June 23, 2026

Why self-hosted translation matters for data privacy

It's easy to forget that "translate this for me" means "send this text to a server I don't control." Contract clauses, private messages, medical notes, draft business emails — a lot of what people translate is exactly the kind of text they'd think twice about pasting into a random public form.

Where your text actually goes on Traduck

When you submit text on Traduck — website or API — it's sent over HTTPS to our server, handed to our self-hosted AI translation model running on that same infrastructure, and the translated result is returned. That's the entire path. We don't forward your text to Google Translate, DeepL, Microsoft Translator, or any other third-party translation vendor, because we're not calling one — we're running the model ourselves.

What we do log, and why

To run the product responsibly we keep: which account or API key made a request (for quota enforcement), the source/target language pair and character count (for usage stats and abuse detection), and whether the request succeeded (for debugging). We do not sell translated text, and we don't use your submissions to train third-party models we don't control. Full detail in our Privacy Policy.

API keys are hashed, not stored raw

When you generate an API key, the raw key is shown to you exactly once. What we store server-side is a SHA-256 hash and a short prefix for display — the same practice used for password storage. If our database were ever exposed, your raw API key would not be recoverable from it.

What this doesn't mean

Self-hosted doesn't mean "nobody can ever see your text" — our infrastructure and the people who operate it are still part of the trust boundary, same as with any online service. What it does mean is that boundary is smaller and more auditable: one operator, not an unknown chain of subprocessors. If your use case requires guarantees beyond what's in our Privacy Policy or Terms, reach out before relying on us for it.