PLARO Privacy Policy
PLARO ("the Company") processes personal information and service data that are necessary to operate its web and app services. This policy explains, based on the actual operation of the service, the categories collected, purposes of use, retention periods, external processors, and user rights.
1. Personal Information We Collect
- Account information: name, email, password (stored in hashed form), language preference, and timezone
- Social login information: a provider identifier from Google, Kakao, Facebook, or similar providers, plus email and provided name or nickname
- Service content: notes, calendar events, challenges, AI conversations, file metadata, links, support inquiries, and other data that users input into or store in the service
- Recording feature data: uploaded audio files, transcripts, segments, AI summaries, titles, timestamps, and related data generated in the recording workflow
- Billing and subscription information: product name, plan status, order/subscription identifiers, payment amount and currency, payment timestamp, and metadata needed for refunds and billing support
- Device and access environment information: IP-based access information, browser and OS details, feature usage logs, error logs, language, and timezone
- Abuse prevention information: device identifiers (via cookie/localStorage), email-domain information, hashed device/IP/browser signals, and risk scores used to prevent signup abuse and free-benefit abuse
2. Purposes of Using Personal Information
- User identification, login/authentication, account management, and account security
- Providing core features such as notes, calendars, challenges, recordings, files, links, and AI features
- Handling AI requests such as summarization, organization, generation, transcription, translation, and related quality improvements
- Processing paid plans, operating recurring billing, reviewing refunds, and providing customer support
- Ensuring service stability, analyzing errors, monitoring security, and preventing signup abuse and free-benefit abuse
- Legal compliance, dispute response, and protection of rights
3. Retention and Deletion
- Account data and general service data enter the deletion process without undue delay when the user deletes them or closes the account, unless retention is required by law or reasonably necessary for dispute handling.
- Recording audio files and transcripts are ordinarily retained for 30 days after transcription is completed and may be deleted sooner if the user deletes them earlier.
- Signup risk hashes and free-benefit abuse prevention logs are retained for up to 180 days for security and operational purposes and then deleted.
- Billing and refund-related data may be retained separately as required by law, payment processor obligations, accounting needs, or dispute handling.
4. External Processors and Overseas Processing
- The Company does not sell personal information and uses external processors only to the extent necessary to provide the service.
- Google: related data may be processed to provide Google login and Gemini-based AI features.
- OpenAI: related data may be processed to provide certain AI features such as text generation, speech-to-text, and text-to-speech.
- Creem: related information may be processed for paid billing, recurring payments, refunds, and billing metadata management. The Company does not directly store full payment instrument details such as card numbers.
- Cloudflare: related data may be processed for Turnstile CAPTCHA, security protection, and parts of traffic handling or storage infrastructure.
- Facebook, Kakao, and other social login providers: the minimum data needed for login authentication and account-link handling may be processed.
- These processors may handle data domestically or overseas, and users may choose whether to use features that rely on such processing.
- When required by law, the Company may provide or preserve information to the extent necessary.
5. Cookies, Local Storage, and Similar Technologies
- The Company may use cookies and local storage for session continuity, language preference, security, and abuse prevention.
- Examples include storing language preference, retaining a device identifier, CSRF protection, and preserving security verification state.
- You may restrict cookies in browser settings, but some login and security features may not work correctly.
6. User Rights and How to Exercise Them
- Users may request access, correction, deletion, or restriction of processing of their information to the extent allowed by applicable law.
- Users may close their account or delete certain data directly from the account area, and may use support channels for additional requests when needed.
- Users of Google/Kakao/Facebook social login may also need to disconnect the app or revoke access in each provider’s account settings. Deleting a PLARO account does not itself delete the user’s separate social provider account.
- Facebook linked data deletion guide: https://plaro.kr/facebook/data-deletion
7. Contact
Privacy-related inquiries can be submitted through the in-service admin inquiry feature or by email at hyunjaeyoo@plaro.kr.