Privacy Policy

1. General Principles

The Service complies with applicable privacy laws and processes personal data only to the minimum extent necessary to provide and operate the Service.

2. Personal Data We Collect

• Account identity data: name, email address, profile image, account identifiers
• Profile/learning data: nickname, nationality, gender (optional), study goal, Korean level, timezone
• Service usage data: lesson booking/cancellation/status history, credit usage, chat messages, notifications
• Payment data: PayPal order/capture IDs, payment amount/currency, promo usage records
• Operational and security data: login sessions, OAuth tokens when required, access/error logs

3. Collection Methods

• Google OAuth login and account linking
• User input during profile setup, booking, payment, and chat usage
• Support and customer communication
• Automatically generated service logs

4. Purposes of Processing

• Authentication, account security, and user identification
• Lesson booking, lesson operations, chat, and notifications
• Payment processing, credit issuance/deduction/expiry, and refund review
• Customer support, dispute handling, fraud detection and prevention
• Service quality improvement and analytics
• Compliance with legal obligations

5. Third-Party Sharing and Processors

The Service does not sell personal data. We use the following external providers only where necessary to provide the Service:

• Google: OAuth authentication and account linking
• PayPal: payment processing and verification
• Zoom (or equivalent): lesson session access and operation
• Public authorities when required by law

6. Google Services

This Service supports Google OAuth login. Data collected or processed by Google is governed by Google's own policy.

https://policies.google.com/privacy

Data obtained through Google APIs is used only for login and account-linking purposes.

7. Retention and Deletion

• Personal data is deleted without undue delay once processing purposes are fulfilled.
• When account deletion is requested, data that can be immediately removed (e.g., tokens/sessions) is deleted first; account is then handled through deletion workflow.
• Lesson/payment/settlement/dispute records may be retained as required by law or legitimate interests.
• Expired retention data is securely destroyed with irreversible methods.

8. Cross-Border Transfers

Because we use global service providers such as Google, PayPal, and Zoom, personal data may be processed on servers outside the user's country. Reasonable safeguards are applied.

9. Your Rights

Users may request access, correction, deletion, or restriction of processing within the scope of applicable laws.

• Edit profile data in Service settings
• Request account deletion through the Service
• Submit privacy rights requests through support channels

10. Cookies and Sessions

The Service uses cookies and session data for login continuity and security. Disabling cookies may limit some features.

11. Security Measures

We implement technical and organizational safeguards including HTTPS encryption, access control, and monitoring to protect personal data.

12. Policy Updates

This Policy may be revised due to legal or service changes. Material updates are announced through in-service notices.