Privacy Policy

This Privacy Notice for Into23 Limited ("we", "us", or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you: • Visit our website at into23.com or any website of ours that links to this Privacy Notice, including our Intone translation management platform • Use our Translation, Localization, and AI Data Services • Engage with us in other related ways, including sales, marketing, or events Into23 is a global Language Solutions Provider specializing in AI-powered translation, localization, and AI data services. We empower businesses to expand internationally by delivering multilingual content solutions and high-quality AI data services. Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected].

Personal Information You Provide to Us We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us. The personal information we collect may include: names, phone numbers, email addresses, mailing addresses, contact preferences, billing addresses, job titles, and company names. Information Automatically Collected When you visit, use, or navigate our Services, we automatically collect certain information that does not reveal your specific identity but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes. Like many businesses, we also collect information through cookies and similar technologies. The information we collect includes: • Log and Usage Data — service-related, diagnostic, usage, and performance information our servers automatically collect • Device Data — information about your computer, phone, tablet, or other device you use to access the Services • Location Data — information about your device's location, which can be either precise or imprecise

We process your personal information for a variety of reasons, depending on how you interact with our Services, including: • To deliver and facilitate delivery of services to the user — We may process your information to provide you with our translation, localization, AI data services, and access to the Intone platform • To respond to user inquiries and offer support — We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service • To send administrative information — We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information • To fulfill and manage your orders — We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services • To enable user-to-user communications — We may process your information if you choose to use any of our offerings that allow for communication with another user • To protect our Services — We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention • To comply with our legal obligations — We may process your information to comply with our legal obligations, respond to legal requests, and exercise, establish, or defend our legal rights

If you are located in the EU or UK, this section applies to you. The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. We may rely on the following legal bases: Consent — We may process your information if you have given us permission to use your personal information for a specific purpose. You can withdraw your consent at any time. Performance of a Contract — We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you. Legitimate Interests — We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. Legal Obligations — We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency. If you are located in Canada, this section applies to you. We may process your information if you have given us specific permission to use your personal information for a specific purpose, or in certain other situations where permitted or required by applicable law.

We may need to share your personal information in the following situations: Business Transfers — We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. Affiliates — We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Notice. Business Partners — We may share your information with our business partners to offer you certain products, services, or promotions. This includes our technology partners such as Custom.MT and MT/LLM engine providers, who process content on our behalf under strict data processing agreements. Service Providers — We may share your information with third-party service providers who perform services for us, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We do not sell your personal information. We do not share your personal information with third parties for their direct marketing purposes.

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions. We also permit third parties and service providers to use online tracking technologies on our Services for analytics and advertising, including to help manage and display advertisements, to tailor advertisements to your interests, or to send abandoned shopping cart reminders (depending on your communication preferences). You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of the Services may become inaccessible or not function properly.

As part of our Services, we offer products and features that incorporate artificial intelligence and machine learning technologies, including our Intone translation management platform and AI-powered translation services. AI Technologies Used — Our Services utilize various MT (Machine Translation) and LLM (Large Language Model) engines, including but not limited to Google Cloud Translation, DeepL, Microsoft Translator, Amazon Translate, OpenAI GPT-4, Anthropic Claude, and Google Gemini. Data Processing Agreements — We maintain explicit data processing agreements with all MT and LLM providers ensuring that client content is never used for model training. When content is sent to these engines through our Intone platform, we use enterprise API agreements that contractually prohibit the use of input/output data for training purposes. This is a critical distinction from consumer-grade translation tools, where user inputs may be used to improve models. Into23 can provide copies of our data processing agreements with each engine provider upon request.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law. Our standard data retention policy retains Translation Memory and terminology data indefinitely (as these are valuable assets that improve over time), while source files and translated deliverables are retained for 12 months after project completion to facilitate revisions and reference. After the retention period, files are securely deleted. We fully customize retention policies based on client requirements. Some clients in regulated industries require longer retention for compliance purposes, while others require immediate deletion after delivery. All retention terms are documented in our service agreements, and clients can request early deletion at any time. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible, then we will securely store your personal information and isolate it from any further processing until deletion is possible.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. All content transmitted to and from Into23 is encrypted in transit (TLS 1.3) and at rest (AES-256). Our Intone platform is hosted on AWS infrastructure with data residency options in APAC. Our MT engine partner Custom.MT holds ISO 27001 certification. Access to client content is restricted on a need-to-know basis — only assigned linguists and project managers can view project files, and all access is logged. Into23 holds ISO 9001 and ISO 17100 certifications, and our ISO 27001 certification is currently in progress. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at [email protected].

Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right to: • Request access and obtain a copy of your personal information • Request rectification or erasure • Restrict the processing of your personal information • Data portability (if applicable) • Object to the processing of your personal information If you are a resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority. If you are a resident in Switzerland, you may contact the Federal Data Protection and Information Commissioner. Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us at [email protected]. Account Information: If you would at any time like to review or change the information in your account or terminate your account, you can contact us using the contact information provided.

For residents of the United States, specific state privacy laws may apply, including the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, and Utah Consumer Privacy Act. For residents of Australia and New Zealand, we handle your personal information in accordance with the Australian Privacy Principles and the New Zealand Privacy Act 2020. For residents of South Africa, we process your personal information in accordance with the Protection of Personal Information Act (POPIA). For residents of Singapore, we comply with the Personal Data Protection Act (PDPA). For residents of China, we comply with the Personal Information Protection Law (PIPL). For residents of Japan, we comply with the Act on Protection of Personal Information (APPI). For specific information about your rights under any of these frameworks, please contact us at [email protected].

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

If you have questions or comments about this notice, you may email us at [email protected] or contact us by post at: Into23 Limited Unit 1104, 11/F 29 Austin Road Tsim Sha Tsui, Hong Kong For data protection inquiries specific to the EU/UK GDPR, you may also contact our data protection representative.

Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. To request to review, update, or delete your personal information, please contact us at [email protected]. We will respond to your request within 30 days.