Privacy Policy

Last updated: March 24, 2026

This is a translation for convenience only. In the event of any conflict between this English translation and the original Korean version, the Korean version shall prevail.

myappclaw Inc. (hereinafter "Company") values the personal information of users and end-users and protects it in accordance with applicable laws. This policy explains the types of personal information the Company collects, the purposes of collection, and retention periods.

Article 1 (Personal Information Collected)

1. User (Business Administrator) Information

  • Required: Email address, password (stored encrypted), service name
  • Optional: Company name, contact person name, phone number
  • Automatically collected: Access IP, browser information, access time, service usage records

2. End-user Information

  • Conversation data: Content of conversations with the AI agent (stored per session)
  • Identification information: User ID passed by the user via JWT (optional)
  • Persona selection: AI persona selected by the end-user
  • LLM settings: LLM API key entered directly by the end-user according to widget_policy settings (stored encrypted)

Article 2 (Purposes of Collecting and Using Personal Information)

  • Service registration, authentication, and user identification
  • Providing AI agent conversation services
  • Monitoring and analyzing service usage
  • Customer support and inquiry handling
  • Service improvement and new feature development
  • Billing and payment processing
  • Fulfilling legal obligations

Article 3 (LLM Data Processing)

This service operates on a BYOK (Bring Your Own Key) model. End-user conversation content is sent to the API of the LLM provider (Anthropic, OpenAI, etc.) registered by the user for AI response generation.

  • The Company uses the user's API key for LLM API calls and does not use conversation content for training.
  • The data processing policies of LLM providers are governed by their respective privacy policies.
  • Enterprise plan users may use LLM keys provided by the Company, in which case a separate DPA (Data Processing Agreement) is executed.

Article 4 (Storage and Protection of Personal Information)

1. Storage Location

  • SaaS Plan (Free/Pro/Business): Supabase PostgreSQL (Seoul region, AWS ap-northeast-2)
  • Enterprise/Solution: User's own infrastructure (on-premises deployment)

2. Protection Measures

  • Transmission encryption: TLS 1.3
  • Data-at-rest encryption: Supabase default encryption (AES-256)
  • Access control: Tenant-level data isolation via Row-Level Security (RLS)
  • API authentication: Multi-factor authentication with API Key + JWT
  • Access log recording and monitoring

Article 5 (Retention Period of Personal Information)

  • Account information: Retained during the service usage period; destroyed within 30 days of termination
  • Conversation records: Retained during the service usage period; can be immediately deleted upon user request
  • Usage records: Retained for up to 1 year after anonymization for service improvement purposes
  • Payment records: Retained for 5 years in accordance with e-commerce regulations

Article 6 (Third-party Disclosure of Personal Information)

The Company does not, in principle, provide personal information to third parties without the user's consent. However, the following exceptions apply:

  • When the user has given prior consent
  • When required by law
  • When processed on consignment within the minimum scope necessary to provide the service (payment processing: Stripe, email delivery, cloud infrastructure: Supabase/Vercel/Railway)

Article 7 (User Rights)

Users and end-users may exercise the following rights:

  • Right of access: You may verify the status of your personal information processing.
  • Right to rectification: You may request correction of inaccurate personal information.
  • Right to erasure: You may request deletion of personal information (GDPR Right to Erasure).
  • Right to data portability: You may request export of personal information in JSON/CSV format.
  • Right to object: You may object to the processing of personal information for marketing purposes.

Rights may be exercised by contacting myappclaw@gmail.com and will be processed within 10 business days of receipt.

Article 8 (Use of Cookies)

The Company uses cookies for service authentication and to improve the user experience. Users may choose whether to allow cookies through their browser settings. Refusing cookies may limit some aspects of the service.

Article 9 (Privacy Officer)

  • Officer: Privacy Protection Team
  • Email: myappclaw@gmail.com
  • Report privacy violations: Korea Internet & Security Agency (privacy.kisa.or.kr), National Police Agency Cyber Bureau (cyberbureau.police.go.kr)

Article 10 (Policy Changes)

This Privacy Policy may be amended to reflect changes in laws or services. Changes will be announced in advance via in-service notices or email.

Addendum

This Privacy Policy takes effect on March 24, 2026.