Speak freely while Tiro captures every detail.
Privacy Policy
Privacy Policy
ThePlato Inc. ("Company") respects the freedom and rights of users and complies with the Personal Information Protection Act of Korea and all other applicable data protection laws (including, where applicable, the EU General Data Protection Regulation). We are committed to processing personal information in a transparent and secure manner. In accordance with Article 30 of the Personal Information Protection Act, the Company has established this Privacy Policy to inform users (data subjects) of how their personal information is handled and to address any related grievances promptly and effectively.
I. Purpose of Collection, Items Collected, and Retention Period of Personal Information
The Company collects and uses the minimum personal information necessary to provide the Service, and does not use personal data for purposes beyond those stated. If the purposes for processing personal information change, the Company will obtain the user's consent in advance as required by Article 18 of the Personal Information Protection Act.
1. Personal Information Collected with User Consent
The Company processes the following personal information based on user consent:
| Purpose of Collection | Items Collected | Retention and Use Period | Legal Basis |
|---|---|---|---|
| Account registration and Service use | Required: Email address, SNS account ID (Apple/Google/MS OAuth), name, contact information Optional: User ID, password, profile photo | Until membership withdrawal (account deletion) or as required by applicable law | User consent (PIPA Art.15(1)(1)) |
| Service usage records management | Access logs, IP address, service usage history, records of service suspension, cookies | 3 months (Communications Privacy Protection Act) or until membership withdrawal | User consent (PIPA Art.15(1)(1)) |
| Device information for optimization | MAC address, browser information, device model, OS, advertising ID, etc. | Until membership withdrawal | User consent (PIPA Art.15(1)(1)) |
| External service integration (optional) | Data from linked external services such as Google/Outlook Calendar events, Notion documents, Slack messages, Confluence pages, etc. | Until the linkage is removed or membership withdrawal | User consent (PIPA Art.15(1)(1)) |
- User-Provided Content: Please note that during use of the Service, a user may directly upload or input content that contains sensitive information, such as audio recordings, video, or system sound recordings. The Company does not use any such content for AI training, model improvement, marketing, or any other secondary purposes. Unless a user explicitly requests through customer support, the Company will not manually review or access the files containing this content. However, it is the user's responsibility to obtain any necessary consent from third parties before uploading or recording any content that includes someone else's voice, conversation, or other personal data.
2. Information Retained as Required by Law
The Company retains certain information for specified periods when required to do so under relevant laws, as follows:
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Records of contracts or subscription, cancellation of purchases, payment and supply of goods | 5 years | Act on Consumer Protection in Electronic Commerce, etc. |
| Records of consumer complaints or dispute resolution | 3 years | Same as above (Electronic Commerce Consumer Protection Act) |
| Records of labeling/advertising | 6 months | Same as above (Electronic Commerce Consumer Protection Act) |
| Website login records (IP address, etc.) | 3 months | Communications Privacy Protection Act, Art. 15-2 |
II. Provision of Personal Information to Third Parties
As a rule, the Company does not provide users' personal information to any third party. The Company will only disclose personal information to third parties in the following exceptional cases:
- When the user has given separate consent for the disclosure.
- When disclosure is required by applicable laws or regulations.
- When it is necessary to protect the life, body, or property of the user or a third party in cases of urgent danger and it is difficult to obtain the user's prior consent.
At present, the Company does not provide personal information to any third parties. If the Company ever needs to provide personal data to a third party in the future, it will notify the users in advance and obtain consent as required.
III. Outsourcing of Personal Information Processing (Entrustment)
The Company may outsource certain personal information processing tasks to external service providers in order to effectively provide the Service. In such cases, the Company enters into agreements with the providers to ensure compliance with privacy laws (pursuant to Article 26 of the Personal Information Protection Act), including obligations for data safety, confidentiality, prohibition of further outsourcing without permission, and oversight of the service providers. The Company regularly monitors these providers to ensure personal information is handled safely.
Current entrusted processors and their tasks are as follows:
| Entrusted Processor | Outsourced Task |
|---|---|
| PostHog | Analytics services (product usage analytics) |
| Google LLC | Analytics services (Google Analytics, Firebase) |
| AssemblyAI, Inc. | Service operation support (speech-to-text processing) |
| OpenAI OpCo, LLC | Service operation support (text processing) |
| Anthropic PBC | Service operation support (text processing) |
| Stripe, Inc. | Payment services (credit card payment processing) |
IV. International Transfer of Personal Information
For the purpose of service operation, the Company may transfer and store personal information on servers located outside of your country (for example, in the United States). Details of international data transfers are as follows:
| Recipient (Service) | Country | Time and Method of Transfer | Contact Information | Personal Data Transferred | Purpose of Transfer | Retention Period |
|---|---|---|---|---|---|---|
| Amazon Web Services, Inc. (AWS) | United States | Transferred to cloud servers in real time as the Service is used | aws-korea-privacy@amazon.com | Email, device information, logs, call data, etc. | Server hosting and data storage | Until termination of the service contract with the provider |
| Google LLC | United States | Automatically transferred via secure server connection during Service use | googlekrsupport@google.com | Email, device information, logs, etc. | Server hosting and data storage | Until termination of the service contract with the provider |
| AssemblyAI, Inc. | United States | Automatically transferred via secure server connection during Service use | support@assemblyai.com | Audio data (media content) | To provide speech-to-text processing for the Service | Until termination of the service contract with the provider |
| OpenAI OpCo, LLC | United States | Automatically transferred via secure server connection during Service use | privacy@openai.com | Text data (media content) | To provide language processing services for the Service | Until termination of the service contract with the provider |
| Anthropic PBC | United States | Automatically transferred via secure server connection during Service use | privacy@anthropic.com | Text data (media content) | To provide language processing services for the Service | Until termination of the service contract with the provider |
If you do not want your data to be transferred overseas, you may choose to disable or disconnect any external service integrations, or you may stop using the Service and delete your account. (Please note that certain functionalities of the Service may be unavailable if external integrations are disabled.)
V. Personal Information Destruction Procedures and Methods
The Company destroys personal information without delay when the retention period expires or the purposes of processing have been achieved. The procedures and methods for destruction are as follows:
- Electronic files: Deleted using technical methods that make recovery or restoration impossible.
- Paper records or printouts: Shredded or incinerated.
If any information is required to be retained by law beyond the usual retention period, the Company will store such information separately from other data and keep it safe for the legally mandated period before destruction.
VI. Rights of Users (Data Subjects) and Exercise of Rights
Users (as data subjects) have the following rights regarding their personal information, which they may exercise at any time:
- Right of access: The right to request access to and a copy of your personal information held by the Company.
- Right to rectification: If your personal information is inaccurate or incomplete, you have the right to request correction or update of that information.
- Right to erasure: The right to request deletion of your personal information, also known as the "right to be forgotten," subject to the conditions under applicable law.
- Right to restriction of processing: The right to request that the Company temporarily or permanently stop processing your personal information.
These rights can be exercised through the Service's interface (e.g., via the "My Account" or "My Info" settings page) or by contacting the Company via mail or email. The Company may need to verify your identity before fulfilling certain requests. In addition, depending on your jurisdiction, you may have additional rights not listed above. For example, users in the European Union have the right to data portability (to receive personal data in a structured, commonly used format) and the right to lodge a complaint with a supervisory authority. California residents have the right to request information about any disclosures of personal information to third parties for direct marketing and the right to opt-out of the sale of personal information (please note, however, that the Company does not sell personal data to third parties).
Note: The Service is not intended for children under the age of 14. The Company does not knowingly collect personal information from anyone under 14 years old (and in certain jurisdictions, the minimum age may be higher – for example, under 13 in the United States, such collection is restricted by law). The Service does not currently implement age verification or parental consent measures, so individuals under the applicable minimum age are prohibited from using the Service. If the Company becomes aware that it has collected personal information from a child under the age of 14 (or under the relevant minimum age), it will take immediate steps to delete that account and the associated information.
VII. Use of Cookies and Similar Technologies
The Company may use cookies and similar automatic data collection technologies to provide and improve the Service.
- Information Collected: Service usage data, access logs, device and browser information, and other usage details.
- Purpose of Use: To facilitate a personalized user experience (e.g., saving preferences), maintain session security, and perform statistical analysis of Service usage.
Users have the choice to refuse or delete cookies. You can manage your cookie preferences by adjusting your web browser settings to reject cookies or delete them. Please note that if you disable cookies, some features of the Service may not function properly.
VIII. Collection and Use of Behavioral Data
The Company does not currently collect or use any behavioral data for targeted advertising or profiling based on user behavior. If the Company later decides to collect behavioral information (for example, for personalized ads or advanced analytics), it will provide clear notice of such practices in an updated Privacy Policy. That notice would include details such as the types of data to be collected, purposes of use, retention period, and how users can opt out of such data collection.
IX. Personal Information Protection Officer and Contact Information
The Company has appointed a Personal Information Protection Officer who is responsible for overseeing the handling of personal data and addressing user inquiries or complaints regarding privacy.
- Name: Sangchul Kim
- Email: hello@theplato.io
For any questions, concerns, or requests related to your personal information, or to exercise your rights, you may contact the above individual or the Company's customer support. The Company will respond without undue delay to facilitate the prompt and smooth resolution of any issues.
X. Notification of Changes and Policy Revision
This Privacy Policy may be revised to reflect changes in law or changes to the Service's practices. In the event of any amendment, the Company will notify users of the changes at least 7 days in advance of the effective date of the new policy by posting a notice on the website or via email. For significant changes that affect users' rights (such as changes to the purposes of data use or disclosures to third parties), the Company will provide notice at least 30 days in advance.
- Notification Method: Announcements will be made on the official website and/or through direct communication (e.g., email) to users.
- Advance Notice for Material Changes: At least 30 days prior notice for important changes, in accordance with relevant regulations.
Effective Date: October 30, 2024