HAERA Privacy Policy
Effective Date: June 19, 2025
HAERA (hereinafter referred to as "Company") establishes and discloses the following privacy policy to protect the personal information of data subjects and to promptly and smoothly handle related grievances in accordance with Article 30 of the Personal Information Protection Act.
1. Purpose of Processing Personal Information
The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, necessary measures such as obtaining separate consent will be implemented in accordance with Article 18 of the Personal Information Protection Act.
- Providing app services and user identification
- Providing push notification services
- Service improvement and personalized content provision
- Advertising service provision and personalization
- Customer inquiries and complaint handling
- Statistical analysis for service quality improvement
- Prevention of fraudulent use and security enhancement
- Providing AI-powered math problem solving services
2. Processing and Retention Period of Personal Information
Personal Information Items Processed
- Required Information: Email, Device ID, Push notification token, Country information
- Optional Information: Name
- Camera Images: Images captured for AI math problem solving purposes
Retention Period
- Until membership withdrawal (however, information that needs to be preserved according to relevant laws will be preserved for the statutory preservation period)
- Camera Images: Stored only on the device and not transmitted to external servers. Users can delete them directly.
- Preservation period according to laws:
- Records related to consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce)
- Service usage records, access logs: 3 months (Protection of Communications Secrets Act)
3. Provision of Personal Information to Third Parties
The Company does not provide users' personal information to external parties in principle. In particular, images captured by the camera are processed only on the device and are not provided to third parties. However, exceptions are made in the following cases:
Essential Partners for Service Provision
| Recipient | Purpose of Provision | Personal Information Items Provided | Retention and Usage Period |
|---|---|---|---|
| Google LLC | App service analysis, advertising services | Device ID, Country information | Until purpose is achieved |
| Firebase (Google) | Push notification service, app analysis | Push token, Device ID | Until purpose is achieved |
| Amazon Web Services | Server hosting and data storage | Email, Name, Device information | Until purpose is achieved |
4. Consignment of Personal Information Processing
The Company consigns personal information processing tasks as follows for smooth personal information business processing:
| Consignee | Consigned Task | Personal Information Retention and Usage Period |
|---|---|---|
| Amazon Web Services | Server hosting and data storage | Until consignment contract termination |
| Google Firebase | Push notification delivery, data analysis | Until consignment contract termination |
5. Rights and Duties of Data Subjects and Methods of Exercise
Users can exercise the following rights as personal information subjects:
- Right to request suspension of personal information processing
- Right to request access to personal information
- Right to request correction and deletion of personal information
- Right to request suspension of personal information processing
The above rights can be exercised in writing or via email in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take measures without delay.
Contact: [email protected]
6. Personal Information Items Processed
Personal Information Collected During App Use
- Collection Method: Automatically collected during app installation and usage
- Collection Items:
- Required: Email, Device ID, Push notification token, Country information
- Optional: Name
- Collection Purpose: App service provision, push notification delivery, personalized service provision
7. Destruction of Personal Information
The Company destroys personal information without delay when the purpose of personal information processing is achieved in principle. The procedures, deadlines, and methods of destruction are as follows:
Destruction Procedure
Information entered by users is transferred to a separate DB after achieving the purpose (separate documents in case of paper) and stored for a certain period according to internal policies and other relevant laws, or destroyed immediately.
Destruction Deadline
When personal information becomes unnecessary due to achievement of processing purposes, abolition of the service, termination of business, etc., it will be destroyed within 5 days from the date when the processing of personal information is deemed unnecessary.
Destruction Method
Information in electronic file format uses technical methods that cannot reproduce records.
8. Personal Information Protection Officer
The Company designates a Personal Information Protection Officer as follows to take overall responsibility for personal information processing and to handle complaints and remedy damages related to personal information processing by data subjects:
Personal Information Protection Officer
- Name: HAERA Representative
- Contact: [email protected]
Data subjects can contact the Personal Information Protection Officer regarding all personal information protection-related inquiries, complaint handling, damage remedy, etc. that occur while using the Company's services.
9. Changes to Privacy Policy
This privacy policy is applied from the effective date, and when there are additions, deletions, and corrections to changes according to laws and policies, it will be announced through notices from 7 days before the implementation of changes.
10. Security Measures for Personal Information
The Company implements the following technical/administrative and physical measures necessary to secure safety in accordance with Article 29 of the Personal Information Protection Act:
Administrative Measures
- Minimization and training of personal information processing staff
- Operation of Personal Information Protection Officer
Technical Measures
- Access authority management for personal information processing systems
- Installation of access control systems
- Encryption of personal information
- Installation and update of security programs
Physical Measures
- Access control to computer rooms, data storage rooms, etc.
11. International Transfer
The Company transfers personal information internationally as follows for service provision:
- Transfer Countries: United States, Japan, Hong Kong
- Recipients: Google LLC, Amazon Web Services Inc.
- Transfer Purpose: App service provision, data analysis, advertising services
- Personal Information Items Transferred: Device ID, Country information, Push token
- Retention and Usage Period: Until service provision purpose is achieved
This policy is effective from June 19, 2025.
Contact: [email protected]