Privacy Policy

1. General

The Daigest service operated by Darak ("Company") complies with relevant laws including the Personal Information Protection Act and collects/uses only minimal information. This policy explains collection items, purposes of use, retention/destruction, third-party provision, cookies, and security measures.

2. Items and Methods of Collection

• Member Registration: Email (required), email/public profile (name, etc.) for Google login
• Service Use: Integration identifiers (e.g., Notion workspace/page, Slack team/channel/user, Figma file/project ID), notification settings (language/timezone/time), summary results (including transmission history)
• Payment (Paid): Payment approval information and transaction records (sensitive payment information processed by payment provider, Company retains minimal information)
• Automatic Collection: Access logs (IP, browser/OS, usage time), device information, service error/performance logs, etc.
• Collection Methods: Direct input by members, OAuth consent, integration API, automatic collection during service use

3. Purpose of Use and Legal Basis for Processing

• Core Functions: Authentication/account management, integration data collection, summary generation and email/Slack transmission, settings application (Contract Performance)
• Customer Support/Notices: Inquiry processing, notice delivery (Contract Performance and Legitimate Interests)
• Security/Quality: Performance monitoring, error analysis, service improvement (using de-identification/aggregation where possible) (Legitimate Interests)
• Legal Compliance: Payment and transaction record retention, dispute response, etc. (Legal Obligation)
• With Optional Consent: Newsletter/event announcements (can be unsubscribed at any time) (Consent)

※ Personal information processing is based on legal grounds under GDPR Article 6 (contract performance, legal obligation, legitimate interests, consent).

4. Third-Party Provision

We do not provide to third parties without member consent or legal basis. Exceptions apply only for lawful requests from investigative agencies, protection of life/body, etc. as permitted by law.

5. Processing Entrustment

We may entrust processing within the necessary scope for service operation, implementing processor management/supervision and security measures.

• Database Storage/Management: Supabase - AWS Northeast Asia (Seoul Region)
• Email Delivery: (To be specified when used: e.g.) Amazon SES / SendGrid etc.
• Slack Transmission: Slack API (processing minimal information necessary for notification delivery)

※ When actual processors are confirmed, company name/contact/transfer country (if applicable)/retention period will be updated/notified in this policy.

6. Cookies

• We use only first-party cookies (for essential purposes such as session maintenance, login status, basic settings storage).
• We do not use third-party advertising/tracking cookies.
• You can change cookie acceptance in browser settings, but some features may be restricted.

7. Retention Period and Destruction

• Principle: Immediately destroyed upon purpose achievement or member withdrawal
• Exceptions (Legal Retention): E-commerce related transaction/payment records retained for legally required periods then destroyed
• Destruction Method: Electronic files permanently deleted in unrecoverable manner (overwriting, etc.), printed materials shredded/incinerated
• Separate Storage: Legally required retention items stored separately from other purposes, use for other purposes prohibited

8. Data Storage Location

All member data is stored in Supabase database located in AWS Northeast Asia (Seoul region). We protect data sovereignty using domestic servers, and will proceed with advance notice and consent procedures if overseas transfer is needed for service expansion.

9. Data Rights (Access, Correction, Deletion)

• Members can request viewing/correction/deletion/processing suspension of their personal information and summary results through in-service settings or customer center.
• Upon withdrawal, customer content and summary results are immediately deleted, with exceptions for legally required retention.
• For organizational accounts, organization administrators may manage ownership and access.

10. Security Measures

• Access control/permission management (minimum privileges, access record management)
• Encryption (TLS for transmission, one-way for passwords, encryption for sensitive information storage)
• Infrastructure security (firewall, intrusion detection, regular inspection)
• Administrative protection (internal management plan, employee training, incident response process)

11. Automated Processing and AI Use

• The service uses AI (OpenAI GPT, Anthropic Claude, Google Gemini, etc.) to automatically summarize changes from integrated services.
• AI summaries are used only for service provision purposes, and members can request modifications to summary results.
• The Company will not use customer content or summary results for model training, public cases, or marketing without explicit opt-in consent from members.
• Members can withdraw consent at any time even after giving it, and the Company will stop within a reasonable period (technical limitations of base model weights will be separately notified).

12. Children's Personal Information

This service is available only to those 13 years or older. Children under 14 require legal guardian consent. We do not intentionally collect personal information from children under 13, and will immediately delete if discovered.

13. Personal Information Protection Officer

• Officer: Kang Sangkwon
• Contact: help@daige.st

Personal information infringement reports/consultations are also available through public institutions such as KISA (118), Personal Information Dispute Mediation Committee (1833-6972).

14. Notice and Revision

This policy applies from the above effective date. Significant changes will be notified at least 30 days in advance, general changes 7 days in advance.