Effective Date: February 27, 2026
Celon Inc. (hereinafter referred to as the "Company") processes personal information legally and manages it securely in compliance with the relevant laws and regulations such as the "Personal Information Protection Act." The Company will guide the data subjects regarding the procedures and criteria for the processing of personal information through this personal information processing policy and will promptly and smoothly address related grievances.
1. Purpose of Processing Personal Information, Items Processed, Retention and Use Period
The Company only processes the minimum necessary personal information required for providing services.
1) Purpose of Processing
Membership registration, login, user identification, and service provision
Managing service usage records, security (preventing/detecting fraudulent use, access control), and responding to issues
Responding to customer inquiries/notifications/alerts and processing
Processing payments, settlements, and refunds for paid services (if applicable)
Improving service quality (performance/stability/error analysis)
Providing AI-based prediction/analysis functions (including processing of prompts/documents entered by users)
2) Items Processed
Membership/Account
(Required) Email, password (or SSO identifier)
(Optional) Name/nickname, company/organization name, department/title, and other profile information
Payment for Paid Services (if applicable)
Payment approval/transaction identification information, billing/settlement-related information (information necessary for issuing receipts/invoices, etc.)
Payment method information such as credit card numbers is processed directly by the payment agency (PG), and the Company generally does not store it (unless otherwise managed).
Customer Inquiries/Support
Name (or contact person's name), email, phone number (optional), inquiry content, attachment
Service Usage Records/Security
Access records (logs), IP address, device/browser information, cookies/session identifiers, usage time, error/diagnosis records
Data Entered/Uploaded by Users on the Service ("Input Data")
Documents/texts/scenarios/prompts/scripts/URLs/attachments, etc.
Since the input data may contain personal information of either the user or third parties, users should refrain from entering unnecessary personal information.
Sensitive Information/Unique Identifiable Information: The Company does not generally require the processing of sensitive information or unique identifiable information. However, if the user provides such information in the input data, it may be processed within the scope of service provision, so please exercise caution when inputting.
3) Retention and Use Period
The Company generally destroys the personal information without delay once the purpose of processing has been achieved. However, exceptions may apply in the following cases.
Member Information: Destroyed without delay upon membership cancellation
However, to prevent fraudulent use/dispute response, it may be retained for up to one year
Records related to Payments/Transactions (if applicable): Retained for the retention period according to the relevant laws and regulations
Records of Customer Inquiries/Dispute Resolution: Retained until the purpose is achieved or for the retention period according to relevant laws and regulations
Access Logs and Other Security Logs: Retained for the period necessary for security and issue response and then destroyed (according to laws/internal standards)
2. Methods of Collecting Personal Information
The Company collects personal information by the following methods.
Users directly input during membership registration/service use/customer inquiry processes
Automatically generated during the service usage process (access records, device information, cookies/sessions, etc.)
Information related to payments/settlements generated during the payment process (received through PG if necessary)
3. Provision of Personal Information to Third Parties
The Company generally does not provide personal information of data subjects to third parties.
However, this can be an exception if there is separate consent from the data subject or if there are special provisions in the law, or if there is a request following legal procedures such as investigation or inquiry.
4. Outsourcing of Personal Information Processing
The Company may outsource personal information processing tasks to the companies below for smooth service provision and manages and supervises the data processors according to the relevant laws when entering into a contract.
※ If any of the data processors include foreign entities/servers, additional information will be provided in Section 5 (Overseas Transfer).
Data Processors and Outsourced Tasks
Category | Data Processor | Outsourced Tasks | Retention and Use Period |
|---|---|---|---|
Payment (PG) | Toss Payments Co., Ltd. | Payment processing, settlement/refund processing (if applicable) | Until the contract ends or for the retention period according to relevant laws |
Payment (PG) | Polar Software, Inc. | Payment processing, settlement/refund processing (if applicable) | Until the contract ends or for the retention period according to relevant laws |
Infrastructure/Hosting | Vercel Inc. | Frontend hosting/deployment, traffic processing, log processing | Until the contract ends |
Infrastructure/Hosting | Railway Corp. | Backend/server infrastructure operation and deployment, log processing | Until the contract ends |
DB/Storage | Supabase, Inc. | Providing database/authentication/storage | Until the contract ends |
Customer Support | Not Just Tickets Ltd (Plain) | Responding to customer inquiries, managing tickets/CS system | Until the purpose is achieved or until the contract ends |
AI Inference | Google LLC | AI model inference processing (result generation based on input data) | Until the purpose is achieved or until the contract ends |
AI Inference | OpenAI OpCo, LLC | AI model inference processing (result generation based on input data) | Until the purpose is achieved or until the contract ends |
AI Inference | Anthropic, PBC | AI model inference processing (result generation based on input data) | Until the purpose is achieved or until the contract ends |
5. Overseas Transfer of Personal Information (Including Overseas Outsourcing/Storage)
The Company may delegate the processing of personal information to data processors located overseas or store it on overseas servers for service provision. The related information regarding overseas transfer (grounds, transferred items/countries/timing/methods, recipients and contact information, purpose of use and retention period, methods and effects of refusal) is as follows.
1) Grounds for Overseas Transfer
The Company carries out overseas transfers as necessary for the provision of services and processes accordingly to legal grounds such as prior notice and consent as required by relevant laws.
2) Current Status of Overseas Transfers
Recipient | Transfer Country | Timing/Method of Transfer | Transferred Items | Purpose of Use | Retention and Use Period | Contact Information |
|---|---|---|---|---|---|---|
Vercel Inc. | USA, UK | As needed during service usage / encrypted communication | Account information, usage records (logs), input data (within storage scope) | Hosting/operation | Until the contract ends | |
Railway Corp. | USA, Singapore | As needed during service usage / encrypted communication | Account information, usage records (logs), input data (within storage scope) | Server/infrastructure operation | Until the contract ends | |
Supabase, Inc. | USA, Singapore | As needed during service usage / encrypted communication | Account information, authentication information, service data (within storage scope) | DB/authentication/storage provision | Until the contract ends | |
Not Just Tickets Ltd (Plain) | UK | As inquiries are received / encrypted communication | Inquirer information, inquiry content/attachments | CS/ticket management | Until the purpose is achieved or until the contract ends | |
Google LLC | USA | As AI functions are used / encrypted communication | Input data (prompts/documents, etc.), results | AI inference processing | Until the purpose is achieved or until the contract ends | (Google Privacy Inquiry Channel) |
OpenAI OpCo, LLC | USA | As AI functions are used / encrypted communication | Input data (prompts/documents, etc.), results | AI inference processing | Until the purpose is achieved or until the contract ends | |
Anthropic, PBC | USA | As AI functions are used / encrypted communication | Input data (prompts/documents, etc.), results | AI inference processing | Until the purpose is achieved or until the contract ends | |
Polar Software, Inc. | USA | During payment / encrypted communication | Payment information | Payment processing | Until the contract ends or for the retention period under relevant laws |
3) Methods of Refusing Overseas Transfer and Effects of Refusal
Method of Refusal: Request "Refusal of Overseas Transfer" to support@celon.ai
Effect of Refusal: It may become difficult to provide infrastructure/CS/AI functions necessary for overseas transfer, leading to limited service use.
6. Additional Use and Provision of Personal Information
The Company may utilize or provide personal information in addition to the original collection purpose within a reasonable scope permitted by relevant laws, taking into account the infringement of data subjects' rights.
7. Procedures and Methods for Destruction of Personal Information
The Company will destroy personal information without delay upon the expiration of the retention period or upon occurrence of reasons for destruction, such as achieving processing purposes.
Destruction Procedures: Selection of destruction target according to internal standards → Destruction after approval
Methods of Destruction:
Electronic files: Permanently deleted in an irrecoverable manner
Paper documents: Shredded or incinerated
8. Rights, Obligations, and Exercise Methods of Data Subjects
Data subjects may exercise the following rights against the Company at any time.
Request for personal information access
Request for correction/deletion of personal information
Request for personal information processing suspension
Withdrawal of consent (in the case of consent-based processing)
Methods of Exercising Rights
Email: support@celon.ai (example subject: "Request for Access/Correction/Deletion/Suspension of Personal Information")
The Company will process the request after verifying the identity of the requester, and it may be limited or refused as required by relevant laws.
The Company will notify the results of the action within the period specified by law.
9. Measures to Ensure the Security of Personal Information
The Company implements technical, managerial, and physical security measures required by relevant laws to prevent loss, theft, leakage, forgery, alteration, or damage of personal information.
1) Managerial Measures
Establishment and implementation of internal management plans for personal information protection and regular inspections
Minimizing personnel handling personal information and conducting regular training, managing access rights granting/modification/cancellation
Managing and supervising data processors (contract/security requirements/inspections, etc.)
Operating incident response procedures (recognition–response–reporting–prevention of recurrence)
2) Technical Measures
Access control for personal information processing systems (authority management, authentication, access restrictions, etc.)
Encryption of transmission sections (e.g., TLS), storing important information in encrypted form (if necessary)
Retention of access records (logs) and preventing manipulation, monitoring for abnormal signs
Malware prevention and security patching/vulnerability checks, operating backup and recovery procedures
3) Physical Measures
Physical access control to infrastructures where personal information is stored/processed (including control by cloud service providers)
Office space/device access management (if necessary)
10. Installation, Operation, and Refusal of Automatic Collection Devices such as Cookies
The Company may use automatic collection devices such as cookies to provide services and improve the usage environment.
Users can refuse/delete cookie storage through browser settings, and some features may be limited in case of refusal.
11. Personal Information of Children under 14 Years of Age
The Company does not generally provide services to children under the age of 14 and does not intentionally collect children's personal information. If the Company becomes aware of such facts, necessary measures such as destruction will be taken without delay.
12. Personal Information Protection Officer and Grievance Handling
The Company is responsible for overseeing personal information processing and operates the personal information protection officer and grievance handling office as follows to handle complaints and redress the damages related to personal information processing.
Personal Information Protection Officer (CPO): Leo Jang (CEO)
Contact: support@celon.ai
13. Remedies for Infringement of Rights
Data subjects can receive consultation and remedies for personal information infringement through the institutions below (separate from the Company).
Personal Information Infringement Reporting Center: (without area code) 118
Personal Information Dispute Mediation Committee: 1833-6972
Supreme Prosecutors' Office: (without area code) 1301
National Police Agency: (without area code) 182
14. Changes to the Personal Information Processing Policy
This policy may be revised due to changes in laws/services, and if there are significant changes, the Company will notify through the service screen or homepage before implementation.
Contact Information
Celon Inc.
Contact: support@celon.ai