Privacy Policy
Status: Pre-launch draft. This page describes the product as currently implemented and still needs legal review before production launch.
What leaves your browser
- When you request a translation, the extension sends a screenshot or image tiles for the selected comic area to the Metel Scan server.
- The full page URL is used locally by the extension to compute a stable series identifier, then stripped before the upload. The server receives that opaque series identifier, not the full chapter URL.
- Batch mode may use image URLs inside the extension to fetch page tiles, but the backend receives the image data, not the original tile URLs.
Translation processing
- Raw pixels are processed transiently by the server and GPU service for detection/OCR/translation. They are not stored as files or database records.
- OCR source text is sent to our translation provider so the requested text can be translated. We do not send your account identity to the translation provider.
- The server keeps a short-lived translation cache for speed and cost: normalized source text plus translated text, under a hash built from source text, language/settings, prompt version, and the opaque series id. The current cache TTL is seven days.
Account, billing, and abuse logs
- If you create an account, we store your email, account id, credit balance, subscription status, and synced settings you choose to save. Passwords are handled by Supabase Auth; we do not see plaintext passwords.
- Billing is handled by Paddle at launch. We store Paddle customer, transaction, subscription, and webhook event identifiers so purchases, invoices, refunds, disputes, and chargebacks can be reconciled. We do not store card numbers.
- Credit usage logs record timestamps, amounts, reasons, and safe metadata such as capture ids or provider transaction ids. They do not store what manga was read or what text was translated.
- Operational request audit logs may include account id, request/capture ids, status/error codes, credit cost and charged amount, image byte length, capture dimensions, timing, cache counts, GPU/LLM telemetry, and safe settings metadata. They do not store raw images, OCR text, source text, translated text, or full page URLs.
Sub-processors
- Cloudflare: website, API hosting, and KV cache infrastructure.
- Supabase: authentication and Postgres database.
- Paddle: checkout, subscriptions, receipts, tax, and billing portal.
- Modal or another GPU host: transient detection and OCR processing.
- OpenRouter / DeepSeek: translation of OCR source text.
- Resend or another SMTP provider: account verification and password reset email, if configured.
What we do not do
- We do not sell personal data.
- We do not use advertising trackers at launch.
- We do not accept or store user-provided LLM/API keys.
- We do not build a server-side reading history from full page URLs.
Last updated: pending production launch.