Privacy Policy

Last updated · May 27, 2026

This Privacy Policy describes how The Soft Fish Inc. ("Soft Fish", "we", "us") collects, uses, and protects information when you use the Soft Fish client portal (the "Service"). By using the Service you agree to the practices described here.

1. Information we collect

Account information. When you sign in we collect the email address you provide. We do not collect or store passwords; authentication is performed using one-time codes.
Documents you upload. Files you upload — including their filenames, file size, content type, and content — are stored to provide the Service to you.
Document metadata. Groups, document names, edited translations, and timestamps you create within the portal.
Session data. A randomly generated session token stored as an HttpOnly cookie, used only to keep you signed in.
Technical data. Standard server logs (IP address, user agent, request timing) generated by our hosting provider for security and reliability.

2. How we use information

To authenticate you and keep you signed in to the portal.
To store, organize, retrieve, translate, and display the documents you upload.
To send transactional emails (such as your one-time login codes).
To diagnose problems, prevent abuse, and improve reliability.

3. Third-party service providers

We use the following providers to operate the Service. Each receives only the information necessary to perform its function:

Cloudflare, Inc. — hosting, content delivery, file storage (R2), and database (D1). Stored data is held in Cloudflare's infrastructure.
Google LLC (Gemini API). When you request a translation, the contents of the relevant document are sent to Google's Gemini API for processing. We do not use customer documents to train models. See Google's API terms.
Resend, Inc. — delivery of transactional emails (one-time login codes).

4. Data retention

We retain account information and uploaded documents for as long as your account remains active. One-time codes are deleted after they are used or expire. Session tokens are deleted when you sign out or after thirty (30) days of inactivity. You may request deletion of your account and associated documents at any time by contacting us.

5. Security

We protect data in transit using HTTPS and at rest using the encryption provided by our infrastructure providers. API credentials and other secrets are encrypted at rest. No system is perfectly secure; please use a strong, unique email-account password and keep your devices secure.

6. Your choices and rights

You may sign out at any time using the menu inside the portal.
You may delete any document from your account at any time. Deletion removes the file from storage and the associated metadata from our database.
You may request a copy of your data, correction of inaccurate data, or deletion of your account by emailing the address below.
Residents of California, the EEA, the UK, and certain other jurisdictions may have additional rights under applicable law (CCPA/CPRA, GDPR, etc.).

7. Children

The Service is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from them.

8. Changes

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date above. Continued use of the Service after changes constitutes acceptance of the updated policy.

9. Contact

For any privacy-related questions or requests, contact us using the information below.

The Soft Fish Inc.

97 E Brokaw Rd., San Jose, CA 95112

Phone: (516) 888-0588

Email: softfish2026@gmail.com

This document is provided as plain-language information about our practices and does not constitute legal advice.