InsuLab Privacy Policy
Effective Date: September 1, 2025
This privacy policy takes effect on September 1, 2025.
InsuLab (the ‘Company’) establishes this policy to protect the personal data of users of the AI language learning service (‘Service’) provided by the Company and to comply with relevant laws and regulations, including the Personal Information Protection Act and the Information and Communications Network Act.
1. Personal Data We Collect
- When registering and creating an account
- Google Sign-In: email, name, profile photo, Google UID
- Apple Sign-In: Apple ID, email, name (optional)
- User-selected nickname
- When using the Service
- Voice recordings
- Device information (OS, version) and in-app usage logs
- For payments and billing
- RevenueCat purchase history
- Subscription status, renewal information, credit balance
- App Store / Google Play purchase records
2. Purpose of Processing Personal Data
- Account registration, login, and account management
- Providing AI learning services (conversation generation, pronunciation evaluation, role-play, etc.)
- Storing and sharing user-generated content
- Service operations, log analysis, statistics, and feature improvements
- Managing payments, settlements, and refunds for paid services
- Responding to customer inquiries, handling reports, and resolving disputes
3. Retention and Use Period of Personal Data
| Personal Data | Retention Period | Legal Basis |
|---|---|---|
| Login records | 3 months | Protection of Communications Secrets Act |
| Display and advertising records | 6 months | Act on Consumer Protection in Electronic Commerce |
| Consumer complaints and dispute records | 3 years | Act on Consumer Protection in Electronic Commerce |
| Contract and withdrawal records | 5 years | Act on Consumer Protection in Electronic Commerce |
| Payment and supply records | 5 years | Act on Consumer Protection in Electronic Commerce |
| All other collected personal data | Deleted immediately upon membership withdrawal (except where retention is required by law) |
4. How We Collect Personal Data
- Direct input during MojiMoji app registration and Service use
- Information provided during Google / Apple login
- Automatic collection through integrated services such as Firebase and RevenueCat
- Automatically generated device and log data while using the app
5. Overseas Transfer of Personal Data
| Recipient | Country | Data | Purpose | Retention |
|---|---|---|---|---|
| Google Firebase (BigQuery, Firestore, etc.) | Seoul & United States | Account, learning, and usage data | Data storage, analysis, and authentication | Deleted immediately upon membership withdrawal (except statutory retention) |
| OpenAI, L.L.C. | United States | Conversation content, voice transcripts | GPT, Whisper, and TTS processing | Deleted immediately after processing (logs are anonymized) |
| RevenueCat, Inc. | United States | Purchase information, subscription status | In-app purchase management | Until membership withdrawal or statutory retention period |
| Google AdMob | United States | Advertising ID, device information | Ad delivery | Until membership withdrawal or statutory retention period |
| Railway | Singapore | Server logs, request data | App server operations | Until membership withdrawal or statutory retention period |
6. Outsourcing of Personal Data Processing
| Vendor | Delegated Tasks |
|---|---|
| Google Firebase | Data storage, authentication, and analytics |
| OpenAI | Conversation generation and speech recognition/synthesis |
| RevenueCat | In-app purchase management |
| Google AdMob | Ad placement |
| Apple / Google Stores | Payment processing |
| Railway | Server operations |
7. Personal Data Destruction Procedures and Methods
- Data is destroyed without delay once the purpose is fulfilled
- Electronic files: permanently deleted using irrecoverable methods
- Paper documents: shredded or incinerated
8. Measures to Ensure the Security of Personal Data
- SSL/TLS encrypted communication
- Encrypted storage of sensitive data (FlutterSecureStorage)
- Application of Firebase Security Rules and App Check
- Regular security audits and backups
- Minimum access privileges and regular internal training
9. Use of Cookies and Similar Technologies
- Used for automatic login, traffic analytics, and personalized services
- Mobile apps utilize device identifiers (such as advertising IDs)
- Refusing cookies/identifiers may limit certain features
10. Rights of Data Subjects
Users may exercise the following rights at any time.
- Access, correction, and deletion: available in the app under My Page > Account Settings
- Request to suspend processing or delete the account: contact customer support or email mojimoji.official.kr@gmail.com
- Processing timeline: We respond within 30 days of receipt and notify the result
11. Data Protection Officer
- Officer: Insu Oh
- Position: CEO
- Email: mojimoji.official.kr@gmail.com
12. Complaint Handling and Remedies
Users may contact the following organizations for consultation or to file a complaint about personal data breaches.
- Personal Information Infringement Report Center (dial 118 / privacy.kisa.or.kr)
- Personal Information Dispute Mediation Committee (1833-6972 / www.kopico.go.kr)
- Supreme Prosecutors’ Office Cyber Investigation Division (1301 / www.spo.go.kr)
- Korean National Police Agency Cyber Bureau (182 / ecrm.cyber.go.kr)
13. Children’s Personal Data
- The Company does not allow users under the age of 14 to register and does not knowingly collect their personal data.