개인정보처리방침 | DAMSORA

Privacy Notice

Last updated: 23 April 2026

This notice applies to users in the European Economic Area (EEA) and covers GDPR requirements (Art. 13–14).

1. Data Controller

Company: DAMSORA

Representatives: Junhwi Nam, Sehyun Park

Address: [to be updated upon business registration]

Email: privacy@damsora.com

EU Representative (GDPR Art. 27): To be designated before EU service launch.

2. Data We Collect and Legal Basis

Data	Purpose	Legal Basis (Art. 6)
Name, email, date of birth, password	Account creation and authentication	6(1)(b) — contract performance
Google account ID, email	Social login (OAuth)	6(1)(b) — contract performance
Payment records (no card data stored)	Subscription billing and refunds	6(1)(b) — contract performance
Session records, reviews, learning notes	Core service delivery	6(1)(b) — contract performance
IP address, browser type, access logs	Security, abuse prevention	6(1)(f) — legitimate interest
Analytics data (anonymised)	Service improvement	6(1)(a) — consent
Marketing preferences	Promotional communications	6(1)(a) — consent
Payment records (5 years)	Legal obligation (tax / e-commerce law)	6(1)(c) — legal obligation

3. Data Retention

Data Category	Retention Period
Account data	30 days after account deletion
Payment records	5 years (legal obligation)
Dispute records	3 years
Access logs	3 months
Video session data	Deleted at session end

4. Processors and International Transfers

We use the following processors. All transfers outside the EEA are protected by Standard Contractual Clauses (SCCs) adopted by the European Commission.

Processor	Country	Purpose	Safeguard
Supabase, Inc.	USA	Database & authentication	SCCs
Paddle.com Market Ltd.	UK	Payment processing (Merchant of Record)	UK GDPR adequacy
Resend, Inc.	USA	Transactional email	SCCs
Vercel, Inc.	USA	Service hosting	SCCs
Google LLC	USA	Social login & analytics	SCCs
LiveKit, Inc.	USA	Video call infrastructure	SCCs

5. Your Rights (GDPR Art. 15–22)

You have the following rights regarding your personal data:

•

Right of access (Art. 15) — Request a copy of the data we hold about you.

•

Right to rectification (Art. 16) — Ask us to correct inaccurate data.

•

Right to erasure (Art. 17) — Ask us to delete your data ("right to be forgotten").

•

Right to restriction (Art. 18) — Ask us to limit how we use your data.

•

Right to data portability (Art. 20) — Receive your data in a machine-readable format.

•

Right to object (Art. 21) — Object to processing based on legitimate interests.

•

Rights re: automated decisions (Art. 22) — Not to be subject to solely automated decisions that significantly affect you.

•

Right to withdraw consent (Art. 7(3)) — Withdraw consent at any time; withdrawal does not affect prior processing.

To exercise any right, email privacy@damsora.com. We respond within 30 days. You may also lodge a complaint with your local supervisory authority (e.g. your national data protection authority).

6. Cookies

We use essential cookies for login sessions and, with your consent, analytics cookies (Google Analytics). See our Cookie Policy for details and how to manage your preferences.

7. Children

Our service is not directed to persons under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

8. Changes to This Notice

We may update this notice to reflect changes in law or our services. Material changes will be communicated at least 30 days in advance via in-app notice or email.

9. Contact

Data Protection Contact: Sehyun Park

Email: privacy@damsora.com

Privacy Notice

Last updated: 23 April 2026

This notice applies to users in the European Economic Area (EEA) and covers GDPR requirements (Art. 13–14).

1. Data Controller

Company: DAMSORA

Representatives: Junhwi Nam, Sehyun Park

Address: [to be updated upon business registration]

Email: privacy@damsora.com

EU Representative (GDPR Art. 27): To be designated before EU service launch.

2. Data We Collect and Legal Basis

Data	Purpose	Legal Basis (Art. 6)
Name, email, date of birth, password	Account creation and authentication	6(1)(b) — contract performance
Google account ID, email	Social login (OAuth)	6(1)(b) — contract performance
Payment records (no card data stored)	Subscription billing and refunds	6(1)(b) — contract performance
Session records, reviews, learning notes	Core service delivery	6(1)(b) — contract performance
IP address, browser type, access logs	Security, abuse prevention	6(1)(f) — legitimate interest
Analytics data (anonymised)	Service improvement	6(1)(a) — consent
Marketing preferences	Promotional communications	6(1)(a) — consent
Payment records (5 years)	Legal obligation (tax / e-commerce law)	6(1)(c) — legal obligation

3. Data Retention

Data Category	Retention Period
Account data	30 days after account deletion
Payment records	5 years (legal obligation)
Dispute records	3 years
Access logs	3 months
Video session data	Deleted at session end

4. Processors and International Transfers

We use the following processors. All transfers outside the EEA are protected by Standard Contractual Clauses (SCCs) adopted by the European Commission.

Processor	Country	Purpose	Safeguard
Supabase, Inc.	USA	Database & authentication	SCCs
Paddle.com Market Ltd.	UK	Payment processing (Merchant of Record)	UK GDPR adequacy
Resend, Inc.	USA	Transactional email	SCCs
Vercel, Inc.	USA	Service hosting	SCCs
Google LLC	USA	Social login & analytics	SCCs
LiveKit, Inc.	USA	Video call infrastructure	SCCs

5. Your Rights (GDPR Art. 15–22)

You have the following rights regarding your personal data:

•

Right of access (Art. 15) — Request a copy of the data we hold about you.

•

Right to rectification (Art. 16) — Ask us to correct inaccurate data.

•

Right to erasure (Art. 17) — Ask us to delete your data ("right to be forgotten").

•

Right to restriction (Art. 18) — Ask us to limit how we use your data.

•

Right to data portability (Art. 20) — Receive your data in a machine-readable format.

•

Right to object (Art. 21) — Object to processing based on legitimate interests.

•

Rights re: automated decisions (Art. 22) — Not to be subject to solely automated decisions that significantly affect you.

•

Right to withdraw consent (Art. 7(3)) — Withdraw consent at any time; withdrawal does not affect prior processing.

To exercise any right, email privacy@damsora.com. We respond within 30 days. You may also lodge a complaint with your local supervisory authority (e.g. your national data protection authority).

6. Cookies

We use essential cookies for login sessions and, with your consent, analytics cookies (Google Analytics). See our Cookie Policy for details and how to manage your preferences.

7. Children

8. Changes to This Notice

We may update this notice to reflect changes in law or our services. Material changes will be communicated at least 30 days in advance via in-app notice or email.

9. Contact

Data Protection Contact: Sehyun Park

Email: privacy@damsora.com