Privacy Policy — Parallang

Executive summary — Data integrity & sovereignty

IP Ownership: Users retain 100% ownership and Intellectual Property rights of any uploaded content and documents.
Zero-Training Policy: We strictly prohibit the use of user-submitted content to train, refine, or improve any machine learning models. All AI processing is conducted through enterprise-tier provider agreements that contractually prohibit the use of customer data for model development.
User-Controlled Retention: Parallang does not perform automated deletion of successfully processed files. Users maintain control over the retention and removal of their completed documents through the dashboard. Documents that fail during processing may be automatically marked as failed and their credits refunded by our system recovery processes.
Financial Isolation: All financial transactions are managed exclusively through a PCI-DSS Level 1 certified payment processor. Parallang does not store, process, or transmit credit card data.

1Statutory Compliance Framework

Parallang is committed to aligning with the following global data protection regulations:

Australia: Privacy Act 1988 and the Australian Privacy Principles (APPs).
European Union & UK: General Data Protection Regulation (GDPR) — we are actively working toward full compliance including Data Processing Agreements with all sub-processors.
United States: California Consumer Privacy Act (CCPA/CPRA) — we honor data deletion and access requests from all users regardless of jurisdiction.

For inquiries regarding our compliance framework or to request a copy of our sub-processor list, contact contact@parallang.com.

2Processing Architecture

Parallang employs a multi-stage automated workflow for document digitalization and translation:

Isolated Processing Infrastructure: Document processing is handled by dedicated, purpose-built services running on isolated container instances within our cloud infrastructure. Each service communicates through encrypted channels, ensuring strict separation of concerns throughout the processing pipeline.
Organizational Isolation: Processing tasks are strictly segregated on a per-organization basis, ensuring that one organization's data is never mixed with another's during processing.
AI Processing Privacy: All AI-powered linguistic processing is conducted through enterprise-tier agreements with our providers. Under these agreements, providers are contractually prohibited from logging, storing, or utilizing document content for their own model development or any purpose beyond fulfilling the immediate processing request.
No Human-in-the-Loop: Parallang personnel do not have access to user document content during normal operations. Staff access to document data occurs only when a user formally initiates a technical support request.

3Infrastructure & Data Residency

Cloud Hosting & Data Residency: Our core infrastructure is hosted within the Asia-Pacific (Sydney) region, ensuring data residency within Australia's borders. This provides alignment with the Australian Privacy Act and low-latency access for users in the Asia-Pacific region.
Database Security: We utilize dedicated, enterprise-grade database clusters with built-in security features including network isolation, authentication enforcement, and encrypted storage volumes.
Provider Certifications: Our cloud and database infrastructure providers maintain SOC 2 Type II and ISO 27001 certifications for their respective platforms. Parallang leverages these certified environments to protect user data, but does not independently hold these certifications at this time.

4Cryptographic Controls & Technical Security

We implement a layered security strategy to safeguard data assets:

Encryption In-Transit: All data transmitted between the user interface and our servers is protected via TLS 1.2/1.3 (Transport Layer Security) protocols, enforced at the infrastructure level through our CDN and load balancer configuration.
Encryption At-Rest: Documents stored in our object storage and database records are encrypted at rest using AES-256 encryption as provided by default by our infrastructure providers. This means all stored data, including documents, metadata, and backups, is encrypted at the storage layer.
Deletion Protocol: When a user deletes a file through the platform interface, a cascading deletion is performed: the document record, all associated page records, version data, and the corresponding binary files in object storage are permanently removed from the active production environment. Standard database backup retention policies from our infrastructure providers may retain residual data for a limited period as part of disaster recovery provisions.

5Data Retention and User Control

Persistence by Choice: Successfully processed documents remain securely stored in your dashboard until you choose to manually remove them. Parallang does not impose automated deletion cycles on completed documents.
Automated Recovery: Documents that encounter technical issues during processing may be automatically marked as “failed” by our system recovery service and associated credits refunded. This is a reliability mechanism and does not affect successfully processed documents.
Backup Retention: Our database provider maintains automated backup snapshots for disaster recovery purposes. Following a user-initiated deletion, residual data in backup snapshots is overwritten as backups naturally rotate per the provider's retention schedule.

6Account Data & Communications

To operate the Parallang service, we collect basic account information when you sign up: your name, email address, and organization name. We also collect limited technical data such as IP address and browser identifiers for security and fraud prevention. Billing identifiers are held by our payment processor (Stripe) and are not stored by Parallang.

We use your registered email address to send two categories of communications:

Service notifications: account confirmation, sign-in links, billing receipts, security alerts, and other messages essential to operating your account. These messages are part of the service and cannot be disabled while your account remains active.
Product news and marketing: feature announcements, product updates, and promotional content. Every such message contains a one-click unsubscribe link, and you may opt out at any time without affecting your account or the underlying service. Unsubscribe requests are honored within 5 business days.

Legal basis: Australian Privacy Act 1988 (APP 6) and Spam Act 2003 (inferred consent through the existing customer relationship); for EU and UK users, GDPR Article 6(1)(b) for service messages and Article 6(1)(f) legitimate interest combined with the PECR soft opt-in for marketing; for US users, disclosure-based consent under CCPA and CAN-SPAM.

7Global User Rights

In alignment with international data protection standards, we provide the following rights to all users regardless of jurisdiction:

Right to Deletion: Users may request the deletion of their account and all associated personal data, including documents, processing history, and account metadata, by contacting contact@parallang.com.
Right to Access: Users may request a summary of the personal data we hold about them.
Document Download: Users may download their processed documents (DOCX format) at any time through the platform interface.
Inquiry & Redress: Privacy-related concerns can be directed to contact@parallang.com. We commit to acknowledging inquiries within 5 business days and resolving them within 15 business days.

8Governing Law and Jurisdiction

This policy is governed by the laws of Queensland, Australia. Any disputes arising from this policy or the use of Parallang services shall be subject to the exclusive jurisdiction of the courts in Brisbane, QLD.