Privacy Policy

해례 (Haerye)

Effective date: 2026-02-11
Service name: 해례 (Haerye)
Operator: PKC Company (Representative: Park Ki Chul)
Contact: PKC@haerye.com
Subscription / Billing (MoR): Lemon Squeezy

1. Overview

This Privacy Policy explains how Haerye ("we", "our", "the Service") collects, uses, shares, and protects personal information when you use the Service.

2. Personal Information We Collect

Depending on how you use the Service, we may collect:

  • Account information such as email address and account identifiers when you sign up/sign in (including email/password login) or sign in with Google.
  • Profile information (optional) such as display name and profile photo URL, mainly from Google Sign-In if available. The Service does not display your profile photo in the app.
  • Login and usage records such as last login time and basic service usage logs for security and troubleshooting.
  • Learning activity data such as study timestamps and learning events (e.g., correctness events and item keys) used to generate learning statistics and mastery/progress features.
  • Free trial / device-based trial data. To enforce the free trial and reduce repeated abuse, we generate a hashed device fingerprint ("deviceHash") using certain device/browser information (e.g., user agent, language, platform, screen information, time zone, and limited device capability signals). We may store trial timing data (trial start time and expiration time) and may store your browser user agent as part of the trial record.
  • Subscription / payment information. We store subscription status and billing-related records needed to provide paid access and customer support (e.g., subscription status, subscription IDs, subscription period end timestamps, order identifiers, and customer portal URL).
  • Analytics data. We use Google Analytics for Firebase (GA4). Analytics may collect app usage events and identifiers (including an app-instance identifier), and may use technologies similar to cookies and mobile device identifiers to measure usage.
  • Customer support information you provide if you contact support via PKC@haerye.com.

3. Purposes of Processing

We process personal information to:

  • Provide and operate the Service (authentication, account access, and essential features).
  • Create and manage user profiles and maintain login history.
  • Provide the free trial, synchronize the free trial timer/state, and help prevent repeated abuse of the free trial.
  • Generate learning progress, statistics, and mastery/progress features.
  • Manage monthly subscriptions (e.g., verifying subscription status via our Merchant of Record, Lemon Squeezy).
  • Improve the Service (debugging, analytics, performance monitoring).
  • Respond to inquiries and provide customer support.
  • Security, fraud prevention, and compliance with legal obligations.

4. Retention Period

We retain personal information only as long as needed for the purposes described above:

  • Account data: retained until account deletion, unless longer retention is required by law.
  • Learning progress / statistics / settings: retained until account deletion, unless longer retention is required by law.
  • Subscription records: retained as needed for accounting, dispute resolution, and legal compliance.
  • Free trial records: retained for 30 days, then deleted or overwritten as part of routine cleanup.
  • Logs / security records: retained for 30 days for security and troubleshooting, then deleted or anonymized.
  • Analytics (GA4) data: retained for 14 months according to our analytics retention settings.

5. Sharing and Third Parties

We may share personal information with:

  • Service providers that operate our infrastructure (e.g., hosting, authentication, databases, cloud functions) including Firebase services.
  • Subscription billing and payment processing (Merchant of Record): Lemon Squeezy. If you initiate a checkout or manage billing, we may provide your email address and purchase/subscription-related identifiers to Lemon Squeezy for billing operations (e.g., checkout prefill and customer portal access). (Lemon Squeezy Privacy Policy)
  • Analytics provider: Google Analytics for Firebase (GA4) as part of Firebase/Google Analytics. We do not intentionally send directly identifying information (such as your email address) in analytics event parameters.
  • AI conversation service provider: OpenAI (API). If you use the AI-powered conversation feature, the text you enter (and optional recent conversation context you provide) may be transmitted to OpenAI to generate a response. We do not send your email address, Firebase UID, or other directly identifying personal information to OpenAI in this process. (See: OpenAI API data controls)
  • Authorities when required by applicable law or valid legal process.

We do not sell your personal information.

6. International Transfers

If personal information is processed outside your country by our service providers, we will take reasonable measures to protect your information in accordance with applicable law.

7. Your Rights

Depending on applicable law, you may request access, correction, deletion, or withdrawal of consent by contacting PKC@haerye.com.

8. Security Measures

We implement reasonable technical and organizational measures to protect personal information against unauthorized access, loss, misuse, or alteration.

For subscription events received from our billing provider, we verify webhook signatures before processing to reduce unauthorized or tampered requests.

9. Cookies / Local Storage

We may use cookies or local storage to keep login state and maintain preferences.

For the free trial, we use local storage to store trial state (e.g., trial start time) and related UI state.

Analytics may use identifiers and technologies similar to cookies and mobile device identifiers to measure usage.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted with a revised effective date.

11. Google User Data (OAuth)

Data Accessed

When you sign in using Google Sign-In, we access the following Google user data solely for authentication purposes:

  • Email address
  • Display name
  • Profile photo URL (if provided)
  • Google OAuth user identifier (UID)

Data Usage

We use Google user data strictly to authenticate users, create and manage user accounts, and provide access to subscribed services. Google user data is not used for advertising, marketing, or profiling purposes.

Data Sharing

We do not sell Google user data. If you initiate subscription checkout or billing management, we may provide your email address to our Merchant of Record (Lemon Squeezy) for checkout/billing operations (e.g., checkout prefill and customer portal).

Data Storage & Protection

User account and usage data are stored on secure cloud infrastructure (including Firebase services). We apply industry-standard security measures, including access controls and encryption in transit, to protect user data.

Data Retention & Deletion

Google user data is retained only for as long as necessary to provide our services and to comply with legal obligations. Users may delete their account at any time using the in-app Delete Account feature (Settings > Account > Delete Account) or by contacting us at PKC@haerye.com. Upon a valid deletion request, associated personal data will be permanently deleted within 7 days, unless retention is required by law.

Google API Services User Data Policy (Limited Use)

Haerye's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

12. AI-Powered Conversation (OpenAI API)

What this feature does

If you use the AI-powered conversation feature, the Service sends your input text to OpenAI’s API to generate a conversational response. Voice features are handled by your browser’s Web Speech API; we do not send your microphone audio to OpenAI for this feature.

Data transmitted

  • Conversation text that you type (and, if you provide it, a limited recent conversation history used as context).
  • No direct identifiers: we do not send your email address, Firebase UID, or other directly identifying personal information to OpenAI for response generation.

Purpose of processing

The purpose is to generate AI responses for conversation practice and to operate the feature you requested.

Storage and retention

We do not store AI conversation content in our database. The text is processed in real time to generate a response and is not retained by us after the response is returned. OpenAI states that data sent to the API is not used to train models by default, and that API inputs/outputs may be retained for a limited period (commonly up to 30 days) for abuse monitoring unless different retention settings apply.

International transfers

OpenAI may process data on servers located outside your country (including the United States). By using the AI conversation feature, you acknowledge that such cross-border processing may occur.

AI-generated content notice

Responses are generated automatically by an AI system. We do not guarantee the accuracy, completeness, or appropriateness of AI-generated content, and you should not rely on it as professional advice.