Privacy Policy

Effective Date: August 3, 2025

Thank you for choosing Accentless. This Privacy Policy explains how the Accentless browser extension and related services (“Accentless”, or “the Service”) collect, use, share, and protect your personal information. “We”, “us”, and “our” refer to Thinking Bytes, the company operating Accentless. We are committed to safeguarding your privacy and ensuring we comply with all applicable data protection laws, including the UK and EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), among others. By using the Accentless extension or our website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

Information We Collect

We collect various types of information to provide and improve our Service. This includes:

Account Information: If you create an Accentless account or purchase a subscription, we collect your email address and a user identifier from our authentication provider (Auth0). This information allows us to identify and authenticate you as a user. In our database, we store your Auth0 user ID (a unique string) and your email address. We may also record timestamps of account creation and updates for administrative purposes.
Payment Information: For paid subscribers, we use Stripe to handle payments. When you subscribe, Stripe processes your payment details (such as credit card information) directly — we do not receive or store your full credit card number or billing address on our servers. We do receive from Stripe certain transactional details necessary for managing your subscription: for example, a Stripe customer ID linked to your account, your subscription plan and status, payment confirmations, and relevant IDs for billing sessions. We also record your Accentless license key and its status (active, canceled, etc.) to manage your access to the Service.
User Preferences: The Accentless extension stores certain preferences in your browser using Chrome's storage facilities. This may include your chosen target language for conversions, whether you have completed the onboarding tutorial, and any API keys or Accentless license keys you provide. These preferences are stored on your own device (and synchronized across devices via Chrome Sync if that is enabled) for your convenience. For instance, if you opt to “Bring Your Own Key” (BYOK) by providing a personal OpenAI API key, that key is stored securely in your browser's storage so that the extension can use it for conversions. Similarly, if you have a subscription license key, it is stored to enable the extension's features. We do not transmit your personal API key or saved preferences to our servers unless it is necessary for providing the service (for example, verifying a license key's validity with our backend).
Selected Text (User Content): When you use the extension to convert text, the actual text you select is sent to our AI conversion service (which uses OpenAI's API) to generate the output with proper accents/diacritics. We do not permanently store the text you submit for conversion. The text is processed in memory and immediately discarded once the AI returns the converted result, as part of our “zero data retention” commitment:contentReference[oaicite:0]{index=0}. In other words, we do not keep logs of the content of your text. (See the Data Retention section below for more details and exceptions.)
Usage Metrics: We record basic usage data related to the conversion requests for operational and billing purposes. This includes metrics like the number of characters or tokens processed, the model used to perform the conversion, timestamps of requests, and the outcome (e.g., success or error). For example, our system may log that a particular license key used 500 prompt tokens and 510 completion tokens with a certain model at a given time. These usage records help us monitor service usage (to enforce fair use limits under our plans, and to generate aggregate statistics for internal analysis). Importantly, these logs do not contain the actual text that you converted - only counts and technical details.
Device and Browser Information: When you interact with the Service, we may receive basic technical information automatically. This can include your browser type and version, operating system, and general device information. The Accentless extension may also record what version of the extension you are using. We use this information solely to ensure compatibility and maintain a smooth user experience (for instance, knowing which browser version helps us debug issues). We do not collect your browsing history or track which websites you visit with the extension installed, aside from the interactions specifically related to using Accentless (such as clicking the “Convert” menu item).
Website Analytics Data: If you visit our marketing website (accentless.app), we use Google Analytics to collect anonymized visitor information. This may include data such as how you arrived at our site, which pages you viewed, the date and time of your visit, and your general region. Google Analytics works through cookies and similar technologies. The data collected through Google Analytics is aggregated and does not identify you personally. For example, we might see that a certain percentage of visitors came from a search engine, or that the FAQ page is viewed X times per day. We use this information to improve our website's content and usability. You can opt out of Google Analytics by using a browser extension or enabling Do Not Track in your browser settings. Our site respects such signals to the extent possible.

Browser Extension Permissions and Data Access

The Accentless Chrome Extension requires certain permissions in your browser, which are used strictly to provide the extension's functionality. Here is a list of permissions we request and how we use them:

“activeTab” Permission: This allows the extension to interact with the current active browser tab, but only when you invoke the extension. We use it to read the text you have selected on the page when you choose the “Transform to native ↻” option. This selected text is what gets sent to the AI for conversion. The extension does not have carte blanche to read data from every page in the background; it only accesses page content in the active tab at the moment you trigger a conversion, and only the specific text you selected.
“contextMenus” Permission: This permission enables the extension to add an item to your right-click context menu. Specifically, it adds the “Transform to native ↻” option when you right-click selected text. No personal data is collected through this permission; it is purely to enhance usability by providing a convenient menu entry.
“scripting” Permission: We use this to inject a content script into the current page when needed, in order to replace your selected text with the converted text. After the AI returns the accented text, the content script edits the webpage you're on (just in your browser, not on the site's server) to swap in the new text. This provides a seamless experience where you see your text “magically” updated with proper accents. The script runs only during and immediately after a conversion action that you initiate.
“storage” Permission: This allows the extension to save and retrieve settings using Chrome's storage (both chrome.storage.sync and chrome.storage.local). We use it to store the preferences mentioned earlier (like your API key, license key, chosen language, etc.). This data is stored locally on your device (and synced by Chrome to your own Google account if you have that feature on). The extension accesses this stored data to know, for example, what API key to use or what your default language is. We do not remotely pull this data from your browser; it stays in your browser's storage unless you choose to send it (for instance, entering a license key will result in a verification request to our server, but the key itself is stored locally).
Host Permissions (Networking): The extension is permitted to send network requests to certain domains needed for its function. Notably, these include our backend API endpoint (https://api.accentless.app/...) and OpenAI's API endpoint (https://api.openai.com/v1/...). The former is used when you are on a managed plan or need to verify a license or fetch something from our servers (like exchanging a license key for a token). The latter is used if you are in BYO Key mode - in that case, the extension will connect directly to OpenAI's API from your browser. The extension does not have wild-card access to arbitrary websites, and it cannot read data from other domains; it's limited to making requests to our service and to OpenAI as needed for conversions.

Important: We do not use the extension's permissions to collect any personal data beyond what is necessary for the core functionality. The extension does not monitor your general browsing activity or capture information about pages you visit, except for the text you explicitly select and convert. In summary, the permissions are there to allow the extension to do its job (convert text on command), and nothing more.

How We Use Your Information

We use the information we collect for various purposes related to operating, maintaining, and improving Accentless. These include:

Providing and Improving the Service: First and foremost, we use your information to deliver the functionality of Accentless. For example, we use your selected text input to produce a converted output with proper accents. We use your language preference to tailor the conversion to the correct language. We might analyze usage metrics to understand which languages or features are most popular, so we can improve those aspects or optimize performance. All of this helps us ensure the Service works as intended and gets better over time.
User Authentication and Account Management: If you create an account or log in, we use your credentials (email and Auth0-provided user ID) to authenticate you and maintain your session. This allows you to access your subscription status, manage your license, or update settings securely. We also use this information to prevent unauthorized access to your account. For instance, our systems will check your Auth0 token on requests to verify that it's really you making a call to our API.
Subscription and Payment Processing: When you subscribe to a paid plan, we use the information related to your payment to activate your subscription and provide you the paid features. Stripe, as our payment processor, charges your card and then lets us know (via secure webhooks) that you've paid and what plan you're on. We then use your Stripe customer ID and subscription status to, for example, determine if you have a valid subscription and what level of service to provide (e.g., priority processing for paid users). We also keep track of your subscription's renewal date or if it's canceled, to ensure continuity or cessation of service appropriately.
Communicating with You: We may use your contact information to send you service-related communications. These include emails or in-dashboard notifications for things like confirming your account signup, receipts for your subscription payments, important updates about the extension (for example, changes to this Privacy Policy or Terms of Service), security alerts (like if we detect suspicious activity on your account), or support responses if you've contacted us. We will not send you marketing or promotional emails unrelated to Accentless without your explicit consent. (If we ever launch a newsletter or similar, it will be opt-in.)
Customer Support: If you reach out to us at our support email or through any support channels, we will use the information you provide (which likely includes your email and possibly diagnostic information or screenshots you send) to help resolve your issue. We might ask for additional details if needed to troubleshoot. Any information collected during support is used only for assisting you and improving the Service, and is not used for marketing or shared externally.
Analytics and Product Development: We use the aggregated usage data and website analytics to understand how our Service is performing and how users are interacting with it. For instance, we might look at metrics like overall number of conversions per day, or which languages are converted most often, or how many visitors read through the website's features page. This helps us identify areas to focus on - e.g., adding support for a language that many users seem interested in, or improving our onboarding if we see users dropping off at that stage. Analytics also guide our marketing decisions (for example, knowing which referral sources bring us traffic can help us target our outreach or ads more effectively).
Security and Fraud Prevention: We may use information to keep Accentless secure and prevent misuse. For example, we might monitor overall usage patterns to detect potential abuse of the system (such as an unusually high number of conversion requests that could indicate someone scripting the service in an unauthorized way). We also keep an eye on failed login attempts or other signs of improper access. Device and technical information can help in diagnosing and stopping malicious activity (for example, if a certain user agent is causing technical errors or is associated with misuse, we can investigate further). If necessary, we may use data like IP addresses or usage logs to block unauthorized or harmful activity and to protect our users and systems.
Legal Compliance: Finally, we may process and retain some information to comply with legal obligations. For instance, financial regulations might require us to keep records of transactions (so we must retain payment history and related details for accounting and tax purposes). If law enforcement or regulatory authorities lawfully require information, we may use data we have to comply with those requests (see also “Legal Requirements” in the sharing section). Additionally, we use data to enforce our own legal rights and agreements - for example, to investigate violations of our Terms of Service or this Privacy Policy, or to address disputes (should any arise).

How We Share Your Information

We value your privacy and do not sell your personal information to third parties. We only share information in the following circumstances and with appropriate safeguards:

Service Providers (Third-Party Processors): We use a few trusted external services to help us run Accentless. These third parties act on our behalf and are bound by contracts to protect your data and use it only for the specific purpose we've hired them for. The key service providers we work with are:
- Auth0 (Authentication): Auth0 is an identity management service that handles user authentication for us. When you log in or sign up, you are actually interacting with Auth0's secure login system. Auth0 collects your login credentials (such as email and password, or OAuth information if you log in via Google/LinkedIn, etc.) and verifies them. They then provide us with an authenticated user ID (and some basic profile info like your email) so we know who you are. Auth0 essentially holds your authentication information; we trust their security practices to keep it safe. We share with Auth0 the necessary info to log you in (like your email) and in return receive confirmation of your identity. Auth0 is a widely used authentication platform and is compliant with GDPR and other security standards. You can refer to Auth0's privacy policy for more details on their handling of personal data.
- Stripe (Payments): Stripe is our payment processor. When you decide to purchase a subscription, the payment form is provided by Stripe or securely transmitted to Stripe. Your sensitive payment details (credit card number, CVV, etc.) go directly to Stripe - we never see them. Stripe will then give us a customer ID, and information like the last four digits of your card and expiration (for display or reference), the type of card, and of course the status of the transaction (success, failure). Stripe also notifies us about subscription events (via what's called webhooks) - for example, when a payment is made, when a subscription renews, if a payment method failed, or if you canceled. We use that info to update your account status in our database (e.g., marking your subscription as active or inactive). We share with Stripe only what's needed for the transaction: your email (so receipts can be sent and to identify your account on our side) and the details of what you're purchasing (the plan, price, etc.). Stripe in return provides us with a unique customer identifier and payment status. Stripe is a certified Level 1 PCI DSS compliant entity, meaning it adheres to the highest standards of payment data security. Please review Stripe's privacy policy for more on how they handle personal data.
- OpenAI (AI Text Conversion): The core of Accentless's functionality—turning unaccented text into properly accented text—is powered by OpenAI's language models. This means that when you select text and request a conversion, that text needs to be sent to OpenAI's API (either directly from your browser or via our server, depending on your plan) so that their AI model can process and return the converted text. If you are on the free BYO Key plan, your browser communicates directly with OpenAI using your provided API key, and the text is not routed through our servers at all. If you are on a managed plan (where we provide the API access), your text is sent from our server to OpenAI. In both cases, OpenAI will see the content of the text you sent (as part of the API request) and the model will generate a response. According to OpenAI's stated policies, they may temporarily retain API request data (which would include your text and the AI's response) for up to 30 days to monitor for abuse or misuse, after which it is deleted:contentReference[oaicite:1]{index=1}. OpenAI also indicates that as of March 2023 they no longer use data sent via the API to improve or train their models:contentReference[oaicite:2]{index=2}, so your specific text isn't used to teach the AI. However, OpenAI is a separate entity, and your use of the OpenAI API (direct or through our Service) is subject to OpenAI's terms and privacy policy. We recommend reviewing OpenAI's API data usage policy for more details. Rest assured, we do not receive your text content back from OpenAI other than the converted result; we do not store it on our end (except transiently as needed to deliver it to you).
- Google Analytics (Website Analytics): On our public website, we use Google Analytics to understand how visitors use our site. Google Analytics uses cookies and similar technologies to collect data about website visitors. This data (e.g., your IP address, browser type, pages visited, time spent) is transmitted to Google and stored on Google's servers. Google provides us with aggregated reports about traffic and interactions - for example, total number of visitors, which countries users are from, which pages are most popular, etc. We have enabled IP anonymization for Google Analytics where possible, meaning Google will truncate IP addresses in many cases for privacy. We do not send any personal information (like your name or email) to Google Analytics. Google may use the data it collects to improve its analytics services, but it cannot use our Analytics data to identify any individual. You can opt out of Google Analytics by installing the official opt-out browser add-on or by adjusting your cookie settings. (Also, as noted, if your browser is set to Do Not Track, we honor that for analytics.) For more details, see Google's own Privacy Policy. We have configured our use of Google Analytics to be in line with Google's policies and applicable privacy laws. Please note, Google Analytics is only active on our informational website, not in the browser extension itself. The Chrome extension does not contain Google Analytics or similar tracking.
Business Transfers: If in the future our company (Thinking Bytes) undergoes a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, user information (including personal data) might be among the assets transferred. Should such a transfer occur, the acquiring organization will be required to use your personal information in a manner consistent with this Privacy Policy (or a policy that provides you with at least as much protection as this one). We would notify you via a prominent notice on our website or by email if your personal information becomes subject to a new Privacy Policy as a result of a business transition.
Legal Requirements: We may disclose your information when required to do so by law or in response to valid requests by public authorities. This means if a court order, subpoena, or other legal process compels us to provide certain data, we may comply after verifying the legitimacy of the request. We also might disclose information if we believe in good faith that such action is necessary to comply with the law (for example, urgent requests related to harm prevention), to investigate or rectify potential violations of our Terms of Service, or to protect the rights, property, and safety of our company, our users, or others. For instance, if we detect someone attempting to misuse our Service in a way that could harm other users or the public, we might share relevant information with law enforcement as appropriate.
With Your Consent: In any scenario other than the ones above, if we need to share your personal information, we will do so only with your consent. For example, if we ever want to feature a user testimonial or share data with a new partner for a specific program, we would ask for your explicit permission. You are in control - if you don't agree, we won't share your information in that way.

Data Storage and International Transfer

Accentless is operated from the United Kingdom, but the nature of cloud services and the internet means that your data may be stored or processed in other countries as well. We want to be transparent about where your data can reside and the safeguards in place:

Storage on AWS (UK): We primarily use Amazon Web Services (AWS) cloud infrastructure to host our backend and databases. Specifically, our databases (such as the ones storing user accounts, license information, and usage logs) are hosted in AWS's eu-west-2 region, which is in London, UK. This means that if you create an account or use our managed services, your account information and related data are stored on secure servers in the UK. AWS data centers are highly secure and certified under international standards. The UK is our home region, and we chose it in part to better serve users in the UK and European Union with data residency in a jurisdiction with strong data protection laws.
Service Providers in Other Locations: Some of our third-party service providers are based in or process data in other countries:
- Auth0 and Stripe are global companies with servers in multiple regions (including the EU and the US). Depending on service configurations, data related to authentication and payments might be transferred to or processed in the United States or other jurisdictions. We have configured Auth0 to use an EU/UK tenant where possible, meaning authentication data is likely stored in Europe, but some backup or processing may still occur in the US. Stripe will process payment information in the region closest to your location when possible, but some data might be stored in the US (for example, Stripe's main operations are in the US).
- OpenAI is based in the United States. When text is sent to OpenAI's API for conversion, it will be processed on servers in the U.S. (or wherever OpenAI's systems are hosted, which is primarily the U.S.). The results are sent back to either your browser or our server in the UK, but during that round-trip your data does cross borders.
- Google Analytics (if you visit our website) will send data to Google's servers, which may be outside your country (Google has servers worldwide, including the US). We have enabled settings that ask Google to anonymize IP addresses for EU traffic, which helps reduce the identifiability of data leaving your region.

International Data Transfers and Safeguards: Whenever your personal data is transferred out of the UK or European Economic Area (EEA) to a country that is not deemed to have “adequate” data protection by the UK or EU authorities (for example, to the United States), we ensure that appropriate safeguards are in place. These may include: (i) the use of standard contractual clauses (SCCs) approved by the European Commission, which are contractual commitments that the recipient of the data will protect it according to EU standards; (ii) ensuring our service providers are certified under frameworks like the EU-U.S. Data Privacy Framework or similar (if applicable); or (iii) transferring data under an exception allowed by law (for instance, when the transfer is necessary for the performance of a contract with you).

We also take into account the Schrems II decision and related guidance when transferring data, meaning we assess on a case-by-case basis whether additional technical or organizational measures are needed to protect data in transit and at rest in other countries. Such measures could include encryption of data (which we do employ) and limiting what data is sent to third parties (sending only what's necessary).

By using Accentless, you understand that your information may be processed in countries outside of your own. Regardless of where processing occurs, we will take reasonable measures to ensure your personal data is treated securely and in accordance with this Privacy Policy and all applicable laws. If you have questions about international data transfers or want more specifics about the safeguards we use, you can contact us (see “Contact Us” below).

Data Security

We take the security of your data very seriously. We implement a variety of technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These include:

Encryption in Transit and At Rest: All communication between your browser (or the extension) and our servers is encrypted using HTTPS (TLS). This means that when your data (like your selected text, or your login credentials, etc.) is in transit over the internet, it's encoded so that eavesdroppers cannot read it. Internally, any sensitive data we store is encrypted at rest as well. For example, our databases employ encryption to protect data on disk. Additionally, secrets such as API keys, tokens, and passwords are stored securely (passwords are hashed, not stored in plaintext). If you're using the extension in BYO Key mode, the connection from your browser to OpenAI's API is also over HTTPS, which OpenAI secures on their end as well.
Access Controls and Authentication: Access to our servers and databases is limited to authorized personnel who need access to perform their job (for example, server administrators or developers working on the system). We utilize strong authentication methods for our backend (such as multi-factor authentication for administrative access, private keys for server access, etc.). Within our organization, we follow the principle of least privilege - each team member only has access to the minimum data and systems necessary for their role. For instance, our support staff (if any) would not have access to raw database dumps, and our developers don't use production data for testing.
Secure Authentication for Users: We rely on Auth0 for user authentication, which provides industry-standard security (including options for multi-factor authentication, anomaly detection for login, etc.). When you log in, Auth0 issues JSON Web Tokens (JWTs) that the extension uses for authenticated requests. These tokens are short-lived and signed with robust encryption (RS256), and our server verifies them with Auth0's public keys to ensure they're valid. This prevents malicious actors from impersonating you. The extension stores these tokens only as needed (in Chrome local storage) and they expire after a limited time, requiring fresh login to reduce risk.
Vulnerability Management: We keep our software and third-party libraries up to date to patch security vulnerabilities promptly. We also monitor for any announced security issues in the technologies we use (for example, if there's a security update for Chrome extension frameworks or for the OpenAI API client, we apply it). Our code is tested and reviewed to adhere to security best practices (like sanitizing inputs, using prepared statements for database queries to prevent injection attacks, etc.). We may run periodic security audits or use automated security scanning tools to catch potential weaknesses.
Isolation and Minimal Retention: For users on our Managed/Enterprise plans, if any text data is temporarily retained for processing or quality purposes, it is stored in isolated, secure storage with strict access controls. Such data (if it exists at all) is encrypted and not associated directly with personal identifiers. Moreover, it is automatically purged after the short retention period (which is 7 days by default):contentReference[oaicite:3]{index=3}. This measure ensures that even in the rare case we need to buffer some content (for example, to recover from a server crash or to analyze a conversion error), it will not persist for long and cannot be accessed freely.

Despite all these precautions, it's important to note that no method of transmission over the internet or electronic storage is 100% secure. We strive to protect your personal data using commercially acceptable means, but we cannot guarantee absolute security. In the unlikely event of a security breach that affects your personal information, we will act promptly to contain the issue and will notify any affected users and relevant authorities as required by law. We have a breach response plan in place that dictates timely notification (typically within 72 hours for GDPR purposes) and steps to remediate any incident.

Data Retention and Deletion

We keep your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for satisfying any legal, accounting, or reporting requirements. Different types of data are retained for different periods:

Account Information: If you have an Accentless account, we will retain your account data (like your email, Auth0 user ID, and profile info) for as long as your account is active. If you choose to delete your account, or if you haven't used your account in a very long time, we will delete or anonymize your personal information upon request or within a reasonable period of it no longer being needed. We might retain certain minimal information even after account deletion if necessary (for example, a record that a particular email had an account and was deleted, to avoid reusing it improperly, or to honor opt-out preferences, etc.), but we will strip it of all other personal details. If you never create an account (for instance, if you use the extension purely in BYO Key mode without logging in), then aside from possibly some usage metrics, we may not have any personal account info to retain in the first place.
Payment and Subscription Data: We retain subscription and payment-related information for as long as you are a subscriber and for a certain period after. Financial records often need to be kept for a minimum duration to comply with laws (e.g., tax regulations may require keeping transaction histories for X years). Thus, even if you cancel your subscription, we may retain records of payments, invoices, and cancellations for a legally mandated time (commonly 6-7 years for financial records in many jurisdictions). This is to have an audit trail for accounting and also to handle any potential refund issues, disputes, or legal requirements. However, this data will typically be limited to what's necessary - e.g., that a payment of Y amount occurred on Z date linked to a Stripe customer ID (and not your full payment details, which we never had). License keys associated with subscriptions are kept in our database to track the status of service; if a subscription is canceled and all obligations are done, we may deactivate and eventually purge the license record.
Converted Text (User Content): As stated earlier, our aim is to adhere to a “zero data retention” policy for the text you convert. This means that by default, we do not store your input text or the output text beyond the immediate processing required. If you are using BYO Key (free plan), the text goes straight to OpenAI from your browser and does not touch our server or databases at all. If you are using our Managed plan, the text passes through our server en route to OpenAI, but we do not log that content in our database. It exists transiently in system memory and in transit. We do not keep copies of what you converted. **Exceptions:** In rare cases, we might implement a short-term caching or queue system to improve reliability - for example, if our server is extremely busy or needs to retry a request to OpenAI, there could be a brief period where your text or the AI's response is held in an encrypted cache or message queue. Such data would be ephemeral and automatically deleted shortly (typically within minutes). In the context of enterprise or debugging, we might also, with your explicit consent, log a problematic piece of text to troubleshoot an issue, but that would be an opt-in situation during support. And even then, we'd purge that log as soon as the issue is resolved. To summarize, we do not retain your converted text, and we architect our systems around that principle.
Usage Metrics and Logs: We keep usage logs (like token counts and API call metadata) for as long as needed to support our operations. These logs do not contain the text content you converted, but they may be linked to your account or license key to monitor your quota or usage history. Typically, we might retain detailed usage logs for a few months up to a year for troubleshooting and support (for instance, to answer questions like “why did I hit my quota last month?”). Aggregated and anonymized usage data (which no longer can identify you) might be kept longer for analytical purposes. Over time, we may purge or aggregate older logs. For example, we might only keep per-user daily summaries after 90 days instead of individual request logs. If you delete your account and request deletion of data, we will delete or anonymize any usage logs associated with your user ID as well, except where retention is required for legitimate purposes (like audit or legal compliance).
Browser Storage Data: Data stored in your extension's local storage (such as your API key, preferences, etc.) resides on your own device. We do not have direct access to it. If you remove or reset the extension, that data will be cleared from your browser. We encourage you to safeguard any API keys you store in the extension (for example, lock your computer when not in use, etc., since it's stored in plain text in Chrome storage for the extension to use it). The extension's data is not on our servers, so we can't wipe it for you - it's under your control. If you want to delete that data, you can remove the extension or use Chrome's settings to clear extension storage.

If you wish to have your personal data deleted, you can contact us at any time with such a request (see the “Contact Us” section below). Upon receiving a verified deletion request, we will erase your personal data from our active systems without undue delay, except for any data that we are required or permitted to retain by law. For example, we might keep a record that “user X consented to data deletion on date Y” as a record of compliance, or we might retain invoice records for accounting. When we delete data from our active databases, it may still persist for a short period in our backups; however, our backup systems rotate and overwrite older backups regularly, so the data will be completely purged in due course. We also ensure that any third parties we have shared your data with (like Auth0 or Stripe) are notified of the deletion request when applicable, so they can also remove your data from their records (excluding data they need to keep legally, of course).

Legal Bases for Processing (GDPR/UK GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we must have a valid legal basis to process your personal data. We typically rely on one of the following legal bases:

Contractual Necessity: We process personal data to fulfill our contract with you - i.e., to provide the Service you have requested. When you install and use Accentless, or especially when you subscribe to a paid plan, there is a contractual relationship defined by our Terms of Service. We need to process your data to deliver on that contract. For example, we use your email and authentication details to create your account and let you log in; we use your selected text to provide the conversion service you've requested; we use your payment info to manage your subscription. Without this data, we wouldn't be able to provide the core functionality of Accentless to you. This processing is necessary for the performance of the contract between you and us.
Consent: In certain situations, we rely on your consent. For instance, if you are using the extension in BYO Key mode without creating an account, technically you are consenting to the processing of the text you select through OpenAI's API by using the feature (since there isn't a separate account agreement in that case). Another example is if we ever want to collect additional data for a purpose not covered by this Privacy Policy, we would ask for your consent. You have the right to withdraw your consent at any time. For example, if you consent to receive an email newsletter from us, you can opt out later. Withdrawing consent will not affect the lawfulness of any processing we already carried out based on your consent before withdrawal.
Legitimate Interests: We process some data for purposes that are in our legitimate interests (or those of third parties) - provided those interests are not overridden by your rights and interests. Our legitimate interests include maintaining and improving our product, securing our platform, and understanding our user base. For example, it's in our legitimate interest to collect usage metrics and error logs to ensure the Service is running well and to fix issues. It's also in our interest to use analytics to improve our website and business. When we rely on this basis, we carefully consider and balance any potential impact on your rights. We do not use your data for activities where our interests are outweighed by the potential risk to your privacy (for example, we would not use your personal information for unjustified profiling or marketing without consent).
Legal Obligation: Sometimes we need to process or retain data to comply with a legal obligation to which we are subject. This is particularly relevant for things like financial record-keeping, complying with government requests, or honoring data subject rights requests. For instance, if tax law requires us to keep invoicing information for a certain number of years, we will retain that information as required. Similarly, if a law enforcement authority lawfully requires data for an investigation, we may process data under legal obligation. In the UK and EU, if we receive such requests, we will typically inform the user unless legally prohibited, and we'll ensure any disclosure is lawful and necessary.

We always ensure that we have a valid legal basis for processing your personal data and will document our decision-making on legal bases for accountability. If you have any questions about the legal basis for any specific processing of your data, feel free to contact us and we will explain our reasoning.

Your Rights

Rights for Individuals in the EEA and UK: If you are in the European Union, European Economic Area, or United Kingdom, you have certain rights under GDPR and UK data protection laws with regard to your personal data. These include:

Right of Access: You have the right to request a copy of the personal data we hold about you, as well as information about how we process it. This is commonly known as a “data subject access request.” We will provide you with a copy of the data in a common format (unless doing so adversely affects the rights and freedoms of others, for example, revealing someone else's personal information). We typically provide this free of charge, but repeated or excessive requests may incur a reasonable fee as permitted by law.
Right to Rectification: If any of your personal data that we hold is inaccurate or incomplete, you have the right to have it corrected. For example, if you change your email address or notice it's misspelled in our records, you can ask us to update it. We strive to keep your data accurate and will act on valid correction requests promptly.
Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal data in certain circumstances. This includes situations such as: the data is no longer necessary for the purposes it was collected; you withdraw consent (and we have no other legal basis to continue processing); you object to processing and we have no overriding legitimate grounds to continue; or if we handled your data unlawfully. Note that this right is not absolute - sometimes we may have legal obligations or compelling legitimate grounds to retain some data (as described in the Data Retention section). But we will honor the request to the fullest extent required by law and will inform you of what data, if any, we must retain and why.
Right to Restrict Processing: You have the right to ask us to restrict (i.e., pause) the processing of your personal data in certain scenarios. For example, if you contest the accuracy of your data, you can request we not use it until it's verified or corrected. Or if you object to our processing based on legitimate interests and we are evaluating that request. Another case is if processing is unlawful but you prefer restriction over deletion. When processing is restricted, we will still store your data, but not use it for anything except to the extent necessary (for example, to secure it or as needed for legal claims) until the restriction is lifted.
Right to Data Portability: You have the right to obtain the personal data you've provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another controller. This typically applies to data processed based on your consent or for the performance of a contract, and when processing is carried out by automated means. In practice, this could mean if you request it, we can provide you a copy of certain data (like your account information and usage data associated with you) in a CSV or JSON format that you could then supply to another service if you wish. Where technically feasible, you can also ask us to transfer the data directly to another service provider, if you prefer, though direct transfers are not always supported by systems.
Right to Object: You have the right to object to certain types of processing. You can object to processing based on legitimate interests on grounds relating to your particular situation. We would then be obliged to stop such processing unless we either demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or we need to continue processing for the establishment, exercise, or defense of legal claims. Importantly, if we were ever to process your data for direct marketing (which we currently do not, aside from possibly sending you your own usage or plan updates), you have an absolute right to object to that at any time, and we would stop using your data for that purpose.
Right not to be subject to Automated Decision-Making: You have rights related to automated decision-making and profiling. However, Accentless does not make any decisions about you that have a legal or significant effect solely by automated means. There is no algorithmic decision, for example, to deny you access or provide different pricing without human involvement. If this ever changes, we will update you and ensure any such process complies with GDPR requirements by allowing for human review, etc.

To exercise any of these rights, please contact us at our support email (provided in the Contact Us section). We may need to verify your identity before fulfilling your request. This could involve confirming ownership of the email associated with your Accentless account or asking for additional information to ensure we're dealing with the correct individual. We will respond to your request as soon as possible, and in any case within one month, as required by GDPR. If your request is complex or if we have received numerous requests, we may extend this period by up to two further months, but we will inform you of the extension and the reason for it within the first month.

You also have the right to lodge a complaint with a supervisory authority. If you're in the UK, that would be the Information Commissioner's Office (ICO). In the EU, you can reach out to the data protection authority in the country of your residence or where you believe a violation may have occurred. We would appreciate the opportunity to address your concerns directly before you do this, so we encourage you to contact us first, but you are fully entitled to go to a regulator at any time.

Rights for California Residents (CCPA/CPRA): If you are a resident of California, U.S., you have specific privacy rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These rights (some of which overlap with the GDPR rights above, but some are distinct) include:

Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and “sell” or “share” (as those terms are defined under California law). More specifically, California residents can request two types of information:
- Categories Report: A general report outlining the categories of personal information we've collected about consumers, categories of sources of that information, the business or commercial purposes for collecting it, the categories of third parties with whom we share it, and for each category of personal information, the categories of third parties to whom we disclosed that category for a business purpose or (if applicable) “sold” or “shared” it.
- Specific Pieces Report: A more detailed report including the specific pieces of personal information we have collected about you. Essentially, this is similar to the GDPR right of access - you can ask for a copy of the actual data we have about you.
We are required to provide this information covering the 12-month period preceding your request, and you are entitled to request this information up to twice in a 12-month period.
Right to Delete: You have the right to request that we delete any personal information about you that we have collected from you, subject to certain exceptions. Once we receive and verify your request, we will delete (and instruct our service providers to delete) your personal information from our records, unless an exception applies. CCPA exceptions to deletion include, for example, when the information is needed to complete a transaction you requested, to detect security incidents, to comply with a legal obligation, or other such purposes. We outlined above in our Data Retention section the kind of data we might need to keep (like payment records for legal compliance). If we must deny a deletion request due to an exception, we will inform you of the reason.
Right to Correct: Under CPRA (effective 2023), California residents also have the right to request correction of inaccurate personal information maintained by us. If you find that any of your information is inaccurate, you can request we fix it, and upon verification (and considering the nature of the personal information and purpose of processing), we will correct it as needed.
Right to Opt-Out of Sale or Sharing of Personal Information: CCPA gives consumers the right to opt out of the “sale” of their personal information and, under CPRA, the right to opt out of “sharing” of personal information for cross-context behavioral advertising. We want to clarify that we do not sell personal information. “Sale” under CCPA is broadly defined to include some exchanges of data for value, but we do not provide your data to third parties for money or other valuable consideration in any way that would be considered a sale. We also do not share your personal data for targeted advertising profiles across services. Since we do not engage in these activities, we do not have a “Do Not Sell or Share My Personal Information” link, because there is nothing to opt out of in that regard. If this ever changes, we will update our Privacy Policy and implement appropriate opt-out mechanisms as required by law.
Right to Limit Use of Sensitive Personal Information: The CPRA introduces the concept of “sensitive personal information” (SPI) and allows California residents in some cases to limit its use and disclosure if a business uses it for reasons beyond what's necessary to provide the goods or services. We do not collect sensitive personal information as defined by CPRA (such as Social Security numbers, driver's license numbers, precise geolocation, contents of mail, etc.) except in the limited context of account login credentials (which could be considered sensitive). But we use such information only to provide the Service (e.g., your password is only used for login), which is considered a necessary purpose. We do not use any sensitive information to infer characteristics about you or for any secondary purposes. Therefore, the right to limit use of SPI is not applicable to Accentless at this time.
Right of Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. That means if you choose to exercise your privacy rights, we won't deny you our Service, charge you different prices, provide a different quality of service, or suggest that you may receive a different price or rate or quality of service. Accentless offers equal service to all users regardless of whether they exercise their privacy rights. (In certain cases, if you ask us to delete necessary data, we might not be able to continue providing service - for example, if you deleted your account email, we wouldn't be able to know you have a subscription - but that's a direct result of your request, not discrimination. If deletion means you can no longer use a feature, we will inform you at the time of your request.)

Submitting CCPA Requests: If you are a California resident and would like to exercise any of the rights above, you (or your authorized agent) can submit a request to us via the contact information provided in the Contact Us section. Please specify which right you intend to exercise and provide us with sufficient information to verify your identity. Typically, we will verify requests by confirming that the request's sender is using the email address associated with your Accentless account or by asking for other identifying information we already have (we will never ask for sensitive information like your password or SSN for verification). We aim to respond to your verifiable request within 45 days as required by CCPA. If we need more time (up to an additional 45 days), we will inform you of the reason and extension in writing.

Any disclosures we provide will cover the 12-month period preceding the request, as required by the CCPA, and we'll explain our response. For deletion or correction requests, we will confirm once we've taken action. If we cannot fulfill your request in whole or in part, we will explain the reason (for example, if we cannot delete data we must keep for legal reasons, we will tell you).

We want you to feel comfortable using Accentless knowing that your privacy rights are respected. The above rights ensure you have control over your personal information, and we are committed to honoring them.

Children's Privacy

Accentless is not directed to children and our Service is intended for use by adults in professional or educational contexts. We do not knowingly collect or solicit personal information from anyone under the age of 13 (and in certain jurisdictions, under the age of 16) through the extension, our website, or any part of our service. If you are under 13, please do not use Accentless or send any personal information about yourself to us (such as your name, email, or phone number). If you are between 13 and 16 years old, you should only use Accentless with the involvement and consent of a parent or guardian.

In the unlikely event that we learn we have collected personal information from a child under 13 without verified parental consent, we will delete that information promptly. For example, if a student under 13 tried to sign up with a fake age and we later discover their age, we would remove their account and data. If you believe that we might have any information from or about a child under 13, please contact us immediately so that we can investigate and take appropriate action.

Parents or guardians: If you become aware that your child who is under the applicable age has provided us with personal information, please contact us. We will work with you to remove that information and close the child's account if one exists. We encourage parents and guardians to supervise their children's online activities and consider using parental control tools available from online services and software manufacturers to help provide a child-friendly online environment.

Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time. As our product evolves, or as laws and regulations change, we might need to make changes to keep you accurately informed about our data practices. When we make changes, we will notify users as required. Minor changes (like clarifications) may be posted with an updated effective date at the top of the policy. For substantial changes (for example, if we start collecting additional personal data or change how we share data in a significant way), we will provide a more prominent notice — such as an email notification to our registered users or a pop-up notice in the extension or on our website.

The “Effective Date” at the top of this policy indicates when the policy was last revised. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting the personal information we collect. If you continue to use Accentless after a Privacy Policy update, that will constitute your acknowledgment of the changes and your agreement to be bound by the updated policy (of course, only to the extent permitted by law; we wouldn't enforce new uses of your data without consent if the law requires consent).

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or any aspect of your privacy when using Accentless, please do not hesitate to contact us. We are here to help and address any issues you may have. You can reach us by email at:

Support Email: [email protected] - for general inquiries, support questions, or to exercise any of your privacy rights.
Enterprise Inquiries: [email protected] - for business inquiries or any questions related to enterprise use of Accentless.

In any communication, please include your contact information and a detailed description of your request or question. If you are contacting us to exercise a specific privacy right, please clearly state that in your email and describe the nature of your request (e.g., “I am requesting a copy of my personal data,” or “Please delete my account and data,” etc.). We may need to verify your identity for security reasons before acting on certain requests, but we will only use the verification information for that purpose.

We will respond to your inquiries as promptly as possible, generally within a few business days. Your privacy is extremely important to us, and we welcome your feedback. If you have suggestions on how we can improve our privacy practices or this policy, we would love to hear from you.

Thank you for trusting Accentless. We are dedicated to protecting your personal information and enabling you to use our AI-powered accent conversion service with confidence.