Privacy Center
Your privacy rights and how we protect your data
Privacy Policy
Last updated: February 2026Overview
aptura.io is a file translation service operated by Martijn Olthuis (Einzelunternehmen) in Germany. We comply with the General Data Protection Regulation (GDPR).
Data Controller: Martijn Olthuis
Leistlinger Straße 37, 30826 Garbsen, Germany
Contact: legal@aptura.io
What We Collect
Account Data
- • Email address
- • Account preferences
Your Files
- • Design files (PSD, PPTX)
- • Extracted text
- • Translated files
Technical Data
- • IP address
- • Browser info
- • Error logs
Files are automatically deleted after 180 days.
How We Use Your Data
Each processing activity has a specific legal basis under GDPR Article 6:
| Processing Activity | Legal Basis | Why |
|---|---|---|
| Account & authentication | Contract (Art. 6(1)(b)) | Required to provide the service |
| File upload & storage | Contract (Art. 6(1)(b)) | Core service you requested |
| AI translation | Contract (Art. 6(1)(b)) | You requested translation |
| Billing via Stripe | Contract (Art. 6(1)(b)) | Process your payments |
| Error logs & bug fixes | Legitimate interest (Art. 6(1)(f)) | Keep the service running |
| Security & fraud prevention | Legitimate interest (Art. 6(1)(f)) | Protect users and service |
We do NOT: Sell your data, use it for advertising, or train AI models on your content.
How We Protect Your Data
Infrastructure
- • Hosted in EU (Frankfurt, Germany)
- • Encrypted at rest (AES-256) and in transit (TLS)
- • Files uploaded via signed URLs — never touch our web server
Access Control
- • Passwordless authentication (no passwords to breach)
- • Secure cookies (httpOnly, SameSite, Secure flags)
- • Organization-level access with admin/member roles
Data Minimization
- • Files auto-deleted after 180 days
- • Only extracted text sent to AI — not your full file
- • IP addresses hashed before storage, never stored raw
Your files are never used to train AI models. AI providers process text transiently with zero data retention.
Found a vulnerability? Contact security@aptura.io
Third-Party Services
Your data may be processed by these providers:
| Service | Purpose | Location |
|---|---|---|
| AWS | Hosting & storage | EU (Frankfurt) |
| Anthropic | AI translation | USA* |
| OpenAI | AI translation | USA* |
| Clerk | Authentication | USA* |
| Stripe | Payments | USA* |
* US services operate under Standard Contractual Clauses (SCCs)
Cookies
We use only essential cookies required for the service:
| Cookie | Purpose | Duration |
|---|---|---|
| __clerk_* | Authentication | Session / 1 year |
| __session | Login state | Session |
No tracking, advertising, or analytics cookies.
Your GDPR Rights
Use the quick actions above or contact legal@aptura.io. We respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority. Our responsible authority is the Landesbeauftragte für den Datenschutz Niedersachsen.
Data Retention
- Files: Deleted after 180 days
- Account data: Kept while account is active
- After deletion: All data removed immediately
Data Processing Agreement
Need a Data Processing Agreement (DPA) for your organization? Contact us at legal@aptura.io and we'll provide one within 2 business days.
This policy complies with GDPR and German data protection law (TDDDG).
