Poplingo Privacy Policy

This Privacy Policy applies to the Poplingo website, browser extension, redemption pages, authorization activation/verification/device management APIs, Poplingo-hosted translation APIs, and directly related support pages and communication scenarios.

In this Policy, "we" or "Poplingo" refers to the Poplingo product operator and personal information controller, LeoKu. You can contact us via our website at https://poplingo.leoku.dev or via email at support@mail.leoku.dev.

We will follow the principles of legality, fairness, necessity, and good faith, processing personal information only to the extent necessary to deliver product features, ensure service security, and complete licensing and support. We strive to explain our rules using clear and understandable language.

If you use third-party AI Providers, visit browser extension stores, use payment services, employ browser sync services, or navigate to other websites through Poplingo, this Policy does not replace those third parties' privacy rules. You should independently read and decide whether to accept them.

The information we process varies depending on the feature paths you use. The descriptions below are based on our current product design and code implementation, covering the main data categories involved in the website, extension, local storage, redemptions, authorizations, and translation requests.

Not every Poplingo usage scenario will trigger all the processing described below; however, when you use the corresponding features, the relevant information may be processed locally, forwarded via our website APIs, or sent to the third-party Provider or Poplingo-hosted service you have selected.

We generally obtain information in three ways: provided directly by you, automatically generated by browsers/devices, and returned by third parties directly related to service operations.

We process the above information primarily to fulfill your requests for translation, authorization, redemption, verification, device management, and support services, to maintain a consistent local and cross-device experience, to ensure product security and stability, and to improve product performance when necessary. Processing methods generally include local browser processing, forwarding via website APIs, relying on infrastructure from entrusted processors, and, when actively chosen by you, sending data to third-party Providers.

Under the framework of mainland China regulations, the legal bases for processing usually include: necessity for the conclusion or performance of a contract to which you are a party; necessity for the performance of statutory duties or obligations; necessity for responding to public health emergencies or protecting the life, health, and property of natural persons in emergencies; processing personal information disclosed by you or legally disclosed elsewhere within a reasonable scope; and obtaining your consent or other circumstances permitted by laws and regulations.

Poplingo does not currently use personal information for purely automated decision-making that produces legal effects or similar significant impacts on you. Quota limits, authorization states, risk validations, or rate limiting outcomes act more as service operating condition controls than independent rulings on your personal rights.

Poplingo currently features three primary translation routes. The first is local browser translation: when you use the browser's built-in translation, the text is generally processed using local capabilities provided by the browser, requiring no extra third-party AI Provider credentials. The second is third-party Providers: when you actively choose a Provider or input a custom OpenAI-compatible API, text content, necessary context, and target language info related to your request may be sent to their endpoints. The third is the Poplingo-hosted route: when you use Poplingo-hosted translation APIs, free quotas, post-authorization translations, or "Smart Model" features, the requests are first sent to Poplingo's website/APIs and proxy routes.

For the third-party Provider route, terms, privacy policies, billing rules, data storage locations, regional compliance, and security measures are primarily determined by that Provider. For the Poplingo-hosted route, we may use underlying model providers, hosting services, log/monitoring vendors, CDNs, or risk control providers to process data on our behalf. You should make prudent choices based on data sensitivity, your industry requirements, cross-border risks, and cost expectations.

The Poplingo extension uses the browser's local storage and sync storage. Based on current implementations, target languages, themes, Provider configurations, custom Prompts, certain shortcuts, and feature toggles are typically saved in sync storage; translation caches, Popup history, window positions, device IDs, authorization data, and analytics opt-out states are typically saved in local storage. If browser synchronization is enabled, information in sync storage may be transmitted or stored via your browser vendor's sync services.

The extension currently requests browser permissions including storage, contextMenus, declarativeNetRequest, downloads, alarms, tabs, and <all_urls> site access. These permissions are respectively used to save configs/caches, create context menus, coordinate page translation flows, download related files, schedule authorization checks, handle tab context, and access page content when you actively use features.

The website uses language preference cookies and localStorage to maintain site language consistency across pages and visits. Based on current implementations, the language preference cookie is stored for about 1 year.

The website also integrates Vercel Web Analytics. According to the vendor's public documentation, its analytics are cookie-less and aggregate/anonymize page visits, referrers, rough regions, browsers, and device information. Meanwhile, in analytics-enabled versions, the extension may send product analytics events to PostHog. These events are currently designed to avoid including full page body text or complete translations, but they may still contain technical metrics like feature usage, browser/system info, Provider types, error types, and token usage.

We will only share personal information to the extent necessary to achieve the purposes outlined in this Policy. Major scenarios include: third-party AI Providers you actively select and use; entrusted processors providing hosting, edge network, logging, monitoring, site analytics, risk control, authorization, redemption, customer support, or payment verification services on our behalf; APIs called to complete license activation, verification, device management, redemption, or refunds; and when necessary to comply with legal requirements, handle disputes, or protect the safety of the product, users, and the public.

If we entrust a third party to process personal information, we will commercially and reasonably require them to process the data according to the agreed purposes, durations, and methods, and to adopt necessary security measures. In the event of a merger, division, restructuring, asset transfer, or other situations that may cause a change in the personal information controller, we will inform you of the receiving party's name and contact information as required by law. If we need to provide personal information to other controllers or make a public disclosure, we will notify you separately and obtain your consent in accordance with applicable laws, unless otherwise provided by laws and regulations.

Because you may actively select an offshore third-party AI Provider, and our website hosting, analytics, logging, or hosted translation routes may also involve infrastructure in different countries or regions, the relevant information may be transferred to jurisdictions outside your region.

For users in mainland China, these scenarios may constitute providing personal information abroad or having personal information processed by offshore recipients. Different countries and regions have varying personal information protection requirements, and offshore recipients' processing rules, storage locations, retention periods, and rights response mechanisms may also differ.

To the extent required by applicable law, we will attempt to mitigate risks through minimal disclosure, access controls, transport encryption, contractual arrangements, and necessary notices. If you wish to understand our cross-border processing details within the scope we can reasonably provide, you may contact us via our website at https://poplingo.leoku.dev or via email at support@mail.leoku.dev.

Different categories of data have different retention periods. Based on current implementations, website language preference cookies are typically saved for about 1 year; language preferences in website localStorage are kept continuously until you clear browser site data. Data in the extension's local/sync storage is usually kept continuously until you actively clear it, reset settings, overwrite it, disable browser sync, uninstall the extension, or remove it through subsequent features.

Local data such as translation caches, Popup history, Provider configurations, Prompts, custom settings, device IDs, authorization states, and window positions will change as you reset, clear caches, reinstall the browser, log out devices, or uninstall the extension. Redemption records, support communications, payment verification materials, authorization verification logs, and rate-limit/security logs are retained for the period necessary to complete services, handle disputes, prevent fraud/risks, audit, and fulfill legal obligations, with specific durations varying by scenario.

Certain information is necessary to provide the corresponding services to you. For example, if you do not provide an email to receive a license key, we cannot send you the authorization via the redemption flow; if you do not provide the authorization info needed for activation, we cannot verify device access rights; if you do not provide valid credentials to your selected third-party Provider, you will not be able to complete requests via that Provider route.

According to applicable rules such as the Personal Information Protection Law, you generally have the right to know, make decisions about, limit, or refuse the processing of your personal information by others, as well as the right to access, copy, correct, supplement, or delete your personal information. For data saved purely locally in your browser or extension, the most direct control method is typically for you to delete local data, clear caches, reset settings, disable sync, or uninstall the extension.

For data processed and saved server-side by us or on our behalf—such as redemption emails, authorization verification records, support logs, website analytics, or necessary security logs—you can submit requests to us through support channels to access, copy, correct, supplement, delete, explain rules, withdraw consent, or make other requests. To protect account and authorization security, we may require you to provide additional information to verify your identity.

If we cannot reasonably link a specific request to you, or if the data is only saved on your local device and outside our identifiable scope, we may not be able to complete the request independently or may require additional identifying information first. We will process your requests within the time limits required by applicable law and inform you of the results, limitations, or reasons for refusal.

Poplingo is not an independently designed product for minors. If you are a minor under the age of 14, you should use the service under the consent and guidance of a guardian.

If we are aware that we are processing the personal information of minors under the age of 14, we will take stricter protection measures as required by applicable law and strive to require guardians to consent to or participate in the processing decisions.

We may update this Privacy Policy as product capabilities, authorization methods, third-party dependencies, hosting architectures, or compliance requirements evolve. The updated version will be published on the relevant website pages, with the update time shown on the page serving as a reference.

If the changes substantially affect your personal information rights, we will attempt to notify you more prominently.

If you have questions about this Policy or wish to make requests regarding your personal information processing, you can contact us via our website at https://poplingo.leoku.dev or via email at support@mail.leoku.dev.