Legal
Privacy Policy
How we collect, use, and protect your data. We believe in being straightforward about this — no legalese walls, no hidden surprises.
Effective date: March 1, 2026
The short version
- We do not sell your data — not now, not ever.
- Your audio is processed by OpenAI's Realtime API but is never stored and not used to train AI models.
- You can delete your account data at any time.
- We use minimal cookies — no ad trackers.
- EU users get full GDPR protections, and we extend similar rights to everyone.
1. What We Collect
When you use Papagaio, we collect information you provide directly: your name, email address, and payment details when you create an account and subscribe to a plan. During live translation sessions, we process your audio in real time to provide voice translation. Additionally, we automatically collect usage data such as IP addresses, browser type, device information, and pages visited to keep the Service running smoothly and to understand how it is used.
2. How We Use Your Data
We use your data to provide the Service — specifically, to translate your voice in real time during live sessions, manage your account, process payments, and communicate with you about your account or the Service. We also use aggregated, anonymized usage data to improve the platform. We do not sell your personal data to anyone. Period.
3. Third-Party Processing (OpenAI & Others)
To provide real-time voice translation, we stream your audio to third-party AI providers, primarily OpenAI. We want to be transparent about this: your audio is transmitted to OpenAI's Realtime API for processing. Audio is processed in real time and never stored. Under our agreement with OpenAI, content submitted via the API is not used to train their models. We also use third-party services for payment processing (Stripe), email delivery, and infrastructure hosting. Each provider is bound by data processing agreements that limit how they can use your data.
4. Data Storage & Security
Your account data is stored on encrypted servers. Data is encrypted at rest using AES-256 and in transit via TLS 1.3. Audio is processed in real time and never stored on our servers. We implement access controls, audit logging, and regular security reviews. While no system is 100% secure, we take reasonable and industry-standard measures to protect your data. If we ever discover a breach that affects your personal data, we will notify you promptly.
5. Data Retention
Audio is processed in real time and never stored. We retain session metadata (languages used, duration, timestamps) according to your plan's settings. When you close your account, we remove your data from our active systems within 30 days. Backups may retain data for up to an additional 90 days before being purged. You can request immediate deletion by contacting [email protected].
6. Your Rights (GDPR & Beyond)
Regardless of where you are located, we respect your data rights. You have the right to: access the personal data we hold about you; correct inaccurate data; request deletion of your data; export your data in a portable format; object to or restrict certain processing; and withdraw consent at any time where processing is based on consent. For EU/EEA residents, we process data under legitimate interest (providing the Service) and contract performance. To exercise any of these rights, email [email protected] and we will respond within 30 days.
7. Cookies
We use a small number of cookies to keep you logged in and to remember your preferences. We use analytics cookies to understand aggregate usage patterns. We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but some features of the Service may not function correctly without them.
8. International Data Transfers
If you choose US-region processing, your data is processed and stored in the United States. If you choose EU-region processing, your data stays within the European Union. For transfers outside the EEA, we rely on Standard Contractual Clauses or other legally approved mechanisms to ensure adequate protection.
9. Children's Privacy
Papagaio is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at [email protected] and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or an in-app notice at least 14 days before the changes take effect. The "Effective date" at the top of this page will be updated accordingly.
11. Contact Us
If you have questions about this Privacy Policy or how we handle your data, reach out to us at [email protected]. For security-specific concerns, contact [email protected]. We aim to respond within one business day.
Have a question?
If anything in this policy is unclear or you want to exercise your data rights, get in touch. We are real people and we will get back to you quickly.
Contact Us