Privacy Policy

The Service collects the following personal information:

• Required items: Email address, name, profile photo (automatically provided through Google OAuth login)
• Information generated during service use: Schedule data, habit records, memory records, identity data, AI conversation records, AI conversation vector embeddings (for RAG search), token usage records, payment records
• Automatically collected information: Device information (browser type, OS), access logs (IP address, access time)

Collection methods: Automatic collection through Google OAuth authentication, direct input by Members within the Service, automatic generation during AI feature usage.

Collected personal information is used only for the following purposes:

• Service provision: Providing schedule management, habit improvement, memory savoring, identity building features and AI conversation services
• Member management: Identity verification, confirmation of registration intent, prevention of unauthorized use
• AI context search: Context-based response generation through vector embeddings of past conversation records (RAG)
• Fee settlement: Token usage tracking and paid subscription payment processing
• Service improvement: Feature improvement through usage statistics analysis (used only in non-identifiable form)

Personal information is destroyed without delay after the purpose of collection and use has been achieved. However, the following information is retained for the specified period:

• Upon member withdrawal: Immediately destroyed (all related data automatically deleted according to Supabase CASCADE policy)
• Retention under applicable laws: Records of contracts or withdrawal of subscription under the Electronic Commerce Act: 5 years; records of payment and supply of goods: 5 years; records of consumer complaints or dispute resolution: 3 years
• Protection of Communications Secrets Act: Access log records: 3 months

The Service does not, in principle, provide Members' personal information to third parties. However, the following third-party services are used for service operations:

• Google (Gemini API): Text transmission for AI conversation response generation. Aseity does not use user conversations to train AI models. Input and output data transmitted via the Google Gemini paid API (Paid Tier) is not used for model training and is processed in isolation within Google infrastructure pursuant to the Google Cloud Privacy Notice (https://cloud.google.com/terms/cloud-privacy-notice).
• Supabase: User authentication (Auth) and data storage (PostgreSQL). Data encrypted in transit (TLS 1.2+) and at rest (AES-256) on AWS infrastructure.
• Vercel: Web application hosting and serverless function execution infrastructure.
• PortOne, Inc.: Minimum payment information transmitted for domestic (Korea) paid payment processing (payment method information, transaction amount).
• PayPal, Inc.: Minimum payment information transmitted for international paid payment processing (payment method information, transaction amount, currency).

Members' personal information is not sold or shared with third parties for marketing, advertising, or commercial purposes.

The Service entrusts personal information processing as follows for smooth service provision:

Members may exercise the following rights at any time:

• Request for access: You can check all your data within the Service.
• Request for correction: You can request correction of inaccurate personal information.
• Request for deletion: You can directly delete conversation records or all data from Settings > Data.
• Request to suspend processing: You can request the suspension of personal information processing, though this may limit service use.
• Account withdrawal: All personal information is immediately destroyed upon account deletion.

These rights can be exercised through in-service settings or by contacting alswn127@snu.ac.kr.

When the retention period has expired or the processing purpose has been achieved, the relevant personal information is destroyed without delay.

• Electronic files: Permanently deleted using methods that prevent recovery and reproduction.
• Supabase data: Upon account deletion, the Member's data in the user_data, messages, user_credits, and credit_logs tables is automatically and completely deleted according to the CASCADE policy.
• localStorage: Browser cache data is removed when site data is cleared.

The Operator implements the following protective measures for safe processing of personal information:

• Transmission encryption: All data transmission is encrypted through HTTPS (TLS 1.2 or higher).
• Storage encryption: Supabase database encryption (AES-256) is applied.
• Access control: Data is completely isolated between Members through Supabase Row Level Security (RLS). Each Member can only access data attributed to their own user_id.
• Authentication security: Sessions are managed through JWT (JSON Web Token)-based authentication with automatic token renewal.
• API key protection: API keys for external services (Gemini, Supabase, PortOne) are used only server-side and are not exposed to the client.

In accordance with Article 22-2 of the Personal Information Protection Act of the Republic of Korea, the Operator does not process personal information of children under 14 as a matter of principle.

• Aseity does not knowingly collect personal information from children under 14. The Service is intended for users aged 14 and older.
• Users under 14 may not use the Service without the consent of a legal guardian. At sign-up, users must confirm that they are at least 14 years old.
• If we become aware that a child under 14 has provided personal information without legal guardian consent, we will delete the information and terminate the associated account without delay.
• Legal guardians may contact alswn127@snu.ac.kr to request access, correction, deletion, or suspension of processing of the child's personal information.

For complaints, remedies for damages, or requests for access regarding personal information processing, please contact us below:

• Email: alswn127@snu.ac.kr

For reports or consultations regarding personal information infringement, you may contact the following organizations:

• Personal Information Infringement Report Center (privacy.kisa.or.kr / 118)
• Personal Information Dispute Mediation Committee (kopico.go.kr / 1833-6972)
• Supreme Prosecutors' Office Cyber Investigation Division (spo.go.kr / 1301)
• National Police Agency Cyber Bureau (ecrm.police.go.kr / 182)