Security

How we handle your store content.

Loqua reads the text in your store, translates it, and writes the translations back. Here is exactly what that involves, in plain terms.

Last updated June 2026. Questions: hello@rse-labs.com.

What Loqua accesses

Loqua requests only the Shopify permissions it needs to translate your store: read and write translations, read and enable locales, read Markets, and read your products, content, themes, navigation and metaobjects so it has source text to translate. It has no write access to products, and no access to order or customer data.

Where translations are processed

Source text is sent to Anthropic's Claude API to be translated, then the result is stored in Loqua's per-shop database so it can be published to Shopify and reused from translation memory. Your content is not used to train any model. We send only the text that needs translating, plus the brand context you configure.

Sub-processors

  • Anthropic, for the Claude API that performs translation.
  • Our hosting provider, which runs the Loqua application and database.
  • Resend, for transactional and support email.

We keep this list current. If we add or change a sub-processor that handles your content, we update this page.

Encryption and access

Content is encrypted in transit. Any external secrets we hold for your shop are encrypted at rest with AES-256-GCM. Every call we make to Shopify, Anthropic, and other services is written to an internal audit log, so there is a record of what happened to your content and when.

Retention and deletion

We keep your translations and translation memory for as long as Loqua is installed, because that is what lets us avoid re-translating and re-charging for the same content. When you uninstall, Loqua removes every translation it registered on your store, with no leftover code and no orphaned hreflang tags. You can ask us to delete your stored data entirely at any time.

Compliance posture

Loqua is built by RSE Labs, a UK software studio. We follow Shopify's data-protection requirements for apps and apply GDPR-aligned handling to EU shopper-facing content. We are honest about where we are: we do not hold ISO 27001 or SOC 2 certifications today. If your procurement needs specific documentation, email us and we will tell you straight what we can and cannot provide.

See also our privacy policy and terms.