Privacy Policy
Article 1 (Purpose)
Flitto ("Company") establishes and implements this Privacy Policy to protect users' personal information and comply with applicable laws, including the Personal Information Protection Act (South Korea), the General Data Protection Regulation (GDPR, EU), and the California Consumer Privacy Act (CCPA, USA).
This Privacy Policy governs the procedures for the collection, use, storage, and deletion of personal information in connection with the use of the Chat Translation service ("Service").
Unless otherwise specified, the terms used in this Privacy Policy shall have the meanings defined in the Terms of Service.
Article 2 (Personal Information Collected and Collection Methods)
Information Collected
At Registration:
Email Registration: Email address, password, nickname
Social Login: Email address, profile name (provided via OAuth)
During Service Use:
Subscription Information: Subscription start date, cancellation date, renewal date, refund date, receipt (PDF)
Payment Information: Credit card information (tokenized and stored by Paddle and RevenueCat) and payment-related details
Custom Assistant: User-configured settings (field, purpose, dataset)
Conversation Records: Text, voice, translation drafts, and meeting summaries from remote conversations and online meetings (stored in anonymized form for members solely to improve translation quality)
Customer Inquiries: Email address, inquiry details, and customer service records (retained for a certain period for service improvement)
Non-Member Guests:
When participating via a host’s invitation link, only voice and language information is collected with simplified consent ("I Agree" click). This data is encrypted, used for translation, and immediately deleted upon session termination.
No personally identifiable information is collected.
Collection Methods
Personal information is collected through direct input or integration by users during registration and login.
Article 3 (Purpose of Personal Information Use)
The Company uses personal information for the following purposes:
User Identification and Account Management: User authentication, account merging, and termination processing
Service Provision: Real-time translation, remote conversations, online meetings, and custom assistant functionality
Payment Processing: Subscription payments, refunds, and payment error handling
Quality Improvement: Anonymized conversation logs and meeting summaries to enhance translation quality
Customer Support: Responding to inquiries and improving the Service
Article 4 (Retention and Deletion of Personal Information)
Retention Periods
Member Information: Retained for 10 days after account termination (to allow account recovery upon re-login), then permanently deleted
Subscription/Payment/Refund Records: Retained for 5 years after termination (to comply with the Electronic Commerce Act and accounting requirements). Actual payment-related card information is managed by Paddle, and the Company does not store it separately.
Customer Inquiry Records: Retained for 2 years after termination
Member Conversation Logs, Voice Data, and Meeting Summaries: Stored indefinitely in anonymized form for translation quality improvement
Non-Member Guest Voice and Language Information: Encrypted and deleted immediately upon session termination
Deletion Procedures
After 10 days from account termination, personally identifiable information (e.g., email, nickname, voice data identifiers) is permanently deleted from databases and backups.
Payment/subscription information is deleted after the legally required retention period.
Non-member guest voice and language information is deleted immediately upon session termination.
Electronic data is deleted in a non-recoverable manner, and physical records are shredded.
Article 5 (Provision of Personal Information to Third Parties)
The Company does not provide personal information to third parties without user consent, except in the following cases:
Tokenized card information is provided to Paddle and RevenueCat for payment processing.
Information may be provided to investigative authorities as required by applicable laws.
Non-member guest data does not include personally identifiable information and is not subject to third-party provision.
Article 6 (Cross-Border Transfer of Personal Information)
Personal information may be transferred overseas for payment processing (Paddle) and subscription management (RevenueCat).
Countries: USA, EU
Recipients: Paddle, RevenueCat
Transferred Items: Payment information (last 4 digits of card, payment amount), subscription information
Security Measures: GDPR compliance, data encryption
Users have the right to refuse cross-border transfers, but refusal may limit payment functionality.
Article 7 (Measures to Ensure Personal Information Security)
Encryption: Personal information (including voice data and translation drafts) is transmitted via TLS (HTTPS). Passwords and payment information are stored encrypted. Non-member guest voice and language information is encrypted and immediately deleted after use.
Access Restriction: Database access is managed under the principle of least privilege. Onboarding data and conversation records are accessible only to backend developers, operations/customer support teams, and the Data Protection Officer on a limited basis.
Security Monitoring: Annual security audits (at least once per year) to detect anomalies in payment, subscription, or conversation events.
Article 8 (User Rights)
Users may request access, correction, or deletion of their personal information by contacting the customer support team at cltl@flitto.com.
Non-member guests are not subject to access, correction, or deletion requests, as no personally identifiable information is collected.
The Company shall process requests within 10 days of receipt and provide reasons for any refusal.
Article 9 (Compliance with Laws)
The Company processes personal information in compliance with applicable laws, including the Personal Information Protection Act (South Korea), the General Data Protection Regulation (GDPR, EU), and the California Consumer Privacy Act (CCPA, USA).
Article 10 (Changes to the Privacy Policy)
This Privacy Policy is posted on the Service platform or notified through other means and takes effect for all users who consent to it.
The Company may revise this Privacy Policy in compliance with applicable laws. Changes will be announced at least 7 days before the effective date via in-Service notices or email. Material changes adversely affecting users will be notified at least 30 days in advance.
If a user does not express refusal by the effective date after notification, they are deemed to have consented to the changes. Refusal can be expressed by contacting cltl@flitto.com.
In the case of material changes, users may explicitly choose to consent or refuse, and refusal may limit Service usage.
The revised Privacy Policy will be announced as per Article 10(1) and take effect from the specified date.
Article 11 (Data Protection Officer)
Data Protection Officer: Jeongsu Lee
Contact: cltl@flitto.com
Inquiries regarding personal information processing or legal issues will be responded to within 3–5 business days.
Supplementary Provisions
This Privacy Policy takes effect on October 1, 2025.
