Last Updated: 2026-01-22
1. Information We Collect
1) Required Information
•
Email address (may be collected as a required item depending on the login method selected by the user)
•
Name and profile information
•
Social login identifiers (Google, Kakao, LinkedIn, etc.)
•
Account authentication information
2) Optional Information
•
Email address (may be collected as an optional item for certain social login methods)
•
Profile image
•
Uploaded files and RAG reference documents
•
System prompts
•
Personal bio
※ Optional information is not required to use the Service.
3) Automatically Collected Information
•
Service usage records
•
IP address, device information, browser information
•
Cookies and analytics data
•
AI tool usage records (including tool type, number of calls, and usage timestamps)
•
Subscription product information, payment status, and refund history
•
AI tool usage history by authorized friends
2. Purpose of Processing Personal Data
We process personal data strictly for the following purposes.
The Service may involve automated processing of personal data to provide AI-based features.
Such processing is conducted solely for service functionality and does not produce legal or similarly significant effects on users.
1) Service Provision and Contract Performance
•
Providing personalized AI features
•
Generating AI responses based on RAG
•
Providing automation features
•
Account creation, authentication, and management
•
Processing subscriptions, payments, and refunds
※ The Company uses Retrieval-Augmented Generation (RAG) technology to generate AI responses. Data used for RAG is managed on a per-user basis and is deleted upon user request or account termination.
2) Service-Related Notifications (No Marketing Consent Required)
The following communications are essential for service operation and are not considered marketing or advertising:
•
Payment confirmations, failures, and refund notices
•
Security alerts and account protection notifications
•
Service outages, maintenance, or interruption notices
•
Updates to terms, policies, or legal notices
•
Notifications required to comply with legal or administrative obligations
3) Service Improvement and Statistical Analysis (De-identified)
•
Analysis of service usage patterns
•
Feature performance evaluation and optimization
•
Error analysis and system stability improvement
Such analysis is conducted in a de-identified or aggregated manner and is not used for marketing, advertising, or individual profiling purposes.
4) Use of Personal Data for Marketing and Promotional Purposes (Optional Consent)
The Company may use personal data for marketing purposes only where the user has provided explicit prior consent.
•
Notifications about new services, features, and updates
•
Information about events, promotions, and benefits
•
Personalized content and service recommendations
•
Communications via email and app push notifications
Consent may be withdrawn at any time.
5) Billing and AI Tool Usage & Data Processing Management
The Company processes personal data for the purposes of billing, usage management, and ensuring the stable operation of the Service in connection with the use of AI tools subscribed to by the user.
Users may allow the AI tools they have subscribed to be used by themselves or by friends explicitly authorized by the user. In this context, the Company may process the following information:
•
The user of the AI tool (the user or an authorized friend)
•
The time and amount of AI tool usage (e.g., number of calls)
•
Internal usage logs required for calculating remaining usage and billing
In addition, where the user permits the use of AI tools by a friend, RAG reference data associated with the friend’s account may be utilized in the process of generating AI responses.
In such cases, the use of RAG data is strictly limited to the purpose of generating AI responses based on the user’s request, and such data is managed separately on a per-account basis.
Such information is processed only to the extent necessary for the performance of the contract, and the Company does not store, access, review, or analyze the content of AI conversations or the specific content of AI-generated outputs.
3. Third-Party Sharing
The Company uses external service providers in connection with the processing of personal data for the provision of the Service. Depending on the role of each service provider, the legal nature and method of personal data processing may differ.
1) Payment Service Provider (Independent Data Controller)
The Company does not directly process payments. Paddle.com Market Limited acts as the Merchant of Record and directly collects and processes personal data required for payment processing.
The Company does not store or process users’ card information or payment method details. Instead, the Company receives and uses only limited payment result information necessary for service operation, such as payment completion status, subscription status, and payment identifiers.
Personal data collected and processed during the payment process is governed by Paddle’s own Privacy Policy.
2) International Transfer for AI-Based Features
For the purpose of providing AI-based features, the Company may transfer user-input data to servers operated by AI model providers located outside the user’s country of residence, where such input data may contain personal data.
The data that may be transferred includes:
● Internal identifiers generated for service use (e.g., user_id)
● Request identifiers and session information
● User-input content, such as text, files, and images
Such data is used in the course of processing AI responses, and the specific data handling practices may vary depending on the privacy and data usage policies of each AI model provider.
When selecting AI model providers, the Company refers to their policies regarding the purpose and scope of input data processing.
The transferred data is not retained beyond the period necessary to provide the relevant AI-based features.
3) Cloud and Infrastructure Service Providers (Data Processing on Behalf of the Company)
The Company may use cloud infrastructure service providers for service operation and data storage purposes.
In such cases, the Company entrusts the processing of personal data to these providers, who process personal data solely in accordance with the Company’s instructions and are subject to data protection obligations under applicable laws.
The Company engages only service providers that meet appropriate data protection standards and will notify users through this Privacy Policy if there are any material changes to the scope of outsourcing or the service providers involved.
4) Notice of Changes to Sub-processors
The Company may change external service providers or sub-processors that process personal data on its behalf.
If such changes occur, the Company will provide prior notice through service announcements or updates to this Privacy Policy.
Users may raise objections to such changes, and where there are legitimate grounds, may request restrictions on personal data processing or discontinue use of the Service.
The Company does not sell personal data.
4. Data Retention
•
General AI conversation content: retained for up to 30 days and then automatically deleted
•
Bookmarked or user‑saved conversations: retained until deletion by the user or account termination
•
Upon account deletion request: active data is deleted immediately
•
Backup data: deleted within up to 30 days
•
Payment and accounting records: retained for up to 5 years as required by law
5. Data Security
•
Encryption during transmission and storage (HTTPS / AES-256)
•
Access control based on the principle of least privilege
•
Regular security audits and vulnerability assessments
•
Notification in accordance with applicable laws in the event of a data breach
※ The Company does not access or review users’ AI conversation content during service operation. Conversation data is processed in a technically restricted environment where administrative access is not permitted, and is handled solely for the purpose of providing the Service and performing user-requested functions.
6. User Rights
Users may exercise the following rights at any time:
•
Request access to personal data
•
Request correction of personal data
•
Request deletion of personal data
•
Request restriction of processing
•
Exercise the right to data portability
Users residing in the European Union have the right to lodge a complaint with a supervisory authority in accordance with the GDPR.