Hanglow Privacy Policy
Effective date: To be filled in Last updated: To be filled in Personal information controller: Shinzoer Service name: Hanglow / 한글로 Website: https://www.hanglow.app Privacy contact: Hanglow Privacy Contact Contact email: To be filled in
Shinzoer (“we,” “us,” or “our”) operates Hanglow (“Service”). We respect your privacy and process personal information in accordance with applicable privacy laws. This Privacy Policy explains what personal information we collect, why we use it, how we store and delete it, and what rights you may have.
1. Purposes of Processing Personal Information
We may process personal information for the following purposes:
- Account creation, sign-in, user identification, and account management
- Google sign-in, email sign-in, and authentication features
- Account Features such as likes, saved words, and account pages
- Future quiz scores, streaks, personalization, and Word of the Day-related features
- Receiving and responding to inquiries, support requests, and error reports
- Service stability, security, fraud prevention, and abuse prevention
- Usage statistics, product analytics, feature improvement, and UI/UX improvement
- Optional masked session recording for bug analysis and usability improvement
- Error monitoring, incident analysis, and performance improvement
- Advertising through Google AdSense, Kakao AdFit, and similar ad networks
- Affiliate link operation and performance measurement through Coupang Partners, Amazon Associates, Naver Shopping Connect, MarppleShop, and similar programs
- Legal compliance, dispute handling, and protection of rights
2. Categories of Personal Information We Process
We may process the following information in connection with the Service.
| Category | Information |
|---|---|
| Account and authentication | Email address, name or nickname, profile image, Google account information, email login information, authentication identifiers, session information, account creation date |
| Authentication provider data | Clerk user ID, subject, token identifier, OAuth provider information, login/session information |
| App data | Authenticated identifier, Terms acceptance record, Privacy Policy acceptance record, age eligibility confirmation record, likes, saved words, future quiz scores, streaks, app settings, deletion status |
| Service usage data | Viewed content, search terms, filter usage, clicks, share-button usage, language settings, browser settings, time of use, page navigation |
| Analytics data | Page views, page-leave and session-duration events, scroll-depth measurement, manually defined events, feature usage, device/browser information, and cookieless daily anonymous or pseudonymous measurement data |
| Optional session recordings | If you consent, masked screen flow, clicks, page navigation, and error context. Inputs and authentication/account areas are excluded or masked where possible. |
| Error and security logs | IP address, User-Agent, device information, browser information, error logs, performance logs, access time, security events |
| Advertising and affiliate data | Cookies, advertising identifiers, ad impressions/clicks, affiliate link click information, referral/commission information, external site navigation |
| Inquiries | Email address, inquiry content, attachments, response history |
| Payment | We do not currently collect payment information directly. If payment features are added, this Policy will be updated. |
We prefer not to require date of birth for account age eligibility confirmation. We do not generally require resident registration numbers, passport numbers, driver’s license numbers, precise location information, phone numbers, or addresses unless necessary for a specific future feature or legal requirement.
3. How We Collect Personal Information
We may collect personal information through the following methods:
- When you provide it during sign-up, sign-in, account use, inquiries, feedback, or settings
- When it is provided through Google sign-in, email sign-in, Clerk, or other authentication services
- When you use likes, saved words, share buttons, search, filters, or Account Features
- When access logs, cookies, device information, browser information, or event logs are generated during use of the Service
- When information is generated or processed through analytics, error monitoring, advertising, affiliate links, or security tools
4. Retention Periods
We retain personal information until the relevant processing purpose is fulfilled or until you request deletion. However, we may retain certain information where required or permitted for legal obligations, security, fraud prevention, dispute handling, or commission settlement.
| Category | Retention period |
|---|---|
| Account and authentication information | Until account deletion or according to the authentication provider’s policy |
| User app data | Until account deletion |
| Terms/Privacy/age confirmation records | During account use and for the period necessary for dispute handling |
| Likes | Until you remove them or delete your account |
| Saved words, quizzes, streaks, and future account data | Until you remove them or delete your account |
| Search terms and filter usage | For the period necessary for service improvement and analytics, where possible as aggregate or pseudonymous information not directly tied to an account |
| Analytics events and optional session recordings | According to service settings or analytics tool retention policies |
| Error and security logs | For the period necessary for service stability, security, and incident analysis |
| Advertising and affiliate records | For the period necessary for settlement, fraud prevention, and dispute handling |
| Support and inquiry records | For the period necessary for support and dispute handling |
| Records required by law | For the period required by applicable law |
5. Third-Party Disclosure
We do not sell your personal information. We may disclose or provide personal information to third parties in the following cases:
- When you have given prior consent
- When required by law
- When requested through lawful procedures by courts, regulators, law enforcement, or other authorities
- When necessary to protect our rights, security, prevent abuse, or handle disputes
- When you use advertising, affiliate links, external platforms, or external services, and the relevant external service processes information under its own policies
When you use advertising, affiliate links, or external services, the relevant third party may process information under its own privacy policy, cookie policy, and terms.
6. Service Providers and International Processing
We use third-party service providers to operate the Service. Some personal information may be processed or stored outside South Korea, particularly in the United States and other countries.
| Service | Purpose |
|---|---|
| Clerk | Authentication, sign-up, sign-in, session management, account management |
| Convex | Backend, database, account feature data storage |
| Vercel | Website hosting, deployment, CDN, server logs, Speed Insights performance measurement |
| PostHog Cloud EU | Cookieless product analytics, page views, page-leave and session-duration events, scroll-depth measurement, and manually defined event analytics |
| Sentry | Error monitoring, incident analysis, performance improvement |
| Google / Google AdSense | Google sign-in integration, advertising, ad performance measurement |
| Kakao / Kakao AdFit | Advertising and ad performance measurement |
| Coupang Partners | Affiliate link operation, performance measurement, commission settlement |
| Amazon Associates | Affiliate link operation, performance measurement, commission settlement |
| NAVER / Naver Shopping Connect | Future affiliate link operation, performance measurement, commission settlement |
| MarppleShop | Future merchandise sales, external product-page linking, performance measurement |
| Email/domain providers | Inquiry handling, domain, email operations |
| AI image/content tools | AI-assisted/editorial image or content creation. As a rule, we do not input User personal information. |
We take reasonable steps to review and manage service providers’ security measures, contract terms, access controls, and data processing conditions.
7. Cookies, Local Storage, and Similar Technologies
We may use cookies, localStorage, sessionStorage, pixels, SDKs, or similar technologies.
| Category | Purpose | Consent |
|---|---|---|
| Essential cookies/storage | Login, session maintenance, security, authentication redirects, short-lived action reminders | Required |
| Cookieless analytics events | Page views, page-leave and session-duration measurement, scroll-depth measurement, feature usage, service improvement, and product analytics without storing analytics identifiers in cookies, localStorage, or sessionStorage | No browser storage |
| Optional analytics cookies/session recording | Masked screen flow, repeat-visitor identification, surveys, experiments, or other features that require browser storage or identification | Optional |
| Advertising cookies | Google AdSense, Kakao AdFit, ad delivery and ad measurement | Optional or subject to legally required consent |
| Affiliate measurement | Affiliate link clicks, referrals, settlement, fraud prevention | Processed according to service function or consent settings |
You can restrict cookies through your browser settings or change optional consent through the Service’s privacy settings. If you block essential cookies or session information, login, security, and some Account Features may not work properly.
8. PostHog Analytics and Optional Session Recording
We may use product analytics tools such as PostHog Cloud EU.
Our default analytics setup is cookieless. We may measure page views, page-leave and session-duration events, scroll-depth measurement, and manually defined events, but we do not store analytics identifiers in browser cookies, localStorage, or sessionStorage, and we do not use PostHog identify to link visitors to account, email, Clerk, or Convex identifiers. We also avoid sending full URLs with query strings or hashes in analytics events.
We do not enable optional analytics features such as automatic capture, session recording, surveys, heatmaps, experiments, or feature flags by default without consent. If those optional features are used, we ask for separate consent and exclude or mask inputs, authentication areas, account areas, privacy areas, settings areas, and sensitive screens where possible.
You can use public browsing and Account Features even if you do not consent to optional analytics or session recording. If optional consent features are provided, you may withdraw consent at any time.
9. Sentry Error Monitoring
We may use error monitoring tools such as Sentry for service stability, error analysis, and performance improvement.
We may use settings that limit unnecessary PII collection. Where possible, we scrub or avoid sending emails, authentication tokens, cookies, authorization headers, full query parameters, and search input values to error logs.
10. Advertising and Affiliate Links
The Service may display advertising through Google AdSense, Kakao AdFit, or similar advertising networks. Advertising providers may use cookies or similar technologies to deliver ads or measure ad performance.
The Service may include affiliate links through Coupang Partners, Amazon Associates, Naver Shopping Connect, MarppleShop, or similar affiliate programs. If you click an affiliate link or purchase a product or service through such a link, we may receive a commission or other compensation.
We may process advertising and affiliate-related information for measuring ad impressions and clicks, measuring affiliate link clicks and referral performance, settlement, fraud prevention, dispute handling, and improving ad/affiliate placement and content.
External advertisers, affiliate partners, or sellers may process personal information under their own privacy policies.
11. AI-Assisted/Editorial Images and AI Tools
Most or all images in the Service may be AI-assisted, AI-generated, or human-edited editorial images.
As a rule, we do not input User emails, account information, inquiry content, or personal identifiers into AI tools during image creation.
We may provide notices through images, word detail pages, tooltips, or policy documents indicating that images are AI-assisted/editorial images.
12. Children and Minors
Public Content may be browsed without an account.
Account creation is available only to Users who are at least 14 years old if they reside in South Korea, or at least 16 years old if they reside outside South Korea.
The Service is not directed to children under 14. We do not knowingly collect personal information from children under 14.
If we learn that an account or personal information belongs to a User who does not meet the age requirement, we may delete the account or information or restrict Account Features.
A parent or legal guardian may request access, correction, deletion, or suspension of processing for a User who does not meet the age requirement.
13. Deletion of Personal Information
When the retention period expires or the processing purpose is fulfilled, we delete personal information without undue delay.
Electronic files are deleted in a way that makes recovery or restoration difficult. Paper documents, if any, are shredded or incinerated. Backup data is deleted or access-restricted according to backup policies.
Information that must be retained by law will be stored separately and used only for the relevant purpose.
14. Security Measures
We take measures to protect personal information, including:
- Limiting access to personal information
- Protecting admin accounts and authentication information
- Encrypting data in transit
- Managing access rights for third-party service accounts
- Managing error logs and security logs
- Limiting unnecessary PII collection
- Scrubbing sensitive information such as authentication tokens, cookies, and authorization headers
- Reviewing third-party processor security practices
- Operating procedures for account deletion and privacy rights requests
15. User and Legal Guardian Rights
Subject to applicable law, Users and legal guardians may request access, correction, deletion, suspension of processing, withdrawal of consent, account deletion, or export of account data.
You may exercise these rights through account settings, privacy settings, or by contacting us.
Contact email: To be filled in
We will process requests after verifying identity as required by applicable law. Some requests may be limited where retention is required by law, where disclosure would infringe another person’s rights, or where information is necessary for security or dispute handling.
16. Account Deletion and Data Handling
If you request account deletion, we may process the request as follows:
- Delete or process deletion of the Clerk account
- Delete, de-identify, or mark as deleted the Convex user record
- Delete likes
- Delete saved words, quiz scores, streaks, and other account-based data
- Retain aggregate statistics after removing personal identifiers
- Retain information necessary for security, legal obligations, dispute handling, or settlement as permitted by applicable law and this Policy
17. Privacy Contact
We operate the following contact point for privacy inquiries, complaints, and requests.
Privacy contact: Hanglow Privacy Contact Email: To be filled in
18. Remedies
You may contact relevant authorities for privacy-related consultation or dispute resolution, including:
- Personal Information Dispute Mediation Committee
- Personal Information Infringement Report Center
- Cyber investigation departments of the Supreme Prosecutors’ Office
- Cyber investigation departments of the Korean National Police Agency
19. Changes to This Privacy Policy
We may update this Privacy Policy when applicable law, service structure, collected items, processing purposes, retention periods, third-party processors, advertising/affiliate features, analytics tools, or Account Features change.
Minor wording, typo, or link updates may take effect immediately. If there is a material change to personal information processing, we will notify Users of the changes, posting date, and effective date through in-service notices, banners, account pages, email, or other appropriate methods.
If separate consent is required for a change, we may request separate consent before applying the relevant feature.
20. Language
The Korean version of this Privacy Policy is the original version. The English version is provided for convenience. If there is any inconsistency between the Korean and English versions, the Korean version will prevail to the extent permitted by applicable law.