Sub-processors

Purpose. Managed Postgres database and authentication.

Data shared. Account information (email, hashed password, display name), usage counters, and translation history (only when a Pro or Team user has opted in to server-side history).

Purpose. AI translation inference via Gemini models.

Data shared. Source text submitted for translation. Requests are sent to Google’s Generative Language API and governed by Google’s API Terms.

Purpose. Audio synthesis for text-to-speech.

Data shared. Target text for audio generation. Same API and terms as the Gemini translation endpoint.

Purpose. Inference routing for one AI model (Meta Llama 3.3 70B). Llama translation requests reach the underlying inference hoster through OpenRouter rather than directly. Swiftin does NOT route Google Gemini, OpenAI, xAI Grok, DeepSeek, or Anthropic Claude through OpenRouter; those are called directly.

Data shared. Source text submitted for translation, the model identifier, and OpenRouter attribution headers (HTTP-Referer, X-Title). OpenRouter forwards the request to the underlying inference provider (see entries below) and proxies the response back.

Purpose. AI translation inference via Claude Haiku 4.5. Called directly to the Anthropic API (api.anthropic.com); not routed through OpenRouter.

Data shared. Source text submitted for translation. Sent directly from Swiftin’s backend to Anthropic and governed by Anthropic’s Commercial Terms.

Purpose. AI translation inference via Llama 3.3 70B. Reached through OpenRouter, hosted on specialized inference hardware (typically Groq LPU, with fallback to Cerebras, Fireworks, or Together AI).

Data shared. Source text submitted for translation. The underlying inference host (Groq, Cerebras, Fireworks, Together AI) acts as a secondary processor.

Purpose. AI translation inference via DeepSeek V4-Flash. Called directly (not routed via OpenRouter).

Data shared. Source text submitted for translation. Governed by DeepSeek’s API terms. DeepSeek auto-caches identical request prefixes within the account; Swiftin does not send any user identifier alongside the text.

Purpose. AI translation inference via xAI Grok (currently grok-4.3), called directly to the xAI API (api.x.ai). Not routed through OpenRouter.

Data shared. Source text submitted for translation. Sent directly from Swiftin’s backend to xAI and governed by xAI’s API terms.

Purpose. AI translation inference via GPT-5 nano. Called directly (not routed via OpenRouter).

Data shared. Source text submitted for translation. Governed by OpenAI’s API Data Usage Policies (zero-retention for API customers).

Purpose. Specialized inference infrastructure operated by third parties and routed to via OpenRouter. Used for Meta Llama 3.3 70B with Groq LPU preferred for speed; Cerebras, Fireworks AI and Together AI act as fallback when Groq is overloaded. Each request reaches exactly one hoster at a time, selected by OpenRouter’s routing logic. The hoster receives only the text and model id; it does not see the Swiftin user identity.

Data shared. Source text submitted for translation, model id, and ephemeral routing metadata. None of these hosters receive Swiftin user accounts, emails, or persistent identifiers.

Purpose. Free translation engine for the Free plan and Lite-mode fallback when AI quota is exhausted.

Data shared. Source text submitted for translation. Called directly from your browser on every path; Swiftin’s servers do not proxy or relay these requests.

Purpose. Free translation engine for the Free plan and Lite-mode fallback when AI quota is exhausted.

Data shared. Source text submitted for translation. Called directly from your browser; Swiftin’s servers do not proxy these requests.

Purpose. Card payment processing as Merchant of Record (handles VAT and tax remittance).

Data shared. Email address, billing address, subscription metadata. Card data is collected by Paddle directly and never reaches Swiftin.

Purpose. Cryptocurrency payment processing.

Data shared. Order amount, plan metadata, and the receiving crypto wallet address for the payment intent.

Purpose. Transactional email delivery (account verification, password resets, team invitations, billing receipts).

Data shared. Recipient email address, email content, and delivery metadata (timestamps, delivery status). Resend does not use this data for its own purposes.

Purpose. Sign-up captcha to prevent automated abuse.

Data shared. Captcha challenge solution and standard browser metadata. No email or password is sent to Cloudflare via Turnstile.

Purpose. Hosting for the Swiftin website and dashboard at swiftin.dev.

Data shared. Standard HTTP request metadata (IP address, User-Agent, URL) for serving the website.

Purpose. Hosting for the Swiftin backend API at api.swiftin.dev.

Data shared. Standard HTTP request metadata (IP address, User-Agent, URL) for serving API requests. Backend operational logs are stored here.

Purpose. Crash and error tracking, used to detect and resolve service-reliability issues (legitimate interest, GDPR Art. 6(1)(f)).

Data shared. Backend (Node/Express) error tracking captures stack traces, error messages, request URL/method, browser/OS metadata, and IP address; request bodies are captured with field-name redaction (password, token, secret, apiKey are replaced with [REDACTED]) and sensitive headers (Authorization, Cookie, payment-webhook signatures) are stripped before transmission. Web (browser) error tracking strips Authorization/Cookie headers; request/response bodies are not captured. Session Replay is enabled on the web dashboard only, at a 10% session sample rate and 100% on errors, with text content masked (maskAllText: true), media blocked (blockAllMedia: true), Supabase auth URLs excluded from network capture, and request/response headers not captured. Replays are kept for 90 days then automatically deleted by Sentry.

Purpose. Product analytics for understanding feature usage. Strictly consent-based: off by default until you accept the cookie banner.

Data shared. Anonymous usage events and page views — only after explicit consent. Individual-user identification is not enabled.