Privacy Policy

The Company may collect or process the following information during account registration, sign-in, service use, payment, customer support, and service operations.

• Account information: email address, display name, authentication data, and basic profile information received from social login providers
• Profile and settings: plan, language, timezone, alert preferences, chart preferences, onboarding progress, and language-reset state
• Usage information: access time, logs, IP address, cookies and session identifiers, browser and device information, page visits, event logs, and Google Analytics usage statistics
• In-service activity: covered symbols, saved interests, search history, settings changes, and onboarding start/progress/complete/skip events
• AI-related information: prompts, questions, selected company or document context, generated outputs, and logs used for quality control and abuse prevention
• Payment-related information: buyer name if provided, transaction identifiers, approval or failure results, subscription status, and masked payment details

Payment input fields such as card number, expiration details, partial identity information, and the first two digits of the card password may pass through the server solely to complete recurring billing registration and approval, but are not separately stored after processor handling.

Collection methods may include direct user input, results received from social login and email authentication, automatic collection during use, and result information received from processors, hosting providers, email providers, and authentication services.

• User identification, authentication, account administration, and fraud prevention
• Provision of market data views, coverage management, onboarding resume, alert settings, multilingual interfaces, and personalization features
• Paid-service billing, recurring charges, cancellation and refund handling, and transaction management
• Generation and improvement of AI briefs, AI agent responses, translations, comparisons, and question-answering outputs
• Customer support, notices, dispute handling, security monitoring, and service stability
• Product improvement through usage-pattern analysis, onboarding completion analysis, and feature usage analytics

The Company deletes personal information without undue delay once the processing purpose has been fulfilled, unless retention is required by law or reasonably necessary for dispute handling, security, or abuse prevention.

• Account and profile information: until account deletion
• Payment and transaction records: for the period required under applicable e-commerce or other relevant law, generally 5 years where applicable
• Consumer complaint or dispute records: 3 years
• Access logs and similar communications records: for the period required by applicable law
• AI conversation logs, request logs, and onboarding or feature event logs: retained as needed for service delivery, security, quality improvement, and abuse prevention, then deleted or de-identified

The Company does not sell personal information. Except where required or permitted by law or based on user consent, the Company does not disclose personal information for unrelated purposes. However, the Company may use external service providers to operate the Service.

• Supabase: authentication and database operations
• Vercel and similar hosting providers: infrastructure, deployment, and log handling
• NicePay: payment and recurring billing processing
• Resend and similar email providers: operational, authentication, and digest email delivery
• Google Analytics: visit statistics and usage analytics
• OpenAI, Google Gemini, and similar AI providers: AI summaries, translations, briefs, question-answering, and agent responses

Some processors or infrastructure providers may process data outside Korea. The Company follows applicable notice and protection requirements for cross-border transfers.

Users may request access, correction, deletion, restriction of processing, and account deletion, subject to applicable law.

Requests may be submitted through account settings, customer support, or the contact details below. The Company responds without undue delay in accordance with applicable law. Information subject to legal retention obligations may not be deleted immediately.

Where a deletion ground arises, such as expiration of the retention period or fulfillment of the processing purpose, the Company deletes the relevant information without undue delay.

• Electronic records: permanently deleted using methods that make recovery impracticable
• Paper documents, if any: shredded or incinerated

• Least-privilege access control
• Encryption in transit such as HTTPS
• Logging, anomaly monitoring, and security review
• Security patches and updates
• No retention of raw payment credentials and use of a payment processor

The Company may use cookies or similar technologies for authentication, security, language selection, settings persistence, onboarding resume, service quality improvement, and visit analytics.

• Essential cookies: authentication sessions, security, and core features
• Preference cookies: language selection (locale), UI settings, and onboarding-related state
• Analytics tools: Google Analytics for page visits and usage-event analysis

Users may reject or delete cookies through browser settings. However, restricting essential cookies may prevent features such as login persistence, language settings, and other parts of the Service from functioning properly.

The Service is not intended for children under the age of 14. If the Company becomes aware that such information has been collected, it will take appropriate steps, including deletion where required.

Privacy-related questions and rights requests may be directed to the following contact point.

• Privacy officer: Kwangsup Ahn
• Email: contract@oswarld.com
• Mail-order registration no.: 2026-서울영등포-0851

If this Policy is added to, deleted from, or amended, the Company will provide notice through the Service or another reasonable method at least 7 days before the effective date, except where a more specific notice or consent process is required by law.