Privacy Policy

Article 1 (Purpose)

Flitto Inc. (hereinafter referred to as the "Company") establishes and implements this Privacy Policy to protect the personal information of its users and to comply with relevant laws and regulations (such as the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.).

This Policy stipulates the procedures for the processing of personal information that is collected, used, stored, and deleted when using the Live Translation service (hereinafter referred to as the "Service").

※ Unless otherwise defined, the definitions of terms used in this Policy shall be in accordance with those set forth in the 'Terms and Conditions of Service'.

Article 2 (Personal Information Collected and Method of Collection)

1. Items Collected:

   1. Upon Membership Registration:

      • Email Registration: Email address, password, nickname.

   2. During Service Use:

      • Payment Information: Credit card information and payment-related records.

      • Custom Assistant: User-configured settings (field, job/purpose, dataset).

      • Conversation History: Text, voice, and draft translations from the online space (for members only, stored after anonymization for translation quality improvement).

      • Inquiry History: Email address, content of inquiries, and CS handling records (retained for a certain period for service improvement).

   3. Non-member Guests:

      • When participating via a Host's invitation link, only language information is collected through a simplified consent to personal information processing ("I Agree" click).

      • No personally identifiable information is collected.

2. Method of Collection:

   • Information is collected through direct input and linkage by the user during membership registration and login.

Article 3 (Purpose of Use of Personal Information)

1. Member Identification and Account Management: Member authentication, account consolidation, withdrawal processing.

2. Service Provision: Providing real-time translation and customized glossary functions.

3. Payment Processing: Subscription payment, refunds, payment error handling.

4. Quality Improvement: Enhancing translation quality through anonymized conversation logs and meeting summaries.

5. Customer Support: Responding to inquiries, service improvement.

Article 4 (Retention and Destruction of Personal Information)

1. Retention Period:

   • Member Information: Retained for up to ten (10) days after withdrawal (allowing for account recovery upon re-login) and then completely deleted.

   • Subscription/Payment/Refund Records: 5 years after withdrawal (for compliance with the Act on Consumer Protection in Electronic Commerce, etc., and accounting evidence).

   • User Inquiry History: 2 years after withdrawal.

   • Member's Logs and Voice Data: Retained indefinitely after anonymization (for the purpose of translation quality improvement).

   • Non-member Language Information: Destroyed immediately after achieving the purpose of service use, following encryption.

2. Destruction Procedure:

   • Ten (10) days after withdrawal, personally identifiable information (email, nickname, identifiers in voice data, etc.) is completely deleted from the database and backups.

   • Payment/subscription information is deleted after the legally mandated retention period.

   • The voice and language information of non-member Guests is deleted immediately upon the conclusion of the conversation.

   • Electronic data is deleted in an irrecoverable manner; physical records are shredded.

3. If matters are not defined in the preceding paragraphs, or if the defined content conflicts with a separate contractual document agreed upon between the Company and the client, the separate contractual document shall prevail.

Article 5 (Provision of Personal Information to Third Parties)

1. The Company shall not provide personal information to third parties without the user's consent.

2. In the event of a request from law enforcement agencies in accordance with legal statutes, relevant information may be provided.

3. In the case of non-member Guests, as no personally identifiable information is collected, they are not subject to third-party provision.

4. If matters are not defined in the preceding paragraphs, or if the defined content conflicts with a separate contractual document agreed upon between the Company and the client, the separate contractual document shall prevail.

Article 6 (Measures to Ensure the Security of Personal Information)

1. Encryption: Personal information (including voice data and draft translations) is transmitted via TLS (HTTPS), and passwords and payment information are stored in an encrypted format. The voice and language information of non-member Guests is encrypted and then immediately destroyed.

2. Access Control: Database access is managed according to the principle of least privilege. Onboarding data and conversation history can only be viewed on a limited basis by back-end developers, the operations/CS team, and the Chief Privacy Officer.

3. Security Monitoring: Regular security checks are conducted at least once a year to detect anomalies in payment, subscription, and conversation events.

4. If matters are not defined in the preceding paragraphs, or if the defined content conflicts with a separate contractual document agreed upon between the Company and the client, the separate contractual document shall prevail.

Article 7 (Rights of the User)

1. The User may, when necessary, request to view, correct, or delete their personal information through the customer service center (ctlt@flitto.com).

2. As no personally identifiable information is collected from non-member Guests, they are not eligible to make requests for viewing, correction, or deletion.

3. The Company must process the User's request within ten (10) days of receipt and must provide the reason for any refusal.

4. If matters are not defined in the preceding paragraphs, or if the defined content conflicts with a separate contractual document agreed upon between the Company and the client, the separate contractual document shall prevail.

Article 8 (Compliance with Laws and Regulations)

The Company processes personal information in compliance with relevant laws and regulations, including the Personal Information Protection Act of Korea, the EU's General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA) of the United States.

Article 9 (Changes to the Policy)

1. The content of this Policy shall become effective for all members who have consented to it by being posted on the Service screen or announced through other methods.

2. The Company may amend this Policy in compliance with relevant laws and regulations. In the event of an amendment, the Company shall notify Members thereof via an announcement within the Service or by email at least seven (7) days prior to the effective date. Amendments that are unfavorable to the Member shall be announced thirty (30) days in advance.

3. If, after the Company has announced the amendments in accordance with this paragraph, the User does not express an intention of refusal by the effective date, the User shall be deemed to have consented to the amended terms. The intention of refusal may be expressed through the customer service center (ctlt@flitto.com).

4. In the case of an unfavorable amendment, the User may explicitly choose whether to consent, and refusal to consent may result in restrictions on Service use.

5. The amended Policy shall be announced in accordance with Paragraph 1 and shall take effect from the effective date.

Article 10 (Chief Privacy Officer)

• Chief Privacy Officer: Jungsue Lee

• Contact: ctlt@flitto.com

• For inquiries regarding the processing of personal information, handling of related inquiries, legal issues, etc., you can expect a response within 3-5 business days.

Addendum

This Policy shall become effective on October 1, 2025.