Security
Security and trust controls for translation traffic
Lexel Translate is built as a production translation app, not a generic playground. The current product includes scoped API keys, retention-aware history controls, rate limiting, billing-safe usage tracking, and guarded internal worker routes.
API key handling
API keys are scoped to personal, organization, or team ownership and are stored as hashed values rather than raw secrets.
Retention controls
Translation history can be disabled at the personal, organization, team, or API-key level. Scheduled deletion and legal-hold-aware retention flows are implemented in the app.
Abuse controls
Guest quota windows, edge throttling, session-user limits, API-key rate limits, and Turnstile-backed auth flows help contain abusive traffic.
Operational boundaries
The app separates browser sessions, API-key traffic, and internal worker routes. Internal worker endpoints require additional trusted-key validation.
Dashboard audit trail
Signed-in dashboard mutations such as settings changes, API-key management, organization changes, and account-deletion actions are recorded in a user-linked audit trail.
Customer controls
Signed-in users can manage saved history behavior in supported scopes, request account deletion, and download a self-serve account export without exposing raw API secrets.
Related trust resources
For contractual processing terms, review the data processing agreement template. For current assurance-program direction, review the SOC 2 roadmap. Both pages are meant to help customers understand the present trust surface without overstating certification or infrastructure guarantees.