Privacy Policy

Effective: April 15, 2026 (Revised)

Posiki ("Company") establishes and discloses this Privacy Policy to protect users' personal information in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), and to handle related grievances promptly.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. Personal information will not be used for purposes other than those listed below, and additional consent will be obtained if the purpose changes.

  • Member registration and management: Member identification through email/password or Google login, service eligibility management
  • Service provision: App management and contact form management service
  • CLI tool provision: App registration and contact form creation support via CLI
  • Inquiry handling: Receiving and processing customer inquiries (including non-logged-in visitors)
  • Account integration: Automatic merging of accounts registered with the same email
  • Paid service payment processing: Pro plan subscription payment, refund processing, payment history management

Article 2 (Personal Information Collected)

The Company collects the following personal information:

1. Email/password registration:

  • Required: email address, password (encrypted), display name

2. Google login:

  • Required: email address, display name

3. Automatically collected:

  • Service usage records, access logs

4. When submitting inquiries (logged-in and non-logged-in):

  • Email address, inquiry content

5. CLI tool usage:

  • Authentication token (auto-generated)

6. Paid service (Pro plan) payment:

  • Lemon Squeezy customer ID, subscription ID
  • Subscription status (active/cancelled/expired), billing cycle end date
  • Payment-related email address

※ Sensitive payment information such as credit card numbers is not collected by the Company; it is processed by Lemon Squeezy in accordance with PCI DSS standards.

Article 3 (Retention and Usage Period)

The Company destroys personal information without delay once the purpose of collection and use has been achieved.

  • Member information: Destroyed immediately upon withdrawal
  • Inquiry records: Retained for 3 years after resolution (E-Commerce Act)
  • Service usage records: 3 months
  • Payment records: 5 years per applicable tax laws
  • Subscription information: Retained for 3 months after expiration, then destroyed

Article 4 (Destruction Procedures and Methods)

The Company destroys personal information without delay when it is no longer needed.

  • Destruction procedure: Unnecessary personal information is destroyed within 5 days of being deemed unnecessary.
  • Destruction method: Electronic file information is destroyed using technical methods that prevent reproduction.

Article 5 (Provision to Third Parties)

The Company does not provide users' personal information to third parties in principle. Exceptions include:

  • When the user has given prior consent
  • When required by law or requested by investigative authorities following legal procedures

The following third-party services are used during service operation:

  • Anthropic Claude API: App information (name, description, features) is transmitted for AI features. No personal information is transmitted.
  • Google Firebase: Authentication, database, hosting
  • Lemon Squeezy (Lemon Squeezy, LLC): Paid service payment processing (Merchant of Record). Information transmitted: email address, user unique ID.

Article 6 (Rights and Obligations of Data Subjects)

Users may exercise the following rights as data subjects:

  • Request to access personal information
  • Request correction of errors
  • Request deletion
  • Request to suspend processing

Rights may be exercised through the "Delete Account" function on the settings page or by emailing the Data Protection Officer below.

Article 7 (Security Measures)

The Company takes the following measures to ensure the safety of personal information:

  • Password encryption: Member passwords are encrypted for storage and management.
  • Sensitive data encryption: Personal information collected from inquiries (email, content) is stored with AES-256 server-side encryption.
  • Access restriction: Access to systems processing personal information is restricted.

Article 8 (Use of Cookies)

The Company uses only essential cookies for service operation and does not collect separate analytics cookies.

Article 9 (Data Protection Officer)

  • Role: Data Protection Officer
  • Email: admin@nanokit.work

Article 10 (Remedies for Rights Infringement)

For reports or consultations regarding personal information infringement, please contact the following organizations:

  • KISA Privacy Center: privacy.kisa.or.kr / 118
  • Personal Information Dispute Mediation Committee: www.kopico.go.kr / 1833-6972
  • Supreme Prosecutors' Office Cyber Investigation Division: www.spo.go.kr / 1301
  • National Police Agency Cyber Bureau: ecrm.police.go.kr / 182

Article 11 (Changes to Privacy Policy)

This Privacy Policy is effective from April 15, 2026. Changes will be announced through website notices.