Privacy Policy
Songonhae ("Company") complies with the Personal Information Protection Act and related regulations of the Republic of Korea. This Privacy Policy explains how we collect, use, store, and protect Users' personal information.
1. Information We Collect
| Category | Items | Method |
|---|---|---|
| Sign Up | Email, name, profile image | Google OAuth |
| Payment | Card brand, last 4 digits, payment email | Lemon Squeezy |
| Service Usage | Project info, interviews, PRD outputs | User input |
| Auto Collection | IP address, cookies, usage logs | Automatic |
2. Purpose of Collection and Use
- Member identification and authentication — for Service access
- Service provision — AI interviews, PRD generation, role-based documents
- Payment processing — subscription management, transaction history
- Customer support — handling inquiries and refunds
- Service improvement — statistical analysis using de-identified data
- Legal compliance — fulfilling legal obligations
3. Retention Period
- Member information: until account deletion
- Payment records: 5 years (per E-Commerce Act)
- Access logs: 3 months (per Communications Privacy Act)
- Project and interview data: until account deletion or User-requested removal
4. Third-Party Sharing
The Company does not share personal information with third parties. The following are processing partners only.
5. Processing Partners
| Partner | Purpose | Retention |
|---|---|---|
| Supabase Inc. | Authentication, database hosting | Until account deletion |
| Anthropic, PBC | AI interview and PRD generation | Discarded after processing |
| Lemon Squeezy | Payment processing | Per partner policy |
| Vercel Inc. | Web hosting and CDN | Until account deletion |
| Google LLC | OAuth authentication | Until account deletion |
6. User Rights
Users may exercise the following rights at any time:
- Right to access personal information
- Right to correct errors
- Right to deletion
- Right to restrict processing
Send requests to onhaesong@gmail.com. Requests are processed within 3 business days.
7. Data Disposal
- Electronic files: permanently deleted using non-recoverable methods
- Printed materials: shredded or incinerated
8. Cookies
The Company uses cookies to maintain login sessions and store user preferences. Users may refuse cookies through browser settings, but some Service features may be limited as a result.
9. Security Measures
- HTTPS encryption for all communications
- No password storage (Google OAuth only)
- No direct storage of payment information (Lemon Squeezy handles payments)
- Access control via Supabase RLS policies
10. Children's Privacy
The Company does not allow registration by children under 14. If we become aware of personal information collected from a child under 14, it will be deleted immediately.
11. Privacy Officer
12. Remedies for Privacy Infringements
For privacy-related disputes, you may contact:
- Personal Information Dispute Mediation Committee: 1833-6972 (privacy.go.kr)
- Korea Internet & Security Agency Privacy Center: 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office Cyber Investigation: 1301 (spo.go.kr)
- National Police Agency Cyber Bureau: 182 (ecrm.cyber.go.kr)
13. Changes to This Policy
This Privacy Policy may be updated to reflect changes in laws or company policies. Updates take effect when posted within the Service.