Privacy Policy
Last updated: May 7, 2026
LokAI is an AI-powered localization management platform for software teams. This Privacy Policy explains how LokAI collects, uses, shares, and protects personal data when you visit our websites, use LokAI Studio, use our API or CLI, interact with our documentation, or contact us.
For this policy, “LokAI”, “we”, “us”, and “our” means [LEGAL ENTITY NAME], located at
[REGISTERED ADDRESS].
Contact us about privacy at [email protected].
1. Our role
Section titled “1. Our role”LokAI acts as a controller for personal data we decide how to process, including website visitor data, account data, billing or commercial contacts, support messages, security logs, analytics, and product communications.
LokAI acts as a processor for customer workspace content that customers submit to the platform. This includes translation keys, source strings, target translations, uploaded files, glossaries, style guides, project metadata, comments, screenshots, context, translation memories, tenant rules, and tenant customizations.
Customers are responsible for deciding what customer content they submit to LokAI and for ensuring that they have the necessary rights and notices for that content.
2. Personal data we collect
Section titled “2. Personal data we collect”We may collect the following categories of personal data.
| Category | Examples |
|---|---|
| Account data | Name, email address, organization name, role, workspace membership, authentication identifiers, account preferences |
| Customer content | Translation keys, source strings, target translations, glossaries, style guides, project files, comments, screenshots, tenant customization rules |
| Technical data | IP address, browser and device data, request logs, API logs, audit logs, security events, error reports |
| Usage data | Pages visited, actions taken in the product, feature usage, workflow events, performance data |
| Communications | Support requests, sales inquiries, feedback, survey answers, email preferences |
| Billing and commercial data | Billing contacts, invoice metadata, tax information, plan information, payment status |
We do not intentionally collect special categories of personal data, such as health information, religious beliefs, biometric data, or government identification numbers. Customers should avoid submitting sensitive personal data to LokAI unless their own legal basis and security requirements allow it.
3. How we use personal data
Section titled “3. How we use personal data”We use personal data to:
- provide, maintain, and secure LokAI;
- authenticate users and manage sessions, workspaces, roles, and permissions;
- process localization workflows, imports, exports, translations, reviews, and tenant customizations;
- provide API, CLI, and integration functionality;
- deliver customer support and service communications;
- monitor reliability, errors, abuse, fraud, and security risks;
- understand product usage and improve the platform;
- send product or marketing communications where permitted;
- comply with legal obligations and enforce our agreements.
4. Customer content and AI processing
Section titled “4. Customer content and AI processing”LokAI uses AI providers to support workflows such as translation, review, terminology application, style-guide enforcement, quality checks, and tenant customization.
When an AI job is requested, LokAI may send the minimum relevant customer content to the selected provider or model configuration. This may include source strings, existing translations, glossary entries, style-guide rules, tenant instructions, project context, file metadata, and prompt instructions needed to complete the job.
AI data handling depends on the selected provider and model configuration. Some AI paths may support zero-data-retention or equivalent enterprise controls. Others may apply standard provider retention for abuse monitoring, security, or service operation. LokAI will maintain provider-level disclosures so customers can understand whether a model path is zero-data-retention, no-training-by-default, or subject to standard provider retention before using it for AI jobs.
LokAI will not sell customer content. LokAI will not intentionally use customer content to train a shared LokAI model or authorize third-party model training unless the customer has selected or agreed to a provider, model, feature, or contract term that permits that processing.
5. Legal bases
Section titled “5. Legal bases”Where the GDPR or similar laws apply, we process personal data under the following legal bases:
| Legal basis | Examples |
|---|---|
| Contract | Creating accounts, providing Studio/API/CLI access, processing workspace content, support |
| Legitimate interests | Security, abuse prevention, service reliability, product analytics, internal administration |
| Consent | Optional marketing, non-essential cookies where required, optional feedback or research features |
| Legal obligation | Tax, accounting, compliance, lawful requests |
| Pre-contractual steps | Responding to sales inquiries, demos, procurement, and onboarding requests |
6. Sharing and subprocessors
Section titled “6. Sharing and subprocessors”We share personal data only when needed to provide LokAI, comply with law, protect rights or security, or complete a business transaction such as a merger, acquisition, financing, or sale of assets.
We use service providers and subprocessors to operate the platform. The list below reflects the current architecture and may change as the platform evolves.
| Subprocessor | Purpose | Data categories |
|---|---|---|
| Supabase | PostgreSQL database, authentication, auth email hooks | Account data, authentication data, customer content, technical data |
| Deno Deploy | Hosting for Deno services such as API and email service | Request data, technical data, customer content processed by API/email routes |
| Cloudflare Pages | Static hosting and delivery for documentation and marketing sites | Website visitor technical data |
| Sentry | Error monitoring and diagnostics | Error reports, technical data, limited request context after filtering |
| PostHog | Product analytics when enabled | Usage data, device/browser data, account or workspace identifiers after identification |
| OpenAI | Optional AI translation, review, and related AI jobs | Customer content and prompt context submitted for selected AI jobs |
| Anthropic | Optional AI translation, review, and related AI jobs | Customer content and prompt context submitted for selected AI jobs |
| Resend | Transactional email delivery when selected | Email address, message metadata, transactional email content |
| Mailjet | Transactional email delivery when selected | Email address, message metadata, transactional email content |
| Loops | Transactional or lifecycle email delivery when selected | Email address, message metadata, template variables |
| GitHub | Source hosting and repository integrations | Repository metadata, integration metadata, pull request or file data when connected |
| Web3Forms | Website contact form processing when enabled | Contact details and message content submitted through the form |
We do not sell personal data.
7. International transfers
Section titled “7. International transfers”LokAI may process personal data in countries other than the country where you are located. Where personal data is transferred outside the European Economic Area, United Kingdom, or Switzerland, we will use appropriate safeguards, such as adequacy decisions, Standard Contractual Clauses, Data Privacy Framework participation where applicable, or equivalent legal mechanisms.
8. Retention
Section titled “8. Retention”We retain personal data only for as long as necessary for the purposes described in this policy.
Customer content is retained while the relevant workspace or account remains active. After workspace or account deletion, LokAI will delete or anonymize customer content within 90 days, unless retention is required for legal obligations, security, dispute resolution, backups, or another legitimate business need.
Backups may retain data for a limited period after deletion before they are overwritten according to our backup lifecycle. Billing, tax, audit, and security records may be kept for longer where required or permitted by law.
9. Security
Section titled “9. Security”We use technical and organizational measures designed to protect personal data, including access controls, authentication, least-privilege permissions, encryption where appropriate, logging, monitoring, backups, dependency updates, and security review of critical workflows.
No online service can guarantee perfect security. If we become aware of a personal data breach, we will investigate and notify affected customers or authorities where required by law.
10. Cookies and browser storage
Section titled “10. Cookies and browser storage”LokAI uses cookies and browser storage to operate the product, remember preferences, authenticate users, improve reliability, and understand usage. Some items are set only when the related product, site, or feature is enabled.
| Name or pattern | Type | Purpose | Duration |
|---|---|---|---|
sidebar_state | Cookie | Remembers whether the application sidebar is expanded or collapsed | 7 days |
sb-* | Local storage or session storage | Stores Supabase authentication session data, depending on the user’s remember-me choice | Until sign-out, session end, or browser cleanup |
lokai-auth-persistence | Local storage | Remembers whether the user chose persistent or session-only authentication | Until changed, sign-out cleanup, or browser cleanup |
lokai-theme-preference | Local storage | Remembers light, dark, or system theme preference | Until changed or browser cleanup |
lokai-user-cache | Local storage | Caches the authenticated user profile for faster loading | Until sign-out, refresh, or browser cleanup |
lokai-workspace-cache | Local storage | Caches workspace list and active workspace metadata | Until sign-out, refresh, or browser cleanup |
lokai-active-workspace-id | Local storage | Remembers the active workspace | Until changed, sign-out, or browser cleanup |
lokai-workspace-languages-* | Local storage | Caches workspace language metadata | Until workspace cache cleanup or browser cleanup |
lokai-projects-cache-* | Local storage | Caches project lists per workspace | Until workspace/project cache cleanup or browser cleanup |
redirectUrl | Session storage | Remembers the page to return to after sign-in | Current browser session |
lokai.activation.token | Session storage | Temporarily stores account activation redirect state | Current browser session or until consumed |
ph_* or PostHog-managed storage | Cookie, local storage, or session storage | Product and documentation analytics when PostHog is enabled in production | Managed by PostHog configuration and user opt-out state |
The documentation and marketing sites load PostHog only in production when PUBLIC_POSTHOG_KEY is
configured. The product analytics client is configured to respect the browser Do Not Track setting.
The documentation site may load fonts from Google Fonts. This does not set a LokAI cookie, but it does cause the browser to request font resources from Google-operated domains.
11. Your rights
Section titled “11. Your rights”Depending on your location, you may have the right to access, correct, delete, export, restrict, or object to the processing of your personal data. You may also have the right to withdraw consent where processing is based on consent and to lodge a complaint with a data protection authority.
To exercise your rights, contact [email protected]. We may need to verify your identity before completing a request. If your request concerns customer content controlled by one of our customers, we may direct you to that customer or process the request according to that customer’s instructions.
12. Children
Section titled “12. Children”LokAI is not intended for children. We do not knowingly collect personal data from children under 16, or a higher age where local law requires it. If you believe a child has provided personal data to LokAI, contact us so we can take appropriate action.
13. Changes to this policy
Section titled “13. Changes to this policy”We may update this Privacy Policy from time to time. If changes materially affect your rights or how we process personal data, we will provide appropriate notice, such as by updating this page, emailing account contacts, or notifying users in the product.
14. Contact
Section titled “14. Contact”Privacy contact: [email protected]
Legal entity: [LEGAL ENTITY NAME]
Registered address: [REGISTERED ADDRESS]