Onja Privacy Policy

Onja (hereinafter referred to as "we," "us," or "our") hereby establishes this Privacy Policy (hereinafter referred to as "this Policy") regarding the handling of personal information and user information obtained through the AI vocabulary learning application "Onja" and all related applications, websites, associated software, and ancillary services (hereinafter collectively referred to as "the Service") provided by us. In doing so, we comply with the Act on the Protection of Personal Information and other applicable laws, regulations, and guidelines, and give full consideration to the protection of user privacy.

Article 1 (Definition of Personal Information)

1. In this Policy, "personal information" refers to personal information as defined in Article 2, Paragraph 1 of the Act on the Protection of Personal Information (hereinafter referred to as the "Personal Information Protection Act"), meaning information about living individuals that enables identification of a specific individual through names, email addresses, or other descriptions, numbers, symbols, codes, images, sounds, or other information contained therein (including information that can be easily cross-referenced with other information to identify a specific individual).

2. Personal information under this Policy includes individual identification codes, device identifiers, online identifiers, and other information treated as personal information under the Personal Information Protection Act or related laws and regulations.

3. Email addresses, user identification information, usage history, device information, and other information about users obtained through the Service that can identify a specific individual alone or in combination with other information shall be treated as personal information under this Policy.

Article 2 (Information Collected)

1. For the purpose of providing, operating, and improving the Service, we may collect the following information, including information obtained directly from users, information automatically collected through users' use of the Service, and information obtained through third-party services:

(1) Information registered or provided by users: We may collect the following information provided by users when registering for the Service, creating an account, or using various features:

• Email address

• Nickname

• Other information voluntarily entered or provided by the user

(2) Information entered or generated by users in the Service: We may collect the following information entered, submitted, or generated by users in the course of using the Service:

• Words, phrases, or sentences

• Word definitions and other supplementary information

• Scene settings and other generation conditions

• Stories, translations, or audio information generated by AI features

• Playlist information

• Playlist cover images and other user content

(3) Information automatically collected through use of the Service: We may automatically collect the following information through users' use of the Service for the purpose of providing the Service and improving its quality. Additionally, IP addresses and other communication logs may be stored as communication records in cloud services or infrastructure services for the purpose of maintaining communication environments and managing security.

• Device type and device model

• OS type and version

• Application version

• Language and regional settings

• Anonymous app instance identifiers

• Service usage history, operation logs, and access logs

(4) Information obtained through third-party services: In providing the Service, we may use access analysis services, cloud services, AI services, and other third-party services, and the providers of such services may collect device information, usage information, and other information about users.

Article 3 (Purposes of Use of Personal Information)

We use personal information and user information collected in connection with the Service for the following purposes:

(1) To provide, operate, maintain, and manage the Service

(2) To verify user identity, authenticate users, and manage accounts

(3) To provide content generation, translation, audio generation, and other Service features using AI functionality based on information entered by users

(4) To respond to user inquiries, provide user support, and verify identity

(5) To prevent and respond to unauthorized use, unauthorized access, violations of the Terms of Service, and other improper conduct

(6) To improve the quality of the Service, improve features, develop new features, and conduct research and development

(7) To analyze Service usage, create statistical data, and improve the Service

(8) To provide important notices regarding the Service, changes to the Terms of Service or Privacy Policy, and other necessary notifications

(9) To respond to requests based on laws, regulations, or government agency requirements

(10) For purposes incidental to or related to any of the foregoing

Article 4 (Data Use Related to AI Features)

1. In the Service, input data entered by users, including words, sentences, phrases, definitions, scene settings, and other input data (hereinafter referred to as "Input Data"), is used for the purpose of providing content generation, translation, audio generation, and other Service features using AI technology.

2. We may use Input Data and content generated by AI features (hereinafter referred to as "AI-Generated Content") for the purpose of improving the quality of the Service, improving features, investigating defects, and other purposes necessary for Service operation. However, we will not use users' Input Data or AI-Generated Content for training machine learning models or AI models (i.e., use as training data).

3. We do not sell, monetize, or share users' personal data with third parties for advertising, profiling, or any other commercial purposes. We use Google Cloud Vertex AI (Gemini API) and Cloud Text-to-Speech solely as data processing tools to provide AI-powered features within the Service, including story generation, translation, and audio generation for vocabulary learning purposes. Google Cloud processes users' Input Data on our behalf pursuant to Google Cloud's Enterprise Data Processing Terms, and Google Cloud will not use our customers' data to train or improve its foundation models. We retain full control over user data and determine the purposes and means of processing. Google Cloud functions solely as an infrastructure provider and data processing tool.

4. In providing the AI features of the Service, Input Data is transmitted to and processed by Google LLC's Vertex AI (Gemini API) and Cloud Text-to-Speech. The handling of such data is also subject to Google's Privacy Policy.

5. We may analyze, statistically process, or otherwise process Input Data and AI-Generated Content for use within the scope of the purposes of providing AI features and improving the Service.

6. We may use Input Data and AI-Generated Content as statistical information processed in a form that does not identify individuals.

Article 5 (Use of Third-Party Services)

1. We may use the following third-party services for the purpose of providing, operating, maintaining, improving, and offering features of the Service:

(1) Authentication and data management services: These services are used to provide user authentication, data storage, server processing, and other foundational features of the Service.

• Firebase Authentication

• Cloud Firestore

• Cloud Storage for Firebase

• Cloud Functions for Firebase

(2) AI-related services: These services are used to provide AI text generation, translation, audio generation, and other AI features.

• Google Cloud Vertex AI (Gemini API)

• Cloud Text-to-Speech

(3) Access analysis and error monitoring: These services are used for the purpose of analyzing Service usage, improving quality, and identifying defects.

• Firebase Analytics

• Firebase Crashlytics

(4) Payment-related services: These services are used for subscription payments, receipt verification, and billing management within the Service.

• Apple App Store In-App Purchase

• RevenueCat

(5) Other services: These services are used for configuration management, unauthorized access prevention, email delivery, and other purposes.

• Firebase Remote Config

• Firebase App Check

• SendGrid

2. To the extent necessary for the provision of the Service, we may transmit all or part of user information to these third-party services for processing.

3. The handling of information collected by these third-party service providers shall be governed by the privacy policies or terms of service established by each service provider.

4. We may add, change, or discontinue the use of third-party services as necessary for service improvement or operational purposes.

Article 6 (Data Storage)

We may store user information and user data on cloud services for the purpose of providing and operating the Service.

1. User data of the Service is primarily managed in Google Cloud Platform (GCP) or other cloud infrastructure environments used by us.

2. We will store user data for the period necessary for the provision, maintenance, and improvement of the Service.

3. The main guidelines for user data retention periods are as follows:

(1) Story text, word data, and other learning data created by the user: Stored for the duration of the user's active account and may be deleted within a reasonable period after account deletion.

(2) Audio data: May be stored during the subscription period. Audio data may be deleted after the subscription ends, and users may need to regenerate audio data if they use the Service again.

4. We may store access logs, operation logs, and other technical log information for a certain period for the purposes of system operation, security management, or prevention of unauthorized use.

5. If there is a legal obligation to retain information, or if there are legitimate reasons such as dispute resolution, we may retain information to the extent necessary regardless of the retention periods set forth in the preceding items.

6. We may store or use information processed in a form that does not identify individuals for the purposes of service improvement or statistical analysis.

Article 7 (Access Analysis)

1. The Service uses access analysis tools for the purpose of improving service quality, improving features, and analyzing usage.

2. The Service uses Firebase Analytics provided by Google, and information regarding users' use of the Service (including usage history, device information, and other anonymous information) may be collected.

3. This information is collected and analyzed in a form that does not identify individuals and is used as reference information for improving and operating the Service.

4. The handling of information obtained through Firebase Analytics is governed by the privacy policy and related provisions established by Google.

Article 8 (Provision to Third Parties)

1. We will not provide users' personal information to third parties except in the following cases:

(1) When the user has given consent

(2) When disclosure or provision is required by law or regulation

(3) When necessary to protect someone's life, body, or property and it is difficult to obtain the user's consent

(4) When particularly necessary to improve public health or promote the sound development of children and it is difficult to obtain the user's consent

(5) When it is necessary to cooperate with a national agency, local government, or a party entrusted by such entities in carrying out duties prescribed by law, and obtaining the user's consent is likely to impede the performance of such duties

2. We may outsource all or part of the handling of personal information to external operators to the extent necessary for the provision of the Service. In such cases, we will exercise necessary and appropriate supervision over the outsourced party.

3. Personal information may be transferred to a successor in the event of a business transfer, company split, or other business succession.

4. We may use or publish statistical information processed from collected information in a form that does not identify individuals.

Article 9 (Management of Personal Information)

1. We will implement necessary and appropriate security management measures to prevent leakage, loss, or damage of users' personal information and to otherwise ensure the safe management of personal information.

2. We will provide necessary and appropriate supervision of employees to ensure the safe management of personal information.

3. When outsourcing the handling of personal information to external operators, we will exercise necessary and appropriate supervision over such operators.

4. We will implement technical and organizational security management measures to prevent unauthorized access, leakage, loss, or damage of personal information.

5. We will review and improve our handling of personal information as necessary.

Article 10 (User Rights)

1. Pursuant to the Personal Information Protection Act and other applicable laws and regulations, users may request disclosure, correction, addition, deletion, suspension of use, or suspension of provision to third parties of their own personal information held by us.

2. When making a request under the preceding paragraph, users shall apply through the method specified by us.

3. We will confirm that the request is from the user themselves and respond within a reasonable period in accordance with the provisions of applicable laws and regulations.

4. We may decline all or part of a request if we are not legally obligated to comply with the request for disclosure or other requests, or if there are reasonable grounds to do so.

5. In the case of the preceding paragraph, we will endeavor to notify the user of the reason.

6. Requests under this Article shall be made through the inquiry contact specified separately by us.

Article 11 (Personal Information of Minors)

1. The Service is principally intended for users aged 18 or older.

2. Persons under the age of 18 may not use the Service.

3. We do not intend to collect personal information from persons under the age of 18, and if we discover that a person under the age of 18 has provided personal information, we may promptly delete such information.

4. By using the Service, users represent and warrant that they are 18 years of age or older.

Article 12 (Changes to the Privacy Policy)

1. We may change the content of this Policy when we deem it necessary due to changes in laws or regulations, changes to the content of the Service, or other reasons.

2. When changing this Policy, we will notify users of the changed content and the effective date by posting on the Service or by other methods we deem appropriate.

3. The revised Privacy Policy shall take effect from the effective date established by us.

4. If a user uses the Service after the effective date of the revised Policy, the user shall be deemed to have consented to such changes.

Article 13 (Contact Us)

1. For inquiries regarding this Policy, questions about the handling of personal information, complaints, requests for disclosure, and other matters related to the handling of user information, please contact us at the following:

2. Contact Information

Operator: Onja

Email address: support@onja.app

3. We will endeavor to respond to user inquiries within a reasonable scope and timeframe.

Supplementary Provisions

Effective Date: March 15, 2026