Privacy Policy — Translate Voice
Last updated: May 22, 2026 · Contact: support@nhmedia.online
This Privacy Policy describes how Translate Voice ("the Extension", "we", "us") handles your data when you use our Chrome extension.
TL;DR
- We do NOT record, store, or transmit audio from your microphone.
- We DO send YouTube captions to Azure/Google AI APIs for translation + text-to-speech (processed in-memory, never stored).
- We DO store your email + subscription tier in our database (required for billing).
- We DO NOT sell, share, or use your data for advertising.
Data we collect
1. Account data (when you sign in)
- Email address — from Google OAuth, used as your account identifier.
- Google account ID (
sub claim) — used to authenticate you across devices.
- Subscription tier + billing status — synced from Polar.sh webhooks.
- Browser fingerprint hash — used to prevent abuse (max 3 accounts per browser).
Stored in: MongoDB Atlas (encrypted at rest).
2. Usage data (per session)
- Seconds captured — total audio duration processed today (for quota enforcement).
- Characters translated — total translation tokens used today.
- Characters synthesized — total TTS tokens used today.
Stored in: MongoDB Atlas (aggregated daily counters, no per-video log).
3. Settings (local-only)
- Voice preference (male/female, speed, volume).
- Source language preference.
Stored in: chrome.storage.local (your browser, never sent to us).
Data we DO NOT collect
- Audio from your microphone — never captured.
- Raw audio from YouTube — never recorded.
- Browsing history outside YouTube — no access.
- Personal information beyond email — no name, photo, contacts.
- IP address — not logged in application database (Fly.io may log in transit per their policy).
How we use your data
Translation + TTS
When you play a YouTube video with the extension active:
- The extension reads existing captions from the YouTube player (or transcribes audio via Deepgram if captions are missing).
- Caption text is sent to Azure Translator API (or Google Translate) → returns Vietnamese text.
- Vietnamese text is sent to Azure TTS (or Google Cloud TTS) → returns audio bytes.
- Audio bytes are played in your browser.
Important: Caption text + audio bytes are processed in-memory only. We do NOT log them, store them, or send them to any other party.
Billing
- Polar.sh handles all payment data (card numbers, etc.). We never see your card.
- We receive only: subscription tier name + status (active/canceled) via webhook.
Quota enforcement
- We aggregate daily totals (seconds, characters) to enforce your tier's monthly cap.
- Aggregates are retained for 30 days then deleted.
Third-party services
| Service | Purpose | Data shared |
|---|
| Google OAuth | Sign-in | Email + Google ID |
| Azure Translator API | Translation | Caption text (temporary, not stored by us) |
| Azure TTS / Google Cloud TTS | Voice synthesis | Translated text (temporary, not stored by us) |
| Deepgram | Speech recognition fallback (when no captions) | Audio buffer (temporary, not stored by us) |
| Polar.sh | Billing | Email + tier (we receive webhook callbacks only) |
| MongoDB Atlas | Database | All persistent data above |
| Fly.io | Backend hosting | Logs (request IDs, not payloads) |
Each provider has its own privacy policy. Sensitive payloads (caption text, audio) are not retained by us; what those providers do with the data they process is governed by their respective terms.
Data retention
- Account data: until you delete your account (request via email).
- Usage aggregates: 30 days, then deleted.
- Caption text + audio: never stored, processed in-memory only.
- Logs (Fly.io): 7 days, no payload content.
Your rights (GDPR / CCPA)
You can request:
- Access — copy of all data we have about you.
- Deletion — delete your account + all associated data.
- Export — JSON export of your usage history.
- Correction — fix incorrect data.
Send request to support@nhmedia.online. We respond within 14 days.
Children's privacy
Translate Voice is not intended for users under 13. We do not knowingly collect data from children.
Data security
- All data in transit: HTTPS / TLS 1.2+.
- All data at rest (MongoDB Atlas): AES-256 encryption.
- JWT auth tokens: HMAC-SHA256 signed, 7-day expiry.
- Polar webhook signatures: HMAC-SHA256 verified per Standard Webhooks spec.
Changes to this policy
We will update this page when material changes occur. Previous versions remain available on request.
Contact
Email: support@nhmedia.online