PLARO Privacy Policy
PLARO processes personal information and service data needed to provide the service. This Policy explains categories collected, purposes, retention, processors, user rights, and security measures.
1. Controller Information
- Company name: PLARO
- Representative: Hyunjae Yoo
- Privacy officer: Hyunjae Yoo
- Business address: 6, Bongo-daero 283beon-gil, Seo-gu, Incheon, Building 2, Unit 905, Republic of Korea
- Phone: +82-10-8322-8776
- Contact email: hyunjaeyoo@plaro.kr
2. Information We Collect
- Account information: name, email, password hash, language, nationality, timezone, email verification status, social-login identifiers, and profile information.
- Service content: notes, events, participants, workspace and organization information, file and link metadata, uploaded files, AI conversations, support inquiries, and sharing or collaboration data.
- Recording and transcription data: audio files, meeting-session information, participants and speech segments, transcripts, translations, AI summaries, follow-up email drafts, titles, and timestamps.
- Billing information: plan, subscription status, order and subscription identifiers, amount, currency, payment and refund timestamps, and billing metadata. PLARO does not directly store full card numbers.
- Security and operations data: IP-based access data, browser and OS, cookie and local-storage identifiers, push subscription data, usage logs, error logs, risk scores, and hashed anti-abuse signals.
3. Purposes and Legal Bases
- Contract performance: user identification, login, service features, synchronization, collaboration permissions, subscription, billing, refunds, and support.
- Consent or optional features: recording and transcription, push notifications, AI summarization or generation, social login, translation, and model selection.
- Legitimate interests and legal obligations: security monitoring, error analysis, abuse prevention, service improvement, accounting, tax, dispute handling, and legal requests.
4. Processors and International Processing
- Depending on configuration, data needed for AI, STT/TTS, social login, meeting infrastructure, security checks, billing, email, storage, and push notifications may be transferred to external providers such as Google, Microsoft, OpenAI, DeepSeek, Xiaomi MiMo, Cloudflare Turnstile/R2, LiveKit, Creem, Amazon S3/SES, Postmark, Resend, SMTP, or browser push services.
- Processors may handle data in their infrastructure locations, and PLARO requires contractual and security safeguards where appropriate.
5. Retention and Deletion
- Account and general service data enter the deletion process without undue delay when the user deletes them or closes the account. Backups and logs may be delayed according to technical cycles.
- Recording audio files and transcripts are generally retained for 30 days after transcription completion and may be deleted earlier by the user.
- Signup risk signals, deleted social-account hashes, and free-benefit or refund-abuse prevention logs may be retained for up to 180 days for security and operations.
- Billing, refund, accounting, tax, and dispute records may be retained separately for periods required by law, payment processors, or rights protection.
6. Security Measures and Incident Response
- PLARO applies reasonable security measures such as access controls, authentication, encryption or hashing, audit logs, backups, vulnerability patching, rate limits, and CAPTCHA.
- If a security incident is confirmed and legal notice is required, PLARO will notify affected users and authorities as required and reasonably work to mitigate harm.
7. User Rights
- Users may request access, correction, deletion, restriction, withdrawal of consent, account closure, and push-notification opt-out to the extent provided by law.
- Requests may be sent to the contact email in this Policy. Some requests may be limited because of identity verification or legal retention obligations.
- Contact email: hyunjaeyoo@plaro.kr