Overview
This Privacy Notice for Into23 Limited ("we", "us", or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you: visit our website at into23.com or any website of ours that links to this Privacy Notice, including our Into23 Workspace platform; use our Translation, Localization, and AI Data Services; engage with us in other related ways, including sales, marketing, or events.
Into23 is a global Language Solutions Provider specializing in AI-powered translation, localization, and AI data services. We empower businesses to expand internationally by delivering multilingual content solutions and high-quality AI data services.
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at info@into23.com.
1. What Information Do We Collect?
Personal Information You Provide to Us
We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us. The personal information we collect may include: names, phone numbers, email addresses, mailing addresses, contact preferences, billing addresses, job titles, and company names. This information is collected through contact forms, quote requests, resource downloads, case study inquiries, and direct communications.
Information Automatically Collected
When you visit, use, or navigate our Services, we automatically collect certain information that does not reveal your specific identity but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes. Like many businesses, we also collect information through cookies and similar technologies.
The information we collect includes: • Log and Usage Data: service-related, diagnostic, usage, and performance information our servers automatically collect • Device Data: information about your computer, phone, tablet, or other device you use to access the Services • Location Data: information about your device's location, which can be either precise or imprecise • Cookie Data: identifiers and tracking information stored on your device
Information from Third-Party Integrations
Our Services integrate with various third-party platforms and services to enhance functionality and provide you with better experiences. These integrations may collect and process data as follows:
• Supabase: Collects authentication tokens and session data for secure access to your account and stored files • SendGrid: Processes email addresses and communication preferences for transactional and marketing emails • Google Sheets API: Logs form submissions and lead information for internal tracking and follow-up • Google Analytics: Tracks usage patterns, page views, and user interactions to understand site performance • AI Services (OpenAI, Google Gemini, Anthropic Claude, Perplexity): Process content you submit for translation, evaluation, or analysis through our Into23 Workspace platform • Stripe: Processes payment information for transactions (if applicable)
2. How Do We Use Your Information?
We process your personal information for a variety of reasons, depending on how you interact with our Services:
• To deliver and facilitate delivery of services to the user • To respond to user inquiries and offer support • To send administrative information and updates • To fulfill and manage your orders and quote requests • To enable user-to-user communications • To protect our Services and prevent fraud • To comply with our legal obligations • To analyze usage patterns and improve our Services • To send marketing communications (with your consent) • To process payments and manage billing • To conduct AI training, evaluation, and quality assurance on content you submit (with explicit data processing agreements ensuring your data is never used for model training) • To generate analytics reports and insights about our Services
3. What Legal Bases Do We Rely On?
If you are located in the EU or UK, this section applies to you. The GDPR and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. We may rely on the following legal bases:
• Consent: we may process your information if you have given us permission • Performance of a Contract: we may process your personal information when necessary to fulfill our contractual obligations • Legitimate Interests: we may process your information when reasonably necessary to achieve our legitimate business interests • Legal Obligations: we may process your information where necessary for compliance with our legal obligations • Vital Interests: we may process your information to protect the vital interests of you or others
If you are located in Canada, we may process your information if you have given us specific permission to use your personal information for a specific purpose, or in certain other situations where permitted or required by applicable law.
4. When and With Whom Do We Share Your Personal Information?
We may need to share your personal information in the following situations:
• Business Transfers: in connection with any merger, sale of company assets, financing, or acquisition • Affiliates: we may share your information with our affiliates • Business Partners: we may share your information with our business partners, including: - AI service providers (OpenAI, Google, Anthropic, Perplexity) who process content on our behalf under strict data processing agreements - Custom.MT for machine translation engine training and optimization - Supabase for secure data storage and authentication • Service Providers: third-party service providers who perform services for us, such as: - SendGrid for email delivery - Google Sheets for lead logging and CRM - Google Analytics for usage analytics - Stripe for payment processing - Hosting providers and infrastructure partners • Legal Requirements: when required by law or to protect our rights
We do not sell your personal information. We do not share your personal information with third parties for their direct marketing purposes. All third-party processors are bound by data processing agreements that ensure your information is handled securely and only for specified purposes.
5. Cookies and Tracking Technologies
We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions. We also permit third parties and service providers to use online tracking technologies on our Services for analytics and advertising.
You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of this site may become inaccessible or not function properly.
For detailed information about the cookies we use, their purposes, and how to manage them, please visit our Cookie Policy at /cookies.
6. Artificial Intelligence-Based Products and Data Processing
AI Technologies Used
As part of our Services, we offer products and features that incorporate artificial intelligence and machine learning technologies, including our Into23 Workspace platform and AI-powered translation services. Our Services utilize various MT (Machine Translation) and LLM (Large Language Model) engines, including but not limited to:
• Google Cloud Translation • DeepL • Microsoft Translator • Amazon Translate • OpenAI GPT-4 and GPT-4o • Anthropic Claude • Google Gemini • Perplexity • Baidu Ernie • Alibaba Qwen • Moonshot Kimi • MiniMax
These engines are used to provide translation, localization, evaluation, and AI data services.
Data Processing Agreements
We maintain explicit data processing agreements with all MT and LLM providers ensuring that client content is never used for model training. When content is sent to these engines through our Into23 Workspace platform, we use enterprise API agreements that contractually prohibit the use of input/output data for training purposes. This is a critical distinction from consumer-grade translation tools, where user inputs may be used to improve models.
Into23 can provide copies of our data processing agreements with each engine provider upon request. All agreements include: • Prohibition on using client data for model training • Data retention and deletion policies • Security and encryption requirements • Compliance with applicable data protection laws (GDPR, CCPA, etc.) • Audit rights and transparency provisions
Custom Machine Translation Engines
Through our partnership with Custom.MT, clients can train custom MT engines using their own bilingual data (minimum 50,000+ segment pairs required). Custom-trained engines produce output that matches your specific terminology, style, and domain vocabulary. Into23 manages this entire process as part of our Enterprise AI Ops tier. Custom training data is handled under separate data processing agreements that ensure your proprietary data remains confidential and is used only for your custom engine.
7. How Long Do We Keep Your Information?
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law.
Our standard data retention policy: • Translation Memory and terminology data: retained indefinitely (as these are valuable assets that improve over time) • Source files and translated deliverables: retained for 12 months after project completion to facilitate revisions and reference • Lead and contact information: retained for 3 years for business continuity and follow-up purposes • Analytics data: retained for 24 months • Consent records: retained for 3 years • Email communications: retained for 2 years
After the retention period, files are securely deleted. We fully customize retention policies based on client requirements. All retention terms are documented in our service agreements, and clients can request early deletion at any time.
Consent data stored in your browser (localStorage) is retained until you clear your browser data or withdraw consent.
8. How Do We Keep Your Information Safe?
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process.
Our security measures include: • All content transmitted to and from Into23 is encrypted in transit (TLS 1.3) and at rest (AES-256) • Our Into23 Workspace platform is hosted on AWS infrastructure with data residency options in APAC • Our MT engine partner Custom.MT holds ISO 27001 certification • Access to client content is restricted on a need-to-know basis, with only assigned linguists and project managers able to view project files • All access is logged and auditable • Regular security audits and penetration testing • Compliance with industry standards and certifications: - ISO 9001 (Quality Management) - ISO 17100 (Translation Services) - ISO 27001 (Information Security) — currently in progress
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
9. Do We Collect Information from Minors?
We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services. If you become aware of any data we may have collected from children under age 18, please contact us at info@into23.com.
10. What Are Your Privacy Rights?
Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.
EU/EEA/UK/Switzerland Rights: If you are located in these regions, you may have the right to: • Request access and obtain a copy of your personal information • Request rectification or erasure ("right to be forgotten") • Restrict the processing of your personal information • Data portability (receive your data in a portable format) • Object to the processing of your personal information • Withdraw your consent at any time • Lodge a complaint with your Member State data protection authority
If you are a resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority. If you are a resident in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
California Residents (CCPA/CPRA): You have the right to: • Know what personal information is collected, used, and shared • Delete personal information collected from you • Opt-out of the sale or sharing of your personal information • Non-discrimination for exercising your CCPA rights • Correct inaccurate personal information • Limit use and disclosure of sensitive personal information
Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time by contacting us at info@into23.com. Withdrawal will not affect the lawfulness of processing before the withdrawal.
11. Do Not Sell My Personal Information (CCPA)
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to direct us not to sell or share their personal information.
Into23's Policy: Into23 does not sell personal information as defined by the CCPA. We do not share personal information with third parties for their direct marketing purposes. However, we do share certain information with service providers who assist us in operating our website and conducting our business, as described in Section 4 above.
If you are a California resident and wish to exercise your rights under the CCPA/CPRA, including the right to opt-out of any potential future sales or sharing of your personal information, please contact us at:
Email: info@into23.com Mailing Address: Into23 Limited Unit 1104, 11/F 29 Austin Road Tsim Sha Tsui, Hong Kong
We will respond to your request within 45 days. You may also designate an authorized agent to make a request on your behalf.
12. Regional Privacy Rights
For residents of the United States, specific state privacy laws may apply, including the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, and Utah Consumer Privacy Act.
For residents of Australia and New Zealand, we handle your personal information in accordance with the Australian Privacy Principles and the New Zealand Privacy Act 2020.
For residents of South Africa, we process your personal information in accordance with the Protection of Personal Information Act (POPIA).
For residents of Singapore, we comply with the Personal Data Protection Act (PDPA).
For residents of China, we comply with the Personal Information Protection Law (PIPL).
For residents of Japan, we comply with the Act on Protection of Personal Information (APPI).
For specific information about your rights under any of these frameworks, please contact us at info@into23.com.
13. Do We Make Updates to This Notice?
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.
14. How Can You Contact Us About This Notice?
If you have questions or comments about this notice, you may email us at info@into23.com or contact us by post at:
Into23 Limited Unit 1104, 11/F 29 Austin Road Tsim Sha Tsui, Hong Kong
For data protection inquiries specific to the EU/UK GDPR, you may also contact our data protection representative.
Response Time: We will respond to your inquiry within 30 days of receipt.
15. How Can You Review, Update, or Delete the Data We Collect from You?
Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information.
To request to review, update, or delete your personal information, please contact us at info@into23.com. We will respond to your request within 30 days. Please note that we may need to verify your identity before processing your request.
You may also manage your cookie preferences at any time by clicking "Cookie Preferences" in the footer of our website.