Main menu

Privacy Notice

Your privacy is important to us

Here at Loco we think privacy and data protection should be important to everyone. We won't treat you in any way we'd be unhappy being treated ourselves. We process your personal data fairly, lawfully and transparently, and we only process your data for the express purpose of providing our service to you.

If you have any questions about your privacy on our website or our processing of your data, you can reach our data protection officer (Tim Whitlock) via the contact form or by emailing support at this domain.

EU: General Data Protection Regulation

About half of our customers are in the European Union (as are we for now). Our approach to data protection is modelled closely on the principles of GDPR and we happily comply with our obligations under this law.

This Privacy Notice is designed to be short and easy to read, but of course the 88 pages of EU Regulation 2016/679 are not so short. If you'd like to know more about how we comply with this regulation, please see Loco's compliance with the EU General Data Protection Regulation.

Personal Data we collect, and why

Loco is not the kind of company where you are the product. As a general rule we collect the least amount of personal data we can in order to provide our service. This section explains what personal data we process, why we process it and what you can do to control it.

Anonymous browser information

All visitors to this website have their IP address and basic browser information written to server logs. This logging is an essential part of running a website. It helps us debug problems with our site and monitor security. We don't share our log files with anyone and they are all fully and permanently deleted after three weeks.

It's worth noting that unless you're logged into a Loco account, this information can't be used to personally identify you without additional information. We don't conduct any sneaky "fingerprinting" techniques to further identify individual browsers.

Anonymous analytics data

We use Google Analytics to monitor our web traffic and help us improve our product. None of this data processed by Google contains any personally identifiable information and we are not attempting to track you as an individual. We use analytics to see how we're doing as a company, how busy our servers are getting and which features people seem to use the most.

We use Google's IP Anonymization feature so that your specific IP address is not stored with the analytics data sent to Google.

Data sent from your browser to Google Analytics is safeguarded by Google's own privacy policies. If you dislike this data being sent to Google, you can block Google Analytics completely with this browser add-on. Also check out Privacy Badger.

Note that Google Analytics sets long-lived cookies to establish if a visitor is new. See our separate cookie policy for more information about that.

Account profile data

If you register for a Loco account we'll ask for your email address. This is the only mandatory personal data required to hold a Loco account. We ask for an email address for two reasons: (1) to avoid our site filling up with fake accounts, and (2) so we can contact you with important information about your account. See email contact below for when and why we might send you emails.

Other personal data you enter into your account is optional, like your name, country, language, time-zone and profile picture. Your name doesn't even have to be real unless you make a card payment. You can change this data at any time via the Loco dashboard, and rest assured we are not selling or sharing any of this information.

We keep all data in your account for as long as you want to keep using our service. If you don't log in for a year, we'll mark your account for deletion and send you an email to let you know. If you don't log back in to keep your account, it will be automatically deleted after another month.

All data held in your account (that we are legally allowed to destroy) can be deleted any time you like by closing your account.

Sharing profile data with other users

We limit the amount of personal profile data that other Loco users can see:

  • All profiles are "private" as opposed to being open to the public Internet.
  • Only users granted access to your project teams will see your name and profile picture.
  • Your email address is ONLY visible to the person who originally invited you to Loco. If you change it, they won't see the new one.
  • Your email address is NOT revealed to recipients when we send emails on your behalf. (e.g. when sharing a link or inviting a user).

We plan to offer more precise control over sharing personal information with fellow team members and colleagues, but for now we keep it as private as possible by default.

Content and translation data

If you have a Loco Account you'll undoubtedly be entering or uploading your own content to our servers. While this data isn't "personal" in data protection terms, we recognize it's probably the most valuable data you'll be holding in your account. We treat your translations with the same respect as your personal data, taking appropriate measures to ensure you can always access it, modify it, and delete it - and absolutely not selling or sharing it with anyone.

Please note that by inviting other people to join a translation project, you are asking us to allow those people access to your translation data. The Loco dashboard provides all the tools necessary to prevent others from modifying or deleting this data, but they will always be able to see it once they're a member of your project.

Automatically collected account activity

Any data you enter into Loco yourself can be accessed, modified and deleted, but we also log various events as they happen.

As with anonymous visitors your IP is logged while on our website, but additionally we associate your full IP with the date and time of every log-in and store it in your account for much longer. This serves two main purposes: (1) it's essential for identifying suspicious activity such as an unauthorized person changing your password, and (2) to comply with EU tax regulations which require we verify the location from which you usually use our service.

This data isn't visible in your Loco dashboard, so under your right to be informed we provide a JSON dump of your login history, which requires logging in to your dashboard. This link is available from the privacy tab in your profile settings.

We also log your project activity for the purpose of providing an activity feed to you and your fellow team members. You can access this information in the dashboard, although it can't be modified. This is a core function of the software, but it does not reveal any personal information other than your name and profile picture which you can change at any time.

As with all account data these records are stored until your account is deleted, but can be destroyed any time by closing your account.

Dashboard usage statistics gathering

When logged into your Loco dashboard we continue to use Google Analytics to monitor traffic and feature usage.

This data is not personally identifiable information and will never include your name or email address. However, it may reveal Loco-specific identifiers such as numeric user IDs, or the nickname of your account as it appears in URL paths like<name>. As with logged-out statistics gathering, we use Google's IP Anonymization feature to protect your identity.

Personal data related to payments

If you subscribe to any of Loco's paid services we will store your billing address including postcode and country. This is required for processing payments and also for our tax records. We may have to store some of this data for legal reasons even if you close your account. See our terms of service in relation to this.

All sensitive payment information like credit card numbers is held by our payment providers. We have no access to credit card numbers.

EU customers: Please note that our payment provider Stripe is based in USA, but your rights as EU citizens are protected under the Privacy Shield framework. See the Data Processors section of our GDPR compliance page for more detail.

Single sign-on

Loco uses third party APIs to provide entirely optional single sign-on (SSO) functionality.

Using these SSO service providers via Loco requires you grant us access to your account with the service provider via the provided user flow, ("Connecting") which means we never see your password. We will only retrieve and store the data required to provide you with our service, which includes the same personal data as above, including your name, email address, profile picture, language and regional preferences.

We may also store the access credentials for a given service you've granted. You can revoke these at any time via the service provider and also via your Loco account dashboard. We do not use these access credentials to routinely analyse or profile you. They are only ever used in direct connection to providing the service.

Email correspondence

We understand that the most sensitive piece of personal data we ask for is your email address. We don't like getting spammed either, so when you sign up for Loco we don't subscribe you to any mailing lists. You won't receive any "What's new!" or "Remember us?" type emails unless you explicitly subscribe to such a list. We don't currently operate any, but if we do in future we won't automatically subscribe you.

Our system does send automated emails as part of the service operation. By default you're likely to receive the following types of correspondence from time to time:

  1. Transactional emails: e.g. Account activation, password resets, and email verifications.
  2. Important account notices: e.g. Your credit card expired, or your account has been marked for deletion.
  3. Notification emails: e.g. Being added to a project, or having new translations to work on.

Transactional emails are actioned at your request, so can't be prevented other than by not requesting them. We must always be able to contact you with important information about your account, so these can't be prevented either. Closing your account will stop all emails being sent as we don't retain your email address after your account is deleted.

You can disable some notification emails in your project settings, but others (such as being added to a new project) are not currently mutable. We will be adding more control over email notifications in future.

Email addresses given to us by unauthorized persons

It can happen that someone accidentally registers for Loco with the wrong email address (that isn't theirs). Or it can happen that an existing user invites someone to Loco without having permission to share that person's address with us.

Firstly and most importantly, we don't store a new email address until it has been verified and its owner has been given a chance to read this privacy notice and decide whether or not to activate their account. There are no email addresses in our system that don't belong to someone who explicitly activated an account.

Secondly, and more complicatedly the activation email sent to the new address is effectively unsolicited mail to its unwitting recipient. (We accidentally spammed them). In this instance, the unsubscribe link in the email will allow the owner of this email address to permanently block our system from sending them any emails in future. To achieve this without actually storing their address we store an irreversible hash of it instead.

If we've sent you an email but you've never heard of us, we're sorry; it was an accident. Block your address via the unsubscribe link and it won't happen again.

Transmission of personal data over email

When sending emails we will use our preferred third party sending service Amazon SES. This involves your email address and the contents of the email being passed securely to Amazon for the purpose of delivery.

EU citizens: We have a contract in place with Amazon which guarantees their processing of these emails protects your rights as a direct extension of our guarantees. See the Data Processors section of our GDPR compliance page for more detail.

Destroying your data

Your account can be closed from your Loco dashboard. Please see the help page on closing your account.

If you ask us to close your account, all your data (personal and otherwise) will be removed permanently from all our systems, except for any historical payment information that we (or our service providers) are obliged to keep for tax or legal reasons. See our terms of use for more detail on the data we're legally obliged to retain.

We guarantee to destroy your data as far as legally and physically possible within 30 days. The reality is that most of your data will be wiped from our active system much more quickly than that, often within a few hours.

Securing your data

We set ourselves high standards of security when handling your personal data (and in all aspects of running our service). See our security disclosures for technical detail on how we protect our systems.

Use of cookies

Loco uses cookies, but they are not designed to personally identify you. Please see our full Cookie policy.