Sign In

Privacy Policy (2026-05-15)

LilysAI Co., Ltd. (hereinafter referred to as the "Company") processes personal information lawfully and manages it securely in compliance with the Personal Information Protection Act and related laws and regulations to protect the freedom and rights of data subjects. Accordingly, in accordance with Article 30 of the Personal Information Protection Act, the Company establishes and discloses the following Privacy Policy to guide data subjects on the procedures and standards regarding the processing and protection of personal information, and to ensure the prompt and smooth handling of grievances related thereto. This Privacy Policy applies to the LilysAI service (hereinafter referred to as the "Service") provided by the Company.
Article 1 (Purpose of Personal Information Processing, Items of Personal Information Processed, and Processing and Retention Period)
① The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those listed below, and if the purpose of use changes, the Company plans to take necessary measures, such as obtaining separate consent in accordance with relevant laws and regulations.
② In principle, personal information is destroyed without delay upon membership withdrawal or the fulfillment of the purpose of use. However, if separate consent was obtained at the time of collection or if additional retention is required in accordance with relevant laws, the personal information will be processed and retained within the relevant retention and usage period.
③ The methods by which the company collects personal information are as follows:
1. Direct input by the data subject during the process of using the service
2. Delivered from linked services such as SNS-linked sign-up
3. Collected from usage statistics collection tools
4. Automatic collection through generated information collection tools
5. Collected offline
④ The items of personal information processed by processing purpose and the processing and retention periods are as follows.
Processing purpose
Items of personal information processed
Processing and retention period
(Required) Membership registration and management
(When signing up via email) Nickname, Email, Password
(When signing up by linking with social media such as Google) Email, information allowed by the linked social media
Until membership withdrawal
(Required) Contact for service-related notifications, responding to service inquiries
Nickname, Email
Until membership withdrawal
However, in cases falling under the following reasons, until the end of the relevant period
Records regarding consumer complaints or dispute resolution: 3 years (Act on the Consumer Protection in Electronic Commerce, etc.)
(Optional) Fulfillment of contracts regarding the provision of paid services, settlement of fees resulting from the provision of paid services
Credit card number, date of birth, or business registration number
Until membership withdrawal or payment method deletion
However, in cases falling under the following reasons, until the end of the relevant period
Records regarding contracts or withdrawal of subscriptions, etc. (Act on the Consumer Protection in Electronic Commerce, etc.)
Records regarding payment settlement and supply of goods, etc.: 5 years (Act on the Consumer Protection in Electronic Commerce, etc.)
Records regarding electronic financial transactions: 5 years (Electronic Financial Transactions Act)
(Optional) Application in marketing and advertising
Nickname, Email
Until membership withdrawal or withdrawal of consent to use
(Optional) Service quality improvement and feature development
Information entered by the user and AI-generated results
Until membership withdrawal or withdrawal of consent to use
(Required) Prevention of fraudulent use
Email
Up to 30 days after membership withdrawal
Article 2 (Matters concerning the processing of personal information of children under the age of 14)
① If the Company requires consent to process the personal information of a child under the age of 14, it obtains consent from the legal representative of the child concerned.
② When obtaining consent from a legal representative regarding the processing of personal information of a child under the age of 14, the Company may request minimal information from the child, such as the legal representative's name, date of birth, gender, nationality (Korean or foreign), mobile phone number, mobile carrier information, i-PIN information (when verifying i-PIN), and identity verification values ​​(CI, DI); the Company may have the legal representative indicate whether they consent on an internet site where the consent content is posted, and confirm this fact by notifying the legal representative via a text message to their mobile phone that the indication of consent has been verified.
Article 3 (Provision of Personal Information to Third Parties)
The Company processes the personal information of data subjects only within the scope specified in the purpose of processing personal information, and provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as the data subject's consent or special provisions of the law, and does not provide the data subject's personal information to third parties otherwise.
Article 4 (Outsourcing of Personal Information Processing)
① The Company entrusts personal information processing tasks as follows to ensure smooth processing of personal information.
Entrusted person
Details of entrusted work
Intercom, Inc.
Customer service
Tally BV
Data collection using forms
Stripe, Inc.
Payment processing
NICE Payments Co., Ltd.
Payment processing
Kakaopay Corp.
Payment processing
Korea PortOne
Payment processing
Amazon Web Services, Inc.
Operation and management of cloud infrastructure (servers, storage, databases)
Google LLC
Statistical analysis via Google Analytics, statistical analysis via Firebase Analytics, and integration for providing AI features
Microsoft Corporation
Linkage for providing AI functions
Anthropic PBC
Linkage for providing AI functions
OpenAI, LLC
Linkage for providing AI functions
Soniox Inc.
Linkage for providing AI functions
Groq, Inc.
Linkage for providing AI functions
PyannoteAI
Linkage for providing AI functions
Mixpanel, Inc
Web usability analysis and improvement
Functional Software, Inc.
Error monitoring and log analysis
Astrodon Inc.
Send email
Twilio Inc.
Send email
② In accordance with Article 26 of the Personal Information Protection Act, when concluding a consignment contract, the Company specifies in documents such as contracts matters concerning the prohibition of processing personal information for purposes other than the performance of consigned tasks, technical and administrative protective measures, restrictions on re-consignment, management and supervision of the trustee, and liability such as compensation for damages, and supervises whether the trustee safely processes personal information.
③ If there are any changes to the content of the entrusted work or the trustee, we will disclose this without delay through this Privacy Policy.
Article 5 (Transfer of Personal Information Overseas)
The company entrusts the following tasks to overseas corporations as follows:
Recipient of personal information and contact information
Purpose
Items of personal information transferred for entrustment of processing
Countries, timing, and methods of personal information transfer
Retention and usage period of personal information by the recipient
Methods, procedures, and effects of refusing the transfer of personal information
Intercom, Inc.dataprotection@intercom.io
Customer support and in-app messaging
Email, name, and the inquiry details entered by the user
USA / Transmission via an encrypted network at the time of service use
Until withdrawal of membership or termination of consignment contract
Please indicate your refusal via support@lilys.ai. Rejection may result in restrictions on the use of customer support services.
Tally BVhello@tally.so
Data collection through survey forms
Name, Email, Survey Response Details
Netherlands / Transmission via an encrypted network at the time of form submission
Until withdrawal of membership or termination of consignment contract
Indicate your refusal by sending an email to support@lilys.ai. Submission of survey responses is restricted if you decline.
Stripe, Inc. dpo@stripe.com
Payment processing
Payment card information, name, email, billing address, payment history
USA / Transmission via an encrypted network at the time of payment
Until the retention period in accordance with relevant laws and regulations
Indicate your refusal via support@lilys.ai. Payment usage will be restricted upon refusal.
Amazon Web Services, Inc.aws-korea-privacy@amazon.com
Cloud infrastructure operations
Service usage records
USA / Transmission via an encrypted network at the time of service use
Until withdrawal of membership or termination of consignment contract
Indicate your refusal via support@lilys.ai. Service usage will be restricted upon refusal.
Google LLCgooglekrsupport@google.com
Operation of cloud infrastructure and analytics tools, use of AI models
Email, user identifier, service usage history, device information
USA / Transmission via an encrypted network at the time of service use
Until withdrawal of membership or termination of consignment contract
Indicate your refusal via support@lilys.ai. Service usage will be restricted upon refusal.
Microsoft Corporation https://aka.ms/privacyresponse
Using AI models
Text and content entered by the user
USA / Transmission via an encrypted network at the time of service use
Until withdrawal of membership or termination of consignment contract
Indicate your refusal via support@lilys.ai. Service usage will be restricted upon refusal.
Anthropic PBCprivacy@anthropic.com
Using AI models
Text and content entered by the user
USA / Transmission via an encrypted network at the time of service use
Until withdrawal of membership or termination of consignment contract
Indicate your refusal via support@lilys.ai. Service usage will be restricted upon refusal.
OpenAI, LLCprivacy@openai.com
Using AI models
Text and content entered by the user
USA / Transmission via an encrypted network at the time of service use
Until withdrawal of membership or termination of consignment contract
Indicate your refusal via support@lilys.ai. Service usage will be restricted upon refusal.
Soniox Inc.support@soniox.com
Using AI models
Text and content entered by the user
USA / Transmission via an encrypted network at the time of service use
Until withdrawal of membership or termination of consignment contract
Indicate your refusal by sending an email to support@lilys.ai. If you refuse, access to some services will be restricted.
Groq, Inc.support@groq.com
Using AI models
Text and content entered by the user
USA / Transmission via an encrypted network at the time of service use
Until withdrawal of membership or termination of consignment contract
Indicate your refusal by sending an email to support@lilys.ai. If you refuse, access to some services will be restricted.
PyannoteAI

Using AI models
Text and content entered by the user
France / Transmission via an encrypted network at the time of service use
Until withdrawal of membership or termination of consignment contract
Indicate your refusal by sending an email to support@lilys.ai. If you refuse, access to some services will be restricted.
Mixpanel, Inccompliance@mixpanel.com
Statistical analysis
Email, user identifier, service usage history, device information
USA / Transmission via an encrypted network at the time of service use
Until withdrawal of membership or termination of consignment contract
Please indicate your refusal via support@lilys.ai. Refusal may result in some limitations on service stability improvements.
Functional Software, Inc. (Sentry)compliance@sentry.io
Application Error Monitoring
Email, user identifier, service usage history, device information
USA / Transmission via an encrypted network at the time of service use
Until withdrawal of membership or termination of consignment contract
Please indicate your refusal via support@lilys.ai. Refusal may result in some limitations on service stability improvements.
Astrodon Corporation (Loops)help@loops.so
Send email
Email, nickname, user identifier
USA / Transmission via an encrypted network at the time of service use
Until withdrawal of membership or termination of consignment contract
Indicate your refusal by sending an email to support@lilys.ai. Email reception will be restricted upon refusal.
Twilio Inc. (SendGrid)privacy@twilio.com
Send email
Email, nickname, user identifier
USA / Transmission via an encrypted network at the time of service use
Until withdrawal of membership or termination of consignment contract
Indicate your refusal by sending an email to support@lilys.ai. Email reception will be restricted upon refusal.
Article 6 (Procedures and Methods for Destruction of Personal Information)
① The Company destroys personal information without delay when it becomes unnecessary, such as when the retention period of personal information has expired or the purpose of processing has been achieved.
② In cases where personal information must continue to be preserved pursuant to other laws even after the retention period consented to by the data subject has expired or the purpose of processing has been achieved, the relevant personal information is transferred to a separate database (DB) or stored in a different location.
③ The procedures and methods for the destruction of personal information are as follows.
1. Destruction Procedure: The Company selects personal information for which a reason for destruction has arisen and destroys the personal information upon obtaining approval from the Chief Privacy Officer.
2. Method of Destruction: Information in the form of electronic files is destroyed using technical methods that prevent the records from being reproduced. Printed materials are destroyed by shredding or incineration.
Article 7 (Rights, Obligations, and Method of Exercise of Data Subjects and Legal Representatives)
① Data subjects may exercise their rights to request access, correction, deletion, or suspension of processing of their personal information from the Company at any time.
② You may exercise your rights against the Company in writing, via email, fax, etc., in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
③ You may exercise your rights through a representative, such as a legal representative of the data subject or an authorized agent. In this case, you must submit a power of attorney in accordance with Form No. 11 of the "Notice on the Method of Processing Personal Information (No. 2020-7)."
④ The right of a data subject to request access to and suspension of processing of personal information may be restricted pursuant to Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.
⑤ You cannot request the correction or deletion of personal information if the personal information is specified as a subject of collection in other laws.
⑥ When a request for access, correction/deletion, or suspension of processing is made in accordance with the rights of the data subject, the Company verifies whether the person making the request is the principal or a legitimate representative.
Article 8 (Measures to Ensure the Safety of Personal Information)
The company is taking the following measures to ensure the safety of collected personal information.
1. Administrative measures: Establishment and implementation of internal management plans, minimization of access rights to personal information, regular employee training, conducting regular internal audits, etc.
2. Technical measures: Management of access rights to personal information processing systems, encryption of personal information, installation of security programs and periodic updates/inspections, etc.
3. Physical measures: Storing documents/auxiliary storage media containing personal information in a secure location with a lock, controlling database access, etc.
Article 9 (Matters concerning the installation, operation, and refusal of automatic personal information collection devices)
① The Company may operate 'cookies' that frequently store and retrieve user information in order to provide customized services tailored to users. A cookie is a very small text file sent by the server used to operate the website to the user's browser, and it is stored on the user's computer hard disk.
② Purpose of using cookies: When a user visits the company's website, the website server reads the contents of the cookies stored on the user's device to maintain the user's settings and provide customized services.
③ Installation, Operation, and Rejection of Cookies: Users have the right to choose regarding the installation of cookies. By setting options in their web browser, users may allow all cookies, be prompted for confirmation whenever a cookie is saved, or reject the storage of all cookies. However, if you reject the installation of cookies, you may experience difficulties using some services that require a login.
④ Methods to refuse cookie settings include selecting options in the web browser used by the user to allow all cookies, confirm whenever a cookie is saved, or refuse to save all cookies.
(Setup method)
- Android phones: Google Settings → Ads → Select or deselect ad personalization
- IPhone: iPhone Settings → Privacy → Ads → Limit Ad Tracking
- Internet Explorer: Tools at the top of the web browser > Internet Options > Privacy
Article 10 (Personal Information Protection Officer and Manager)
The Company assumes overall responsibility for matters related to the processing of personal information and has designated a Chief Privacy Officer as follows to handle complaints and provide remedies for damages to data subjects regarding the processing of personal information. Data subjects may contact the Chief Privacy Officer and the relevant department regarding all inquiries, complaints, and remedies for damages related to personal information protection arising from the use of the Company's services. The Company will respond to and process inquiries from data subjects without delay.
▶ Chief Privacy Officer
- Name: Oh Hyun-soo
- Position: CEO
- Contact: support@lilys.ai
Article 11 (Personal Information Dispute Resolution)
Data subjects may apply to the following institutions for dispute resolution or consultation to seek relief for personal information infringement.
▶ Personal Information Infringement Report Center (operated by the Korea Internet & Security Agency)
- Scope of duties: Reporting personal information infringement, requesting consultation
- Phone: 118 (without area code)
- Address: Personal Information Infringement Reporting Center, 3F, 9 Jinheung-gil, Naju-si, Jeollanam-do (301-2 Bitgaram-dong), 58324
▶ Personal Information Dispute Mediation Committee
- Scope of duties: Application for personal information dispute mediation, collective dispute mediation (civil settlement)
- Homepage: https://www.kopico.go.kr
- Phone: 1833-6972 (without area code)
- Address: 4F, ​​Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul (03171)
▶ Supreme Prosecutors' Office Cyber ​​Investigation Division: (No area code) 1301 ( http://spo.go.kr )
▶ National Police Agency Cyber ​​Investigation Bureau: (No area code) 182 ( http://ecrm.police.go.kr/ )
Article 12 (Changes to the Personal Information Processing Policy)
The Company may revise the Privacy Policy in accordance with changes in laws or services. In the event of a revision to the Privacy Policy, notice will be given through service announcements (or individual notices). The revised Privacy Policy will take effect 7 days after the date of posting.
Announcement Date: May 6, 2026
Effective Date: May 15, 2026
This Privacy Policy is effective as of May 15, 2026.
Made with Slashpage