Soft Fish
← Back to portal
Privacy Policy
Last updated · June 2, 2026
This Privacy Policy describes how The Soft Fish Inc. ("Soft Fish", "we", "us") collects, uses, and protects information when you use the Soft Fish client portal (the "Service"). By using the Service you agree to the practices described here.
1. Information we collect
- Account information. When you sign in we collect the email address you provide. We do not collect or store passwords; authentication is performed using one-time codes.
- Documents you upload. Files you upload — including their filenames, file size, content type, and content — are stored to provide the Service to you.
- Document metadata. Groups, document names, edited translations, and timestamps you create within the portal.
- Session data. A randomly generated session token stored as an HttpOnly cookie, used only to keep you signed in.
- Technical data. Standard server logs (IP address, user agent, request timing) generated by our hosting provider for security and reliability.
2. How we use information
- To authenticate you and keep you signed in to the portal.
- To store, organize, retrieve, translate, and display the documents you upload.
- To send transactional emails (such as your one-time login codes).
- To diagnose problems, prevent abuse, and improve reliability.
3. Third-party service providers
We use the following providers to operate the Service. Each receives only the information necessary to perform its function:
- Cloudflare, Inc. — hosting, content delivery, file storage (R2), and database (D1). Stored data is held in Cloudflare's infrastructure.
- Google LLC (Gemini API). When you request a translation, the contents of the relevant document are sent to Google's Gemini API for processing. We do not use customer documents to train models. See Google's API terms.
- Resend, Inc. — delivery of transactional emails (one-time login codes).
4. Data retention
We retain account information and uploaded documents for as long as your account remains active. One-time codes are deleted after they are used or expire. Session tokens are deleted when you sign out or after thirty (30) days of inactivity. You may request deletion of your account and associated documents at any time by contacting us.
5. Security — your data is safe with us
Protecting your clients' documents is fundamental to Soft Fish. We have designed the Service so that your data and documents are never exposed to other users or to the public, and are not accessible without proper authorization. The following technical and organizational measures are in place to keep your information protected:
- Encrypted in transit. All communication between you and the Service is protected with industry-standard TLS (HTTPS) encryption, so your documents and information cannot be intercepted as they travel to and from our servers.
- Encrypted at rest. Every uploaded document and database record is encrypted at rest within our infrastructure, as are our API credentials and other secrets. Data sitting on our servers is stored in encrypted form, not as readable files.
- Private storage — no public access. Your files are held in private storage with no public links or browsable URLs. A document can only be retrieved through an authenticated request tied to your signed-in account. Without proper authorization, your data and documents cannot be accessed through the Service.
- Strict per-account isolation. Every request to the Service is authenticated, and every record — clients, cases, documents, and translations — is permanently scoped to the account that created it. Our data structure is built so that one account can never see, retrieve, or modify another account's data or documents.
- Least-privilege access and confidentiality. Access to production systems is limited to the minimum necessary to operate and support the Service. We never sell, rent, or share your documents, and your documents are never used to train any AI model.
We take the confidentiality of your data extremely seriously and continually work to strengthen these protections. No system can guarantee perfect security, so please also help protect your account by keeping the email account that receives your login codes secure and your devices up to date.
6. Your choices and rights
- You may sign out at any time using the menu inside the portal.
- You may delete any document from your account at any time. Deletion removes the file from storage and the associated metadata from our database.
- You may request a copy of your data, correction of inaccurate data, or deletion of your account by emailing the address below.
- Residents of California, the EEA, the UK, and certain other jurisdictions may have additional rights under applicable law (CCPA/CPRA, GDPR, etc.).
7. Children
The Service is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from them.
8. Changes
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date above. Continued use of the Service after changes constitutes acceptance of the updated policy.
9. Contact
For any privacy-related questions or requests, contact us using the information below.
This document is provided as plain-language information about our practices and does not constitute legal advice.