Cirrus Translate Logo

Privacy Policy

Last Updated: January 11, 2026

1. Introduction

Cirrus Inc. ("Cirrus," "we," "us," or "our") operates the CirrusTranslate platform, an enterprise American Sign Language (ASL) translation service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy regulations.

2. Information We Collect

2.1 Account Information

  • Name and email address
  • Organization name and role
  • Authentication credentials (encrypted)
  • Multi-factor authentication data

2.2 Content You Upload

  • Video files for ASL translation
  • Audio files and documents
  • Translated content and outputs
  • Project metadata and annotations

2.3 Usage Data

  • Log data (IP address, browser type, access times)
  • Feature usage and interaction patterns
  • Error reports and performance data

2.4 Technical Data

  • Device information and browser type
  • Session identifiers and cookies
  • API access logs

3. How We Use Your Information

We process your personal data based on the following legal bases:

3.1 Contract Performance

  • Providing and maintaining the platform
  • Processing translation jobs
  • Managing user accounts and organizations
  • Customer support and communication

3.2 Legitimate Interests

  • Platform security and fraud prevention
  • Service improvement and analytics
  • Audit logging and compliance

3.3 Legal Obligations

  • Compliance with applicable laws
  • Responding to legal requests
  • SOC 2 and security compliance

4. Data Retention

We retain your data for the following periods:

  • Account data: Duration of account plus 30 days after deletion
  • Project content: As specified in your organization's retention policy
  • Audit logs: 90 days (standard) or as required by compliance
  • Security logs: 1 year for incident investigation

5. Data Sharing

We do not sell your personal data. We may share data with:

5.1 Service Providers

  • Cloud infrastructure (DigitalOcean - US)
  • Email services (Postmark - US)
  • GPU processing (RunPod - US)
  • Error monitoring (as configured)

5.2 Within Your Organization

Project data is shared within your organization based on role-based access controls. Organization administrators can manage member access.

5.3 Legal Requirements

We may disclose data if required by law, court order, or to protect our rights and safety.

6. Your Rights

Depending on your location, you may have the following rights:

6.1 GDPR Rights (EU/EEA)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion ("right to be forgotten")
  • Portability: Receive data in machine-readable format
  • Objection: Object to certain processing activities
  • Restriction: Limit how we use your data

6.2 CCPA Rights (California)

  • Right to know what data we collect
  • Right to delete personal information
  • Right to opt-out of data sales (we do not sell data)
  • Right to non-discrimination

To exercise these rights, contact us at [email protected]

7. Security Measures

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Multi-factor authentication
  • Role-based access control
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance program
  • Immutable audit logging
  • Automated threat detection

8. International Data Transfers

Our services are hosted in the United States. If you access our platform from outside the US, your data will be transferred to and processed in the US. We use Standard Contractual Clauses (SCCs) and other appropriate safeguards for international transfers.

9. Cookies and Tracking

We use essential cookies for:

  • Authentication and session management
  • Security (CSRF protection)
  • User preferences

We do not use advertising or third-party tracking cookies.

10. Children's Privacy

Our platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or platform notification. Continued use after changes constitutes acceptance.

12. Contact Us

For privacy-related inquiries:

EU residents may also lodge a complaint with their local data protection authority.

Terms of ServiceData Processing AgreementSign In