Security of Nani Translate

Nani Translate is developed and operated by Kioku LLC. Protecting your data is a top priority. We continuously review and improve security across design, development, and operations.

Data handling

Translation data (input text and translated output) is not saved to our persistent storage (such as databases). We record usage metrics (token and character counts, etc.) and minimal information for abuse prevention (such as IP addresses for anonymous usage).

Translation history is stored only on your device (browser local storage or the desktop app’s local database).

Even on the Team plan, translation history is not shared between members and is stored independently on each device.

We do not store translation data, and our staff does not view your input or translated output.

Network and infrastructure security

All communications are encrypted with HTTPS (TLS 1.2 or later).

User data we store is encrypted at rest in databases and backups.

Operational security

We continuously scan and monitor the software components we use (such as libraries). If a vulnerability could affect the service, we prioritize updates and fixes.

We use a managed web application firewall (WAF) on key public endpoints to block common attacks and malicious traffic.

Internal system access follows the principle of least privilege and is granted and reviewed based on business need.

AI providers and data transmission

For translation processing and fraud detection, data is sent to Google, OpenAI, and xAI via their APIs.

Each provider explicitly states that data received via their APIs is not used for model training, and we only use services whose policies we have confirmed.

These platforms may temporarily retain data but automatically delete it after a certain period.

Provider data policies
OpenAIGooglexAI

Authentication and access control

User authentication uses Google OAuth 2.0, and our servers never store passwords.

Payment security

Payments are processed by Stripe, a PCI DSS Service Provider Level 1 certified provider. Card details are tokenized by Stripe and do not pass through our servers. Payment details (such as card numbers) are never stored on our servers.

Stripe security

Account and data deletion

Users can delete their accounts at any time. We generally delete user data on our servers, but may retain some data for a limited period for security purposes and fraud prevention.

Related subscriptions are automatically canceled.

Privacy policy