Privacy Policy

Summary

eng.ge collects only the data needed to provide dictionary, account, contribution, AI assistant, extension, and administrative features. We do not sell personal data and we do not use advertising or analytics cookies in the current codebase.

Dictionary searches Search terms, selected text searches, opened words, and standard server request data are processed so the service can return results.

Accounts and contributions Account details, Google sign-in details, submissions, corrections, trusted editor changes, and CSRF/session data are processed to run user features securely.

AI assistant and TMS tools Messages, selected model choices, uploaded translation files, glossary data, and machine-translation requests may be sent to relevant processors when you use those features.

Data Controller

The data controller is Giorgi Chkheidze / eng.ge.

Email: giorgi@eng.ge
Website: https://eng.ge/

If you contact us about privacy rights, please include enough information to identify your account, contribution, or request. We may ask for additional verification before disclosing or deleting personal data.

Personal Data We Process

The exact data depends on which features you use.

Dictionary website: search queries, opened words, language preferences in URLs, submitted terms, definitions, corrections, pronunciation-related requests, and standard request logs.
Browser extension: search terms typed into the extension, selected text you ask the extension to search, dictionary words opened in the panel, contribution form content, authentication/session requests, and trusted editor actions.
Accounts: name, email address, password hash if you register by password, Google account identifier if you use Google sign-in, profile picture URL when provided by Google, login/session state, and account activity needed for security.
Contributions and moderation: submitted terms, definitions, notes, corrections, publication/review status, contributor account details, editor changes, and related timestamps.
TMS and glossary tools: project names, uploaded translation files, source/target text segments, translation memory entries, glossary terms, comments, workflow status, spell-check exceptions, and project/user assignments.
AI assistant: chat messages, conversation history sent by the browser for context, selected AI model, generated responses, and technical API request data.
Technical and security logs: IP address, browser/user agent, request URL, referrer if sent by the browser, timestamps, response status, errors, and abuse/security events.

We do not intentionally collect payment card data, precise location, health data, or passwords from page content. The extension has access to pages so it can place the dictionary panel on pages where you use it and read selected text only when you ask it to search that selected text.

Purposes and Legal Bases

Purpose	Data Used	GDPR Legal Basis
Provide dictionary searches and definitions	Search terms, selected text, opened words, language choice, technical request data	Performance of a requested service; legitimate interests in reliable delivery
Operate accounts and Google sign-in	Email, name, account identifiers, session data, Google profile data returned after user authorization	Performance of a contract/service; consent where required for optional sign-in
Process contributions, corrections, trusted edits, TMS projects, and glossary work	Submitted content, user/account data, project files, workflow records, moderation metadata	Performance of a requested service; legitimate interests in maintaining dictionary quality
Provide AI assistant and machine-translation features	Prompts, chat history, selected model, translation text, generated responses, technical API data	Performance of a requested service; consent where you voluntarily submit text to these tools
Security, fraud prevention, debugging, and legal compliance	Server logs, IP address, error logs, session/CSRF data, abuse indicators	Legitimate interests; legal obligation where applicable

eng.ge Mini Dictionary Extension

The Firefox extension communicates with https://eng.ge to provide live dictionary search, selected-text search, contribution forms, login state, logout, and trusted editor operations.

User-entered search terms are sent to /index.php?q=....
Selected page text is sent only when you choose the selected-text search action or otherwise command the extension to search that text.
Dictionary definitions are fetched from eng.ge and sanitized by the extension before insertion into the extension panel.
Contribution and correction forms are submitted to eng.ge only when you submit them.
Authenticated extension requests use eng.ge session cookies with credentials: include so the server can recognize your signed-in account.

The extension does not load remote scripts. It bundles its own runtime files, fonts, and KaTeX assets.

Cookies and Local Storage

eng.ge uses essential session cookies for login, CSRF protection, account security, contribution forms, and extension-authenticated requests. Session cookies are configured as HTTP-only, secure on HTTPS, and session-lifetime cookies. They are required for the website and extension account features to work.

The site and TMS tools may use browser localStorage for interface preferences such as theme, panel/sidebar state, search mode, spell-check ignore lists, and temporary translation-memory cache values. These values are stored in your browser and are used to make the interface faster and more convenient.

Cookie banner guidance: because the current codebase uses only strictly necessary session cookies and local preference storage, a cookie consent banner is not required in most GDPR/ePrivacy implementations. If you add analytics, ads, remarketing pixels, heatmaps, social tracking widgets, or other non-essential cookies, add a consent banner before those tools run.

Processors and Third Parties

We do not sell personal data and do not share it for behavioral advertising. Data may be processed by service providers that help operate eng.ge.

Hosting, infrastructure, backup, and security providers may process server logs, database content, and technical data needed to run and protect the service.
Google OAuth is used when you choose Google sign-in. Google returns account information such as your Google account ID and email after authorization.
AI providers may process chat prompts and conversation context when you use the AI assistant. Current code paths include Groq, Google Gemini, and DeepSeek depending on the model selected.
Machine translation providers may process translation text when TMS machine-translation features are used. Current code paths include Google Translate and DeepL where configured.
Email or notification providers may process contact details if used for service messages, account support, or moderation workflows.

Third-party providers process data under their own terms and privacy policies where you interact with them directly, and as processors or service providers where they support eng.ge operations.

International Transfers

eng.ge is operated from Georgia and may use service providers in other countries. If personal data from the European Economic Area, United Kingdom, or Switzerland is transferred internationally, we will use appropriate safeguards where required, such as contractual protections, provider data-processing terms, or another lawful transfer mechanism.

Retention

We keep personal data only as long as needed for the purposes described in this policy, unless a longer period is required for legal, security, or abuse-prevention reasons.

Routine server logs are generally retained for up to 90 days, unless needed longer for security investigation or legal compliance.
Account records are retained while the account is active and for a reasonable period afterward where needed for security, support, legal, or administrative purposes.
Contributions, corrections, definitions, glossary entries, translation memories, and related moderation records may be retained while they remain part of the dictionary, TMS, review, or publication workflow.
Uploaded TMS files and project data are retained while needed to provide project functionality or until removed according to account/project controls and administrative requirements.
Security logs may be retained longer where necessary to investigate abuse, attacks, fraud, or service misuse.

Security

eng.ge uses HTTPS, HTTP-only session cookies, CSRF tokens on sensitive forms, access controls, and operational security measures intended to protect personal data from unauthorized access, alteration, disclosure, or destruction.

No online service can guarantee absolute security. Please use a strong password, keep your browser updated, and contact us if you believe your account or data has been affected by a security issue.

Your Rights

Depending on your location, including under the GDPR, you may have the right to:

Request access to personal data about you.
Request correction of inaccurate or incomplete data.
Request deletion of personal data.
Request restriction of processing.
Object to processing based on legitimate interests.
Request data portability where applicable.
Withdraw consent where processing is based on consent.
Lodge a complaint with a data protection supervisory authority.

To exercise these rights, contact giorgi@eng.ge. We will respond in accordance with applicable law.

Children

eng.ge is not directed to children under 16. Users under 16 should use the website, tools, and extension only with permission from a parent or guardian where required by local law.

Automated Decision-Making

eng.ge does not use personal data for automated decision-making or profiling that produces legal or similarly significant effects. AI assistant and machine-translation features generate language assistance only when you choose to use them.

Changes to This Policy

We may update this policy when eng.ge features, providers, data practices, or legal requirements change. The effective date at the top of this page shows when this version took effect.