Hyprboost
Language

Privacy Policy

Neurojourney Inc. (hereinafter referred to as the “Company”) complies with applicable personal information protection laws and regulations, including the Personal Information Protection Act, and establishes this Privacy Policy in accordance with relevant laws to protect users’ rights and interests. This Privacy Policy applies to the Hyprboost service (hereinafter referred to as the “Service”) provided by the Company.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. Personal information processed by the Company shall not be used for purposes other than those stated below. If the purpose of use changes, the Company will take necessary measures, such as obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act.

  1. Membership Registration and Management: Identification and authentication of users for membership-based services, maintenance and management of membership status, prevention of fraudulent or unauthorized use of the Service, delivery of notices and notifications, and record retention for dispute resolution.
  2. Service Provision and Operation: Provision of paid services, content delivery, fulfillment of contracts, payment processing and settlement, customer support, and handling of inquiries.
  3. Service Improvement and Development of New Services: Analysis of service usage records and access frequency, utilization of statistical data, verification of service effectiveness, improvement of AI model performance, development of new features, and provision of customized services.
  4. Marketing and Advertising: Provision of information on new services and events, and delivery of promotional or advertising materials (only where separate consent has been obtained from the data subject).

Article 2 (Items of Personal Information Collected and Methods of Collection)

  1. Items of Personal Information Collected
    • Corporate Customers (Administrators): Name, email address, password, company name, contact information (required) -> Membership registration and management, service provision, payment processing
    • Corporate Customers (Administrators): Job title, department (optional) -> Membership registration and management, service provision, payment processing
    • Individual Customers: Name, email address, password (required) -> Membership registration and management, service provision, payment processing
    • End Users: Name, email address (required) -> Service use and collaboration features
    • End Users: Profile image (optional) -> Service use and collaboration features
  2. Methods of Collection of Personal Information
    • Through membership registration and service use via the website or mobile app/web
    • Through inquiries and consultations via customer support channels
    • Automatically collected through generated information collection tools

Article 3 (Retention and Processing Period of Personal Information)

  1. The Company processes and retains personal information within the period stipulated by applicable laws or within the period agreed upon at the time of collection from the data subject.
  2. The specific retention and processing periods are as follows:
    ① Member Information: Until membership withdrawal. However, in the following cases, information is retained until the relevant reason is resolved:
    • If investigations or inquiries are in progress due to violations of relevant laws, until such investigations or inquiries are completed
    • If rights and obligations arising from service use remain, until settlement of such rights and obligations is completed
    ② Information Required to Be Retained by Law:
    • Protection of Communications Secrets Act: Website access records (e.g., login records) – 3 months
    • Act on Consumer Protection in Electronic Commerce, etc.:
    Records related to contracts or withdrawal of subscription – 5 years
    Records related to payment and supply of goods or services – 5 years
    Records related to consumer complaints or dispute resolution – 3 years

Article 4 (Entrustment of Personal Information Processing and Provision to Third Parties)

The Company processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information). The Company provides personal information to third parties only where consent has been obtained from the data subject or where permitted under Articles 17 and 18 of the Personal Information Protection Act or other applicable laws.

Article 5 (Overseas Transfer of Personal Information)

For service provision and stable data management, the Company transfers (entrusts processing and stores) personal information overseas as follows:
• Vercel: Operation of hosting servers
• Supabase: Operation of cloud infrastructure and storage of customer data
• Google Analytics: Analysis of service usage statistics and logs
• Resend: Operation of newsletter and marketing email delivery systems
• Paddle: Payment processing, fraud prevention, settlement, and refund processing
• OpenAI: Provision and operation of AI features (transfer of anonymized data where necessary)
• Gemini: Provision and operation of AI features (transfer of anonymized data where necessary)
• Perplexity: Provision and operation of AI features (transfer of anonymized data where necessary)
• Grok: Provision and operation of AI features (transfer of anonymized data where necessary)
• Anthropic: Provision and operation of AI features (transfer of anonymized data where necessary)

Article 6 (Rights and Obligations of Data Subjects and Methods of Exercising Rights)

  1. Data subjects may exercise the right to request access to, correction of, deletion of, or suspension of processing of their personal information at any time.
  2. Such rights may be exercised through written requests, email, or customer support channels, and the Company will take action without undue delay.
  3. Where a data subject requests correction or deletion of personal information due to errors, the Company will not use or provide such personal information until the correction or deletion is completed.
  4. Matters concerning the processing of personal information of children under the age of 14 are handled separately in accordance with the Company’s policy. The Company does not allow registration of members under the age of 14.

Article 7 (Procedures and Methods for Destruction of Personal Information)

When personal information becomes unnecessary due to the expiration of the retention period or achievement of the processing purpose, the Company will destroy such personal information without delay. The procedures and methods for destruction are as follows:

  1. Destruction Procedure: Personal information subject to destruction is selected, and destruction is carried out with the approval of the Company’s Chief Privacy Officer.
  2. Destruction Method: Personal information stored in electronic file format is deleted using technical methods that render recovery impossible. Personal information recorded on paper documents is destroyed by shredding or incineration.

Article 8 (Measures to Ensure the Security of Personal Information)

The Company implements the following measures to ensure the security of personal information:

  1. Administrative Measures: Establishment and implementation of internal management plans, minimization of personnel handling personal information
  2. Technical Measures: Access control to personal information processing systems, encryption of unique identification information, installation and updating of security programs
  3. Physical Measures: Access control to data centers and document storage rooms

Article 9 (Chief Privacy Officer)

  1. The Company designates a Chief Privacy Officer to oversee personal information processing and to handle complaints and remedies related to personal information as follows:
    • Name: Yubin Kim
    • Title: Officer in Charge
    • Contact: legal@hyprboost.com
  2. Data subjects may contact the Chief Privacy Officer or the responsible department regarding any inquiries, complaints, or remedies related to personal information protection arising during service use.

Article 10 (Amendments to the Privacy Policy)

This Privacy Policy shall take effect from the effective date. If any additions, deletions, or amendments are made due to changes in laws or Company policies, such changes will be announced through notices at least seven (7) days prior to the effective date of the changes.