Privacy Policy

What we collect

Manga images you translate

When you trigger a translation, the extension sends the image (or a cropped panel) to our servers for OCR and, on paid tiers, inpainting. The image bytes are processed in memory and are not persisted. Only the OCR result (text positions and decoded characters) and a content hash of the image are cached so subsequent reads of the same page don't re-do the work.

Translation results

Translated text strings are stored in your browser's local extension storage so you can revisit a page offline. A content-addressed copy is also kept in our server-side cache, keyed by image hash, so other readers of the same page see a faster response. The cached copy contains text only — never the source image.

License + account data

If you purchase a paid plan, we store your license key, the email you signed up with, and the subscription state we receive from our payments provider (Polar). For free and trial tiers, we generate an anonymous device identifier and store it in your browser; the server sees only this identifier, never a name or email.

Usage counters

We track how many pages you've translated this week so we can enforce plan quotas. Counters are keyed by your license (paid) or anonymous device identifier (free / trial). They reset every Monday at 00:00 UTC.

Diagnostic data

Our edge servers log standard request metadata (IP address, timestamp, route, response status) for security and abuse prevention. Logs are retained for 30 days and then deleted. We do not run analytics scripts on the marketing site or inside the extension.

How we use it

• To run the translation pipeline (OCR → translation → inpainting).
• To enforce plan quotas and prevent abuse.
• To send you transactional emails about your account (license issuance, billing receipts, subscription changes). We do not send marketing emails.
• To debug crashes and investigate suspected abuse.

We do not train machine-learning models on your images, OCR output, or translations.

Who we share it with

Running the translation pipeline requires sending image and text data to specialized processors. We use the following sub-processors, each governed by their own privacy policies:

• Cloudflare — Workers, KV, D1, R2, Pages. Hosts our API, marketing site, and the OCR/translation cache.
• Modal Labs — GPU containers that run server-side OCR and inpainting on the images you submit. Modal does not persist input images after a request completes.
• OpenRouter — relays the OCR'd text to the LLM you've selected (DeepSeek, Kimi, Claude, GPT, Gemini) for translation.
• Google Cloud Vision — fallback OCR for non-Japanese scripts. We send only the image crop and language hint.
• Polar — handles payments and subscription lifecycle. We receive webhook notifications about subscription state changes; we do not see your card data.

We do not sell your data and do not share it with advertisers. We will disclose data when required by valid legal process and will, where lawful, notify you in advance.

Where it's stored

Server-side data lives on Cloudflare's global network. Cache reads are served from the edge colocation closest to you; persistent data (license, usage counters) lives in Cloudflare's D1 database in their primary region. Modal GPU compute may run in any of Modal's available regions at request time; only data needed for the in-flight request leaves Cloudflare's network.

If you are in the EEA, UK, or another region with data-transfer requirements, you should assume your data may be transferred to and processed in the United States.

How long we keep it

• OCR / translation cache: 90 days, refreshed to 180 days for entries that get repeated reads ("hot" entries).
• Inpainted image cache: 90 days from last access.
• Source images: not stored — see "What we collect" above.
• License + email: for as long as your account is active, plus up to 12 months after cancellation for billing reconciliation.
• Usage counters: rolling 90-day window.
• Edge access logs: 30 days.

Your rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete personal data we hold about you, and to object to certain processing. To exercise any of these rights, email us at support@mangazine.app from the address associated with your license. We will verify your identity, respond within 30 days, and never charge for a routine request.

You can also clear most data without contacting us:

• Local translation history: clearable from the extension popup's "Sign out" / settings controls.
• Subscription: cancel anytime through the billing portal linked from your account page.
• Account deletion: email us; we will purge your license, usage counters, and email within 30 days.

Children

MangaZine is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has signed up, contact us and we'll delete the account.

Security

All API traffic uses TLS. License keys are stored hashed at rest and treated as bearer tokens — anyone with your key can use the service as you, so don't share it. Webhook payloads from Polar are HMAC-validated. We rate-limit public endpoints to make brute-force probing impractical.

No system is perfectly secure. If you discover a vulnerability, please report it to support@mangazine.app.

Changes to this policy

If we materially change this policy, we'll update the effective date at the top and post a notice on the marketing site at least 14 days before the change takes effect. Continued use after the effective date constitutes acceptance.

Contact

Questions about this policy or your data? Email support@mangazine.app.