Confidentiality in Translation: How We Protect Your Data

NDA: The Legal Foundation of Confidentiality

A Non-Disclosure Agreement (NDA) is the first level of protection. We sign NDAs in two formats:

• NDA between the agency and client. Signed before materials are transferred. Establishes obligations for information protection, duration (standard: 3–5 years after project completion), and liability for breach.
• NDA between the agency and each translator. All of our 50+ specialists have active confidentiality agreements. Translators are prohibited from disclosing the content of translated documents, storing copies after project delivery, or sharing materials with third parties.

If you have your own NDA template, we'll sign it. If not, we'll provide our standard form, which has been legally reviewed and complies with Russian law and international standards.

Encryption and Secure File Transfer

Sending files via regular email is common but insecure. Our approach:

• Secure cloud portal. Clients upload files through a secure portal with TLS 1.3 encryption. Files are stored on servers in Russia (compliant with Federal Law 152-FZ).
• Encrypted email. When sending by email, we use encrypted archives (AES-256). The password is sent via a separate channel (messenger or phone).
• VPN and direct channels. For corporate clients with elevated security requirements, we set up a VPN tunnel or work through the client's infrastructure.

After project completion and client confirmation of receipt, we delete working files from our servers. Retention period is specified in the NDA — standard is 30 days after delivery, to promptly handle revision requests.

Translator Vetting

The translator is the key link in the security chain. Before assigning a specialist to projects with confidential information, we conduct:

1. Qualification verification. Confirmation of education, work experience, references from previous employers or clients.
2. NDA signing. Individual non-disclosure agreement with each specialist.
3. Security briefing. Rules for handling confidential documents: prohibition on using public cloud storage (Google Drive, Dropbox) for work files, prohibition on uploading texts to free online translators (Google Translate, DeepL Free) and chatbots (ChatGPT).
4. Workstation control. For high-confidentiality projects, translators work on agency equipment or via secure remote access.

This is not a formality. In 2023, we terminated collaboration with two translators for using online translation tools with confidential texts (discovered during an audit).

GDPR and 152-FZ Compliance

We process personal data in compliance with two key regulations:

Federal Law 152-FZ "On Personal Data." Requirements: storage of Russian citizens' personal data within Russia, obtaining consent for processing, appointing a responsible person for data processing.

GDPR (General Data Protection Regulation). Relevant for projects with European partners. We ensure: data minimization (processing only the necessary volume), right to erasure, security incident notification within 72 hours.

When translating documents containing personal data (medical records, employment contracts, court materials), we apply additional measures: restricted group of performers, data anonymization during preparation (where possible), dedicated workspace.

Internal Security Policies

Beyond legal agreements, we maintain a set of organizational measures:

• Principle of least privilege. Each translator gets access only to their part of the project. In team projects, individual translators cannot see each other's materials.
• Access logging. All file operations are recorded: who downloaded/uploaded/edited what and when.
• Regular audits. Quarterly reviews of security procedure compliance.
• Incident response plan. Upon discovering a breach: immediate client notification, access lockdown, investigation, and corrective actions.

How It Works in Practice

Typical scenario for a high-confidentiality project (e.g., M&A documentation translation):

1. NDA signed before materials are transferred
2. Client uploads files to the secure portal
3. Manager assigns a translator from vetted specialists with appropriate clearance
4. Translator works via secure access without downloading files to personal devices
5. Completed translation is uploaded to the portal, client receives notification
6. After acceptance confirmation, working files are deleted

Learn more about us on our About page. Full privacy policy text is here. Order translation with guaranteed data protection.