Privacy Policy

1. Purpose

This Privacy Policy describes how Nativ collects, processes, and protects data provided by users through our plugins, APIs, and services. It applies to all customers and end users.

2. Data Collection and Use

• Nativ does not store or persist customer content by default.

• The only data stored is non-identifiable usage metadata such as:

  • Number of operations

  • Log of sequence of operations

  • File counts

  • Language volumes

  • Processing times

• When a user initiates a task, only the selected content is transmitted to our backend API.

• There is no background syncing or automatic data capture.

3. AI-Powered Processing

Nativ uses artificial intelligence models to provide translation and cultural adaptation services.

• Models used: OpenAI GPT-series and Google Gemini, accessed via their enterprise APIs.

• Data sent to AI providers: Only the specific text or image content selected by the user for translation. No user credentials, personal data, or account information is sent.

• AI provider data retention: Per our agreements with OpenAI and Google, API data is not used for model training and is not retained beyond the processing window.

• No automated decision-making: Nativ does not use AI for profiling, automated decision-making, or any purpose that produces legal or similarly significant effects on individuals.

• Human oversight: All AI outputs are presented to the user for review before being applied. No AI-generated content is published without explicit user action.

4. Sharing and Disclosure of Google User Data

Google User Data We Access

• Content of the cells the user selects in the active Google Sheet where the add-on is invoked.

• Language settings chosen by the user for translation.

• OAuth token needed to call the Google Sheets API for that sheet.

How We Use Google User Data

• We send the selected cell content and language settings over HTTPS to Nativ's backend API and to OpenAI's API to generate translations.

• We write the translated content back into the same Google Sheet.

• We do not use Google user data for advertising, profiling, or any secondary purpose.

• We do not access any other files in Google Drive.

• We only keep Google user data transiently for the time needed to return the translation.

With Whom We Share Google User Data

• We share only with our subprocessors strictly necessary to provide the service:

  • OpenAI, LLC (language model API)

  • Google Cloud Platform (hosting)

  • Supabase (analytics metadata only)

• No sale or transfer of Google user data to any other parties except as required by law.

• All subprocessors are bound by confidentiality and data-security obligations.

User Control

• Data transmission happens only when the user explicitly invokes a translation action.

• Users can revoke Nativ’s access at any time at https://myaccount.google.com/permissions.

• Users can request deletion of any retained metadata by emailing founders@usenativ.com.

5. Data Transmission and Storage

• All data is transmitted over secure HTTPS connections (TLS 1.2 or higher).

• Backend infrastructure is hosted on Google Cloud Platform (GCP), which is ISO 27001, SOC 2, and GDPR compliant.

• Analytics data is stored in Supabase, which is also SOC 2 compliant.

• Nativ does not use customer content for model training, profiling, or any secondary purpose.

6. Data Retention

• Customer content: Not retained after processing unless the user explicitly saves it (e.g., to translation memory).

• Translation memory: Retained until the user deletes it or their account is terminated.

• Usage metadata: Retained for up to 12 months for analytics and billing purposes, then anonymized.

• Authentication logs: Retained for 90 days for security monitoring.

• Account data: Retained for the duration of the account plus 30 days after deletion for recovery purposes.

7. User Consent and Control

• No data is transmitted without explicit user action.

• Plugins only communicate with authorized services: Nativ's backend, OpenAI API, Google Gemini API, Supabase, and GCP infrastructure.

• All processing is initiated by deliberate user input.

• Users may enable multi-factor authentication (MFA) for additional account security. MFA enrollment data is stored encrypted and managed by our authentication provider (Supabase Auth).

• Organizations may configure single sign-on (SSO) via SAML 2.0. SSO metadata is stored encrypted and is used solely for authentication purposes.

• Organizations may enforce MFA and/or SSO for all team members.

8. Third-party Processors

• Nativ uses third-party subprocessors to provide our services. A complete list including their purpose, location, and compliance certifications is maintained at usenativ.com/subprocessors.

• All subprocessors are compliant with GDPR, CCPA, and SOC 2. Nativ will notify customers of material changes to the subprocessor list.

9. International Data Transfers

Nativ's infrastructure is hosted on Google Cloud Platform in the United States. If you are located outside the United States, your data will be transferred to and processed in the US. We rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission.

• Our subprocessors' compliance certifications (SOC 2, ISO 27001).

• Our Data Processing Agreement (available on request).

10. Data Subject Rights

Under GDPR, CCPA, and other applicable data protection laws, you have the right to:

• Access - Request a copy of all personal data we hold about you.

• Rectification - Request correction of inaccurate personal data.

• Erasure - Request deletion of your personal data ("right to be forgotten").

• Portability - Receive your data in a structured, machine-readable format.

• Restriction - Request that we limit processing of your personal data.

• Objection - Object to processing based on legitimate interests or direct marketing.

How to submit a request:

• Email: founders@usenativ.com

• Subject line: "Data Subject Request - [Access/Deletion/Portability/Other]"

Process:

• We will acknowledge your request within 3 business days.

• We will verify your identity before processing the request.

• Requests will be fulfilled within 30 calendar days.

• If an extension is needed (up to 60 additional days for complex requests), we will notify you within the initial 30-day period with an explanation.

CCPA-specific provisions: Nativ does not sell personal information. Nativ does not share personal information for cross-context behavioral advertising. Nativ will not discriminate against consumers who exercise their rights.

11. Contact

Privacy Officer
Nativ Technologies, Inc.
1111B S Governors Ave, #23499
Dover, DE 19904
Email: founders@usenativ.com