AlphaJo Privacy Policy

Privacy Policy

Article 1 (General Provisions)

AlphaJo, operated by Hanjun Cho as a sole proprietor (hereinafter "Company"), establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act (under Korean law) in order to protect the personal information of data subjects and to handle related complaints promptly and effectively.

The Company may revise this Policy in response to changes in applicable law, changes in the purposes and methods of processing personal information, or other relevant developments. Any revisions will be announced via the Service and email.

Article 2 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. Personal information collected shall not be used for any purpose other than those stated below. If the purpose changes, the Company will obtain separate consent or take other necessary measures in accordance with Article 18 of the Personal Information Protection Act (under Korean law).

  1. Account Registration and Management: Verifying intent to register, identifying and authenticating Users, maintaining and managing membership, and preventing unauthorized use of the Service
  2. Service Provision: Providing Service features including document upload and AI analysis, Knowledge Base generation, AI chat, and document conversion
  3. Billing and Settlement: Processing Paid Service subscription payments, issuing invoices, and processing refunds
  4. Customer Support: Handling User inquiries and complaints, delivering notices
  5. Service Improvement: Analyzing Service usage statistics, developing new features, and improving Service quality

Article 3 (Personal Information Collected)

The Company collects the minimum personal information necessary to provide the Service.

CategoryItems CollectedRequired / Optional
Account Registration Username, email address, password (stored after bcrypt hashing) Required
Third-Party Sign-In Google account identifier (OpenID sub) and email when signing in with Google; Apple account identifier (sub) and email — including private relay addresses such as @privaterelay.appleid.com — when signing in with Apple. Display name is collected if returned by the provider. Required when using third-party sign-in
Paid Service Billing Payment information (billing key) — processed through PortOne payment gateway; credit card numbers are not stored by the Company. Required for Paid Service
Voice Input (AI Chat) Audio recordings captured by the user via the microphone for voice-to-text transcription in the AI chat feature. Recordings are forwarded to Cohere Inc. for speech-to-text processing (see Article 7 for processor details); after transcription, only the resulting text is retained with the chat session. Optional (only when the voice input button is used)
User-Uploaded Documents and Chat Messages Files uploaded by the User (PDF/DOCX/HWP/HWPX/XLSX/CSV/PPTX/audio, etc.) and their parsed text content, stored in the User's Pond. Chat messages and any document content the User chooses to load into the workspace are forwarded to Anthropic, PBC (Claude API) for AI analysis and reply generation. Assistant reply text is optionally forwarded to Google Cloud Text-to-Speech when the User taps the playback button. No User identifiers (name, email, account ID) are attached to any of these requests; see Article 7 for the full processor list. Optional (only when documents/messages are submitted)
Automatically Collected During Service Use IP address, access timestamps, Service usage logs, device information (browser type, OS) Automatically Collected

Note: The content of documents uploaded by Users to the Service is stored in the User's Pond (individual storage workspace) and processed for AI analysis. The Company does not use the content of User documents for any purpose other than providing the Service.

Article 4 (Methods of Collection)

The Company collects personal information through the following methods:

  • Direct input by the User during account registration
  • Collection through the payment gateway during the Paid Service billing process
  • Automatic collection of information generated during Service use

Article 5 (Retention and Use Period)

The Company will promptly destroy personal information once the purpose of its collection and use has been fulfilled. However, where retention is required under applicable law, the information shall be retained for the periods specified below.

Information RetainedRetention PeriodLegal Basis (under Korean law)
Records related to contracts or withdrawal of offers 5 years Act on Consumer Protection in Electronic Commerce
Records related to payment and supply of goods/services 5 years Act on Consumer Protection in Electronic Commerce
Records related to consumer complaints or dispute resolution 3 years Act on Consumer Protection in Electronic Commerce
Service access logs 3 months Protection of Communications Secrets Act
Transaction-related books and supporting documents required by tax law 5 years Framework Act on National Taxes
Records related to electronic financial transactions 5 years Electronic Financial Transactions Act

Article 6 (Disclosure to Third Parties)

The Company processes Users' personal information only within the scope of the purposes stated in Article 2 and, as a general rule, does not disclose personal information to third parties without the User's consent.

Exceptions include the following:

  • The User has provided prior consent
  • Disclosure is required by law, or a law enforcement agency has made a request through procedures prescribed by applicable law for investigative purposes
RecipientPurpose of DisclosureItems DisclosedRetention Period
PortOne / Payment Gateway Processing Paid Service payments Payment information (billing key) Until termination of the payment service

Article 7 (Data Processing Delegation)

The Company delegates certain tasks necessary for providing the Service to external service providers. When entering into delegation agreements, the Company stipulates necessary provisions for the secure management of personal information in accordance with the Personal Information Protection Act (under Korean law).

DelegateDelegated Tasks
PortOne Payment processing and billing key management
Cloudflare, Inc. Edge networking and Cloudflare Tunnel — request routing and TLS termination
Self-managed SMTP (operated by the Company) Sending verification and notification emails
Anthropic, PBC (United States) AI chat response generation — chat messages and any document content the User loads into their workspace are processed by Claude models for the sole purpose of producing the assistant reply. No User identifiers (name, email, account ID, IP address) are attached to these requests.
Cohere Inc. (Canada) Speech-to-text transcription — when the User taps the microphone button in chat, the captured audio is forwarded to Cohere's Transcribe API. After transcription, only the resulting text is retained.
Google LLC (United States) — Cloud Text-to-Speech Synthesis of assistant message audio playback — the text of an assistant message is sent to Google Cloud TTS when the User taps the playback button.
Functional Software, Inc. dba Sentry (United States) Crash reporting and error diagnostics. Personal identifiers are scrubbed before transmission (no email, name, or chat content; only crash stack traces and breadcrumbs).

Any changes to the delegated tasks or delegates will be disclosed through this Policy.

Article 8 (Disposal Procedures and Methods)

  1. The Company will promptly destroy personal information once the retention period has expired or the purpose of processing has been fulfilled.
  2. Disposal Procedure: Information entered by Users is transferred to a separate database (or placed under separate access restrictions) after the purpose has been fulfilled, retained for the period required by applicable law, and then destroyed.
  3. Disposal Methods:
    • Electronic files: Permanently deleted using technical methods that prevent recovery and reproduction
    • Printed documents: Shredded or incinerated

Article 9 (User Rights and How to Exercise Them)

  1. Users (data subjects) may exercise the following rights regarding their personal information at any time:
    • Right to access personal information
    • Right to request correction of personal information
    • Right to request deletion of personal information
    • Right to request suspension of processing of personal information
  2. These rights may be exercised through the Service settings or by email, and the Company will act on such requests without delay.
  3. If a User requests the deletion of personal information, the Company will destroy the relevant information without delay and will inform the User in advance that such deletion may result in restricted access to the Service.
  4. A User's rights may also be exercised through a legal representative or an authorized agent.
  5. Users shall not infringe upon the personal information of others processed by the Company in violation of the Personal Information Protection Act or other applicable laws.

Article 10 (Cookies and Automatic Collection)

  1. The Company stores a JWT (JSON Web Token) based authentication token in an httpOnly cookie to maintain the User's authenticated session.
  2. This cookie is used solely for Service login authentication and is not used to track User behavior or for advertising purposes.
  3. Users may refuse cookies through their web browser settings; however, doing so may prevent them from logging in to the Service.
  4. The Company does not use any behavioral tracking cookies or third-party tracking tools.

Article 11 (Security Measures)

The Company takes the following measures to ensure the security of personal information:

  • Password Encryption: User passwords are hashed using the bcrypt algorithm before storage; plaintext passwords are never retained.
  • Encryption in Transit: Personal information is transmitted over HTTPS (TLS) encrypted connections.
  • Access Control: Access to personal information is restricted to the minimum number of authorized personnel.
  • No Storage of Payment Credentials: Sensitive payment information such as credit card numbers is not stored on the Company's servers and is securely processed through PortOne.
  • Per-User Data Isolation: User documents and data are stored in individually isolated workspaces (Ponds).

Article 12 (Data Protection Officer)

The Company has designated the following Data Protection Officer to oversee the processing of personal information and to handle complaints and remedies related to Users' personal information:

FieldDetails
NameHanjun Cho
TitleFounder and Data Protection Officer
Contact[email protected], +82 10-3524-9531

Users may contact the Data Protection Officer listed above regarding any inquiries, complaints, or remedies related to personal information protection arising from the use of the Service.

Article 13 (Remedies for Rights Infringement)

Users may contact the following organizations (under Korean law) for remedies, consultations, and other assistance regarding personal information infringement:

OrganizationContactWebsite
Personal Information Infringement Report Center (Korea Internet & Security Agency) 118 (no area code) privacy.kisa.or.kr
Personal Information Dispute Mediation Committee 1833-6972 (no area code) www.kopico.go.kr
Supreme Prosecutors' Office Cybercrime Investigation Division 1301 (no area code) www.spo.go.kr
National Police Agency Cyber Investigation Bureau 182 (no area code) ecrm.police.go.kr

Article 14 (Changes to This Policy)

  1. This Privacy Policy may be updated to reflect changes in applicable law, policies, or security practices.
  2. Any changes will be announced through the Service at least 7 days prior to the effective date. For material changes affecting Users' rights, notice will be provided at least 30 days in advance.

Supplementary Provisions

This Privacy Policy shall take effect on March 29, 2026.

Privacy Policy | Terms of Service | Home