioner (FDPIC)
www.edoeb.admin.ch