osmu Privacy Policy
Effective Date: January 1, 2025 Last Updated: January 1, 2025
Agnome (hereinafter "Company") values users' personal information and complies with applicable laws including the Korean Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, EU GDPR (General Data Protection Regulation), and US CCPA (California Consumer Privacy Act). This Privacy Policy describes how the Company handles personal information for the AI-based content translation and transformation service osmu (hereinafter "Service").
Article 1 (Personal Information Collected)
1. Required Information
| Collection Point | Information Collected | Purpose |
|---|---|---|
| Registration | Email address | Account creation, service usage, customer support |
| Service Usage | Input URLs, transformation results | Service provision |
| Payment | Payment method information (last 4 digits of card, card issuer) | Payment processing, refunds |
2. Optional Information
| Collection Point | Information Collected | Purpose |
|---|---|---|
| Profile Settings | Username, profile image | Personalized service |
| Customer Inquiries | Inquiry content, attachments | Customer support |
3. Automatically Collected Information
| Information Collected | Purpose |
|---|---|
| IP address, browser type, operating system | Service improvement, security |
| Cookies, access logs, usage records | Service optimization, statistical analysis |
| Device information | Service compatibility verification |
Article 2 (Methods of Collection)
The Company collects personal information through the following methods:
- Registration and Service Usage: Direct input by users
- Social Login: Information provided through OAuth providers such as Google and GitHub
- Payment: Payment information collection through LemonSqueezy
- Automatic Collection: Automatically generated and collected through cookies, logs, etc. during service usage
Article 3 (Purpose of Using Personal Information)
The Company uses collected personal information for the following purposes:
1. Service Provision
- Member identification and authentication
- URL content translation and transformation service provision
- Storage and retrieval of transformation results
2. Payment and Settlement
- Paid service payment processing
- Invoice issuance and payment history management
- Refund processing
3. Customer Support
- Inquiry response and complaint handling
- Announcements and service change notifications
- Dispute resolution
4. Service Improvement
- Service usage statistical analysis
- New feature development and quality improvement
- Personalized service provision
5. Legal Compliance
- Record retention according to applicable laws
- Response to legal disputes
Article 4 (AI and Data Processing)
1. No AI Model Training Guarantee
The Company does not use content entered by users for AI model training.
- URL content and translation results entered by users are processed solely for service provision purposes.
- External AI services used by the Company (OpenAI, Google Gemini/Vision, Anthropic Claude, etc.) are only those with enterprise/API contracts that do not use customer data for model training.
- The Company may add or change AI providers to improve service quality, and all AI providers must meet the same data protection standards (no model training, immediate deletion after processing).
2. Data Processing Methods
| Processing Stage | Processing Content | Data Retention |
|---|---|---|
| Content Analysis | Text/image extraction from URL | Only results stored after processing |
| AI Translation/Transformation | Transmission and processing via external APIs (OpenAI, Google, Anthropic) | Immediately deleted after processing (in compliance with API provider policies) |
| Result Storage | Final transformation results (caching) | Encrypted storage for user convenience (strictly isolated to the user, deleted upon request) |
3. Automated Decision-Making
This Service performs automated translation and content transformation using AI. Users may request modifications or re-translation of results.
Article 5 (Disclosure to Third Parties)
The Company does not disclose personal information to third parties without user consent in principle. However, personal information may be disclosed to the following parties only as necessary for service provision.
1. Required Disclosure for Service Operation
| Recipient | Server Location | Purpose | Information Provided | Retention Period |
|---|---|---|---|---|
| Clerk, Inc. | USA (AWS us-east-1) | User authentication and account management | Email, profile information | Until account deletion |
| Lemon Squeezy, LLC | USA | Payment processing and subscription management | Email, payment information | According to applicable laws after transaction ends |
| AI Service Providers (OpenAI, Google, Anthropic, etc.) | USA, etc. | Content translation, summarization, transformation | Text for translation | Immediately deleted after processing, not used for training |
| Supabase, Inc. | USA (AWS ap-northeast-2) | Database storage | All service data | Until account deletion |
2. Disclosure According to Law
Personal information may be disclosed in response to lawful requests from investigative agencies according to applicable laws.
Article 6 (International Transfer of Personal Information)
Users' personal information may be transferred overseas for service provision. The Company takes appropriate protective measures (Standard Contractual Clauses, etc.) to ensure safe processing of personal information.
| Recipient | Transfer Country | Server Location | Information Transferred | Transfer Purpose |
|---|---|---|---|---|
| Clerk, Inc. | USA | AWS us-east-1 | Email, profile | Authentication service |
| Lemon Squeezy, LLC | USA | - | Email, payment info | Payment processing |
| AI Service Providers (OpenAI, Google, Anthropic) | USA, etc. | - | Text/Image content | AI translation & transformation |
| Supabase, Inc. | USA | AWS ap-northeast-2 (Seoul) | Service data | Data storage |
Article 7 (Retention and Use Period)
1. Principle
The Company destroys personal information without delay after the purpose of collection and use has been achieved.
2. Retention Period
| Information | Retention Period | Legal Basis |
|---|---|---|
| Member account information | Until account deletion | Service provision |
| Transformation job records | Last 10 items (or user settings) | Service provision and convenience |
| Payment and transaction records | 5 years | Tax law and consumer protection laws |
| Login records | 3 months | Security and fraud prevention |
| Customer inquiry records | 3 years | Consumer protection |
3. Account Deletion
Upon account deletion, personal information is immediately destroyed. However, information required to be retained by law is separately stored for the required period.
Article 8 (Destruction of Personal Information)
1. Destruction Procedure
Personal information whose retention period has expired or processing purpose has been achieved is moved to a separate database and safely destroyed according to internal policies and applicable laws.
2. Destruction Methods
- Electronic files: Permanently deleted using methods that prevent recovery
- Paper documents: Shredded or incinerated
Article 9 (User Rights and Exercise Methods)
Users may exercise the following rights:
1. Rights
| Right | Description |
|---|---|
| Right to Access | Request to view personal information processing status |
| Right to Rectification | Request to correct inaccurate personal information |
| Right to Erasure | Request to delete personal information |
| Right to Restrict Processing | Request to stop processing of personal information |
| Right to Withdraw Consent | Withdraw consent for collection and use of personal information |
| Right to Data Portability | Request to transfer personal information |
2. How to Exercise Rights
- In-Service Settings: Direct modification/deletion through account settings page
- Email Request: Request via support@osmu.app
- Requests are processed within 10 days after identity verification.
3. Representatives
Legal representatives or authorized agents may exercise rights on behalf of users.
Article 10 (Cookies and Tracking Technologies)
1. What Are Cookies?
Cookies are small text files stored on users' browsers by websites, used for user identification and service improvement.
2. Purpose of Use
| Cookie Type | Purpose |
|---|---|
| Essential Cookies | Login status maintenance, security |
| Functional Cookies | Language settings, user preference storage |
| Analytics Cookies | Service usage statistics collection |
3. How to Refuse Cookies
Users can refuse cookie storage through browser settings. However, refusing essential cookies may limit service usage.
For users in the EU/EEA, non-essential cookies (such as analytics cookies) are collected only with explicit consent.
- Chrome: Settings > Privacy and Security > Cookies and other site data
- Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Preferences > Privacy
4. Do Not Track (DNT) Signals
Currently, the Company does not respond separately to browser "Do Not Track" signals. This is because industry standards for DNT have not been established. The response policy will be updated when standards are established.
Article 11 (Security Measures)
The Company takes the following measures to ensure personal information security:
1. Technical Measures
- Encryption: Personal information is transmitted through SSL/TLS encrypted communication.
- Access Control: Access rights to personal information are minimized.
- Security Programs: Security systems are operated to respond to hacking, malware, etc.
2. Administrative Measures
- Access Rights Management: Personal information handling staff are minimized and trained.
- Internal Management Plan: Internal management plans for personal information protection are established and implemented.
3. Physical Measures
- Data Center Security: Physical security measures of cloud service providers are utilized.
Article 12 (Children's Privacy Protection)
- The Company does not intentionally collect personal information from children below the legally permitted age in the user's country of residence. (e.g., 14 years old in Korea, 16 years old in Europe, 13 years old in USA)
- Children below the legally permitted age require legal guardian consent to use the Service.
- If personal information of children collected without legal guardian consent is identified, it will be immediately deleted.
Article 13 (Contact Information)
The Company has designated a Data Protection Officer for user privacy protection and complaint handling. For all inquiries regarding privacy and support, please contact:
| Item | Details |
|---|---|
| Data Protection Officer | support@osmu.app |
| General Support | support@osmu.app |
For Korean Users: You may also contact the following agencies for privacy-related concerns:
- Personal Information Infringement Report Center: privacy.kisa.or.kr (dial 118)
- Personal Information Dispute Mediation Committee: www.kopico.go.kr (1833-6972)
EU/EEA Users: You may lodge a complaint with your local Data Protection Authority (DPA).
California Users: You may contact the California Attorney General's office for privacy-related concerns.
Article 14 (GDPR Compliance - EU/EEA Users)
EU/EEA users have additional rights under GDPR (General Data Protection Regulation), including the right to restrict processing, right to object, and right to lodge complaints with supervisory authorities. For data transfers to the United States, the Company complies with appropriate safeguards (SCCs, etc.).
Article 15 (CCPA Compliance - California Residents)
The Company does not sell users' personal information. California residents have the right to request deletion and disclosure of collected personal information under CCPA, and will not be discriminated against for exercising these rights.
Article 16 (Language Priority)
This Privacy Policy may be provided in multiple languages. In case of any conflict in interpretation, the Korean version shall prevail.
Article 17 (Governing Law and Jurisdiction)
- Governing Law: This Privacy Policy and any disputes related to it shall be governed by and construed in accordance with the laws of the Republic of Korea.
- Jurisdiction: Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the Seoul Central District Court.
Article 18 (Changes to Privacy Policy)
- This Privacy Policy may be amended according to changes in laws, policies, or services.
- Changes will be announced through in-service notices or email at least 7 days before the effective date.
- For significant changes, notice will be given 30 days in advance.
Supplementary Provisions
This Privacy Policy becomes effective on January 1, 2025.
Agnome Address: 50-12, Ewhayeodae-gil, Seodaemun-gu, Seoul, Republic of Korea Email: support@osmu.app Website: https://osmu.app