Privacy Policy

Effective Date: 2025-08-12

Last Updated: 2025-08-12

1. General

The Daigest service operated by Darak ("Company") complies with relevant laws including the Personal Information Protection Act and collects/uses only minimal information. This policy explains collection items, purposes of use, retention/destruction, third-party provision, cookies, and security measures.

2. Items Collected, Purpose and Retention Period

  • Member Registration: Email (required), email/public profile (name, etc.) for Google login - Until membership withdrawal
  • Service Use: Integration identifiers (e.g., Notion workspace/page, Slack team/channel/user, GitHub repository, URL, RSS feed), notification settings (language/timezone/time), document results (including transmission history) - Until membership withdrawal
  • Customer Support: Email, inquiry details - Up to 3 years after withdrawal (dispute resolution)
  • Payment (Paid): Payment approval information and transaction records (sensitive payment information processed by payment provider, Company retains minimal information) - Up to 5 years after withdrawal (E-commerce Act)
  • Automatic Collection: Access logs (IP, browser/OS, usage time), device information, service error/performance logs, etc. - Until membership withdrawal
  • Collection Methods: Direct input by members, OAuth consent, integration API, automatic collection during service use

3. Purpose of Use and Legal Basis for Processing

  • Core Functions: Authentication/account management, integration service (Notion/Slack/GitHub/URL/RSS) data collection, AI-based document generation and updates, settings application (Contract Performance)
  • Customer Support/Notices: Inquiry processing, notice delivery (Contract Performance and Legitimate Interests)
  • Security/Quality: Performance monitoring, error analysis, service improvement (using de-identification/aggregation where possible) (Legitimate Interests)
  • Legal Compliance: Payment and transaction record retention, dispute response, etc. (Legal Obligation)

※ Personal information processing is based on legal grounds under GDPR Article 6 (contract performance, legal obligation, legitimate interests).

4. Third-Party Provision

We do not provide to third parties without member consent or legal basis. Exceptions apply only for lawful requests from investigative agencies, protection of life/body, etc. as permitted by law.

5. Processing Entrustment

We may entrust processing within the necessary scope for service operation, implementing processor management/supervision and security measures.

  • Database Storage/Management: Supabase - AWS Northeast Asia (Seoul Region, Korea)
  • Email Delivery: Amazon SES (USA)
  • AI Document Processing: Google Cloud (Vertex AI - Gemini) - USA
  • Payment Processing: Toss Payments (Korea), Polar (USA)
  • Web Analytics: Google Analytics (USA) - Only anonymized statistical data collected

※ Processors handle only the minimum information necessary for service provision and destroy it without delay upon contract termination.

6. Cookies

  • We use only first-party cookies (for essential purposes such as session maintenance, login status, basic settings storage).
  • We do not use third-party advertising/tracking cookies.
  • You can change cookie acceptance in browser settings, but some features may be restricted.

7. Retention Period and Destruction

  • Principle: Promptly deleted upon purpose achievement or member withdrawal
  • Exceptions (Legal Retention): E-commerce related transaction/payment records retained for legally required periods then destroyed
  • Destruction Method: Electronic files permanently deleted in unrecoverable manner (overwriting, etc.), printed materials shredded/incinerated
  • Separate Storage: Legally required retention items stored separately from other purposes, use for other purposes prohibited

8. Data Storage Location

All member data is stored in Supabase database located in AWS Northeast Asia (Seoul region). We protect data sovereignty using local servers, and will proceed with advance notice and consent procedures if overseas transfer is needed for service expansion.

9. Data Rights (Access, Correction, Deletion)

  • Members can request viewing/correction/deletion/processing suspension of their personal information and document results through the Service's settings or customer center.
  • Upon withdrawal, customer content and document results are promptly deleted, with exceptions for legally required retention.
  • For organizational accounts, organization administrators may manage ownership and access.

Additional Regional Rights

  • EEA/UK Residents: Have rights to data access, rectification, erasure, restriction of processing, objection to processing, and lodging complaints with supervisory authorities under GDPR.
  • California Residents: Have rights to request information about personal information collection and sale, deletion requests, and non-discrimination under CCPA.

10. Security Measures

  • Access control/permission management (minimum privileges, access record management)
  • Encryption (TLS for transmission, one-way for passwords, encryption for sensitive information storage)
  • Infrastructure security (firewall, intrusion detection, regular inspection)
  • Administrative protection (internal management plan, employee training, incident response process)

11. Automated Processing and AI Use

  • The service uses AI (Google Gemini, etc.) to automatically generate and update documents based on data from integrated services.
  • AI document processing is used only for service provision purposes, and members can request modifications to generated documents.
  • The Company does not use customer content or generated documents for model training.

12. Children's Personal Information

This service is available only to those 13 years or older. Children under 14 require legal guardian consent. We do not intentionally collect personal information from children under 13, and will immediately delete if discovered.

13. Personal Information Protection Officer

  • Officer: Kang Sangkwon
  • Contact: help@daige.st

Personal information infringement reports/consultations are also available through public institutions such as KISA (118), Personal Information Dispute Mediation Committee (1833-6972).

14. Notice and Revision

This policy applies from the above effective date. Significant changes will be notified at least 30 days in advance, general changes 7 days in advance.