Privacy Policy

Last Updated: 2025-12-25

1. Introduction

K-HERE ("we," "us," or "our") operates the K-HERE website and mobile application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and complying with applicable data protection laws including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), Korea Personal Information Protection Act (PIPA), Brazil Lei Geral de Proteção de Dados (LGPD), and Japan Act on the Protection of Personal Information (APPI).

2. Data Controller Information

Company Name: [사업자명 / Business Name]

Representative: [대표자명]

Business Registration Number: [사업자등록번호]

Address: [주소]

Email: [email protected]

Phone: [전화번호]

3. Information We Collect

3.1 Information You Provide

When you sign in using Google OAuth, we receive:

  • Email address - Your Google account email
  • Display name - Your name as set in your Google account
  • Profile picture URL - Your Google profile image

3.2 Information Collected Automatically

  • Quiz performance data - Your answers, scores, and learning progress
  • Learning streak data - Your consecutive days of learning activity
  • Saved content - Korean sentences you save for later review
  • Language preference - Your chosen interface language (EN/JA/VI)
  • Device and browser information - Basic technical information for service delivery

3.3 Information We Do NOT Collect

  • Payment card details (processed by Paddle)
  • Location data (GPS)
  • Advertising or marketing tracking data
  • Third-party cookies for advertising purposes

4. How We Use Your Information

We use your personal information for:

  • Service delivery - To provide and maintain our Korean learning service
  • Account management - To manage your account and authentication
  • Personalization - To track your learning progress and customize content
  • Communication - To respond to your inquiries and support requests
  • Service improvement - To analyze usage patterns and improve our service
  • Legal compliance - To comply with applicable laws and regulations

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

  • Contract performance - Processing necessary to provide our service to you
  • Consent - Where you have given explicit consent (e.g., Google OAuth login)
  • Legitimate interests - For service improvement and fraud prevention
  • Legal obligation - When required by applicable laws

6. Third-Party Service Providers

We share data with the following third-party services:

Supabase (Backend & Database)

Stores your account data and learning progress.

Privacy: supabase.com/privacy

Google (Authentication & TTS)

Provides login authentication and text-to-speech service for Korean pronunciation.

Privacy: policies.google.com/privacy

Paddle (Payment Processing)

Processes subscription payments. We do not store your payment card details.

Privacy: paddle.com/legal/privacy

Vercel (Hosting)

Hosts our website infrastructure.

Privacy: vercel.com/legal/privacy-policy

7. International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States. We ensure appropriate safeguards are in place, including:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by data protection authorities
  • Service provider data protection agreements

8. Data Retention

  • Account data: Retained while your account is active, deleted upon account deletion request
  • Learning progress: Retained while your account is active
  • Payment records: Retained for 5 years as required by tax laws
  • Technical logs: Retained for 30 days for security purposes

9. Your Rights

9.1 Rights Under GDPR (EU/EEA Users)

  • Access - Request a copy of your personal data
  • Rectification - Request correction of inaccurate data
  • Erasure - Request deletion of your data ("right to be forgotten")
  • Portability - Receive your data in a structured format
  • Restriction - Request limitation of processing
  • Objection - Object to certain processing activities
  • Withdraw consent - Withdraw previously given consent

9.2 Rights Under CCPA (California Residents)

  • Know - Right to know what personal information is collected
  • Delete - Right to request deletion of your data
  • Opt-out - Right to opt-out of the sale of personal information
  • Non-discrimination - Right to not be discriminated against for exercising rights

Note: We do NOT sell your personal information. California residents can contact us at [email protected] to exercise their rights.

9.3 Rights Under Korean PIPA

  • Access - Request access to your personal information
  • Correction - Request correction of inaccurate information
  • Deletion - Request deletion or suspension of processing
  • Withdrawal - Withdraw consent for data processing

한국 이용자: 개인정보 관련 문의는 [email protected] 으로 연락해주세요.

9.4 Rights Under Japan APPI

  • Disclosure - Request disclosure of your retained personal data
  • Correction - Request correction, addition, or deletion of inaccurate data
  • Cessation - Request cessation of use or erasure of data
  • Third-party provision - Request records of third-party data provision

日本のユーザー: 個人情報に関するお問い合わせは [email protected] までご連絡ください。

9.5 Rights Under Vietnam PDPD (Decree 13/2023)

  • Consent - Right to consent or refuse processing of personal data
  • Access - Right to access and view your personal data
  • Correction - Right to request correction of inaccurate data
  • Deletion - Right to request deletion of personal data
  • Restriction - Right to restrict processing of personal data
  • Objection - Right to object to automated decision-making

Người dùng Việt Nam: Vui lòng liên hệ [email protected] để thực hiện quyền của bạn.

9.6 How to Delete Your Account

You can delete your account and all associated data through the following methods:

Method 1: In-App Deletion (Recommended)

  1. Log in to your K-HERE account
  2. Go to My Page (top-right menu)
  3. Scroll to Account Settings
  4. Click "Delete Account"
  5. Type DELETE to confirm
  6. Your account will be deleted immediately

Method 2: Email Request

  1. Send an email to [email protected] with subject "Account Deletion Request"
  2. Include your registered email address for verification
  3. We will process your request within 30 days

What gets deleted: Your profile, quiz history, saved sentences, streak data, and all personal information. This action is irreversible.

10. Children's Privacy

Our Service is not directed to children under 13 years of age (or 14 in Korea). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

For users aged 14-18 in Korea, parental consent may be required in accordance with PIPA.

11. Data Security

We implement appropriate security measures including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of data at rest
  • Secure authentication via Google OAuth
  • Regular security assessments
  • Access controls and audit logging
  • Row-Level Security (RLS) in our database

12. Automated Decision-Making

K-HERE may use automated processing in the following limited ways:

  • Quiz scoring: Your quiz answers are automatically evaluated against correct answers to calculate scores. This is essential for the learning service.
  • Learning progress tracking: We automatically track your completed quizzes and streak data to provide personalized learning insights.

No profiling for significant decisions: We do not use automated decision-making that produces legal effects or similarly significantly affects you. Subscription access is based solely on your payment status, not on profiling or automated analysis of your behavior.

Your rights: You have the right to request human review of any automated decisions. Contact us at [email protected] for assistance.

13. Cookies

We use essential cookies for authentication and session management. For detailed information about our cookie usage, please see our Cookie Policy.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

15. Contact Us

For any questions about this Privacy Policy or to exercise your data protection rights:

Email: [email protected]

Subject Line: Privacy Inquiry

We will respond to your request within 30 days (or sooner as required by applicable law).

16. Supervisory Authority

If you are in the EU/EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

For Korean users, complaints can be filed with the Personal Information Protection Commission (PIPC) at www.pipc.go.kr.

← Back to Home