Privacy Policy
Last Updated: May 2, 2026
Haru Studio ("Company") values the personal information of its users and complies with the Personal Information Protection Act and all other applicable laws and regulations.
1. Personal Information We Collect
The Company collects the following personal information for membership registration and provision of the Service.
Required Items
- Account Information: Email address (collected automatically via social login), social login identifier (Google, Apple, LINE)
- Profile Information: Nickname (entered by the user)
- Service Usage Records: Routines, to-dos, conversation history, memories (notes)
Optional Items
- Profile Photo URL: Collected from the social login provider
- Text Size Setting: Selected by the user
- Voice Data: Voice recordings used for AI conversations (deleted immediately after transmission)
Automatically Collected Items
- Device Information: Device identifier, OS version, device model, language settings
- Push Notification Token: FCM (Firebase Cloud Messaging) token
- Log Information: Service access time, usage history
2. Purpose of Collection and Use of Personal Information
- Service Provision: Member identification, AI conversation, routine and to-do management, memory storage
- Notification Delivery: Briefing, schedule reminders, care notifications via push notifications
- Subscription Management: Premium subscription payment processing and management
- Customer Support: Responding to inquiries, handling complaints, delivering announcements
- Legal Compliance: Retention of payment records, prevention of fraudulent use
3. Retention and Use Period of Personal Information
- Upon Withdrawal of Membership: Immediately deleted (except where retention is required by applicable laws, in which case the information will be retained for the applicable period).
- Retention Pursuant to Applicable Laws
- Act on Consumer Protection in Electronic Commerce: Records on payment and supply of goods (5 years)
- Protection of Communications Secrets Act: Login records (3 months)
- AI Conversation Records: Retained until the user deletes them or withdraws from the Service.
4. Provision of Personal Information to Third Parties
As a general rule, the Company does not provide users' personal information to third parties. Exceptions are made in the following cases:
- When the user has given prior consent
- When required by applicable law, or when requested for investigative purposes in accordance with the procedures and methods prescribed by law
5. Entrustment of Personal Information Processing
The Company entrusts the processing of personal information to the following companies in order to provide the Service.
| Entrusted Company | Entrusted Work |
|---|---|
| Supabase, Inc. | Database hosting, user authentication |
| Anthropic, PBC | AI conversation processing (Claude API) |
| Groq, Inc. | AI conversation processing (Groq API) |
| Google LLC | Push notifications (FCM) |
| RevenueCat, Inc. | Subscription payment management |
| Amazon Web Services | Cloud infrastructure |
The entrusted companies process personal information securely in accordance with applicable personal information protection laws and this Privacy Policy.
6. Rights of Users and Legal Representatives
Users may exercise the following rights at any time:
- Request to access personal information
- Request to correct or delete personal information
- Request to suspend the processing of personal information
- Request to withdraw from membership and delete personal information
These rights may be exercised through "Settings > Profile" in the Service or by sending a request to the email address below.
7. Procedures and Methods for Destruction of Personal Information
- Destruction Procedure: When a user requests withdrawal, personal information is destroyed immediately. In cases where retention is required by applicable laws, the information is stored separately in a dedicated database and destroyed after the retention period expires.
- Destruction Method: Electronic files are permanently deleted in a manner that prevents recovery. Paper documents are shredded or incinerated.
8. Measures to Ensure the Security of Personal Information
The Company takes the following measures to protect personal information:
- Encryption of personal information during storage and transmission (HTTPS/TLS)
- Minimization of access privileges and administrator authentication
- Installation and periodic updating of security programs
- Training and pledges for employees who handle personal information
9. Cookies and Similar Technologies
The Company uses only essential cookies on its website to improve user experience and does not use tracking cookies for advertising purposes.
10. Children's Personal Information
Children under the age of 14 may not use the Service without the consent of a legal guardian.
11. Chief Privacy Officer
- Name: Taewoo Kang
- Email: support@myharuapp.com
12. Changes to This Policy
If this Privacy Policy is amended, the Company will provide notice of such changes through in-service announcements and its website at least 7 days in advance.