This Privacy Policy is a policy document intended to clearly guide the items of personal information that may be collected and processed, the purpose of processing, the retention standards, and the rights of the data subject in the course of using the DEEP Agent service (hereinafter referred to as the "Service") provided by Korea Deep Learning Inc. (hereinafter referred to as the "Company"). Any act of accessing or using this Service is deemed to constitute agreement to the processing of personal information in accordance with this Privacy Policy.
Last Updated: March 20, 2026
1. General Provisions and Scope of Application
This Policy is established and operated by Korea Deep Learning Inc. (hereinafter referred to as the "Company") to safely protect the personal information of data subjects and to faithfully comply with legal, technical, and administrative requirements throughout the entire personal information processing lifecycle. This Policy applies uniformly to the entire technology ecosystem provided by the Company, including web-based services, cloud SaaS, on-premise installable engines, API-based products, and the DEEP Agent SaaS service. It clarifies the standards for the entire process of personal information processing (collection, retention, use, provision, and destruction) and stipulates the differences in processing methods depending on the commercial payment environment and global service environment.
2. Legal Basis and Principles of Personal Information Processing
The Company processes personal information based on relevant laws such as the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Act on the Consumer Protection in Electronic Commerce, and adopts the following principles as the standard for personal information processing.
Principle of Accountability: The Company is responsible for the processing of personal information and documents and manages the relevant procedures and standards. The Company exercises Controller rights over the collected data and maintains a responsible management system.
Principle of Data Minimization: The Company collects only the information essential for providing the service and advancing the AI models.
Principle of Transparency: The purpose of processing, items, and retention periods are clearly disclosed.
Principle of Purpose Limitation: The Company uses the information within the scope of the purpose of providing the service and training/improving the AI models as disclosed at the time of initial collection.
Principle of Security: Technical and administrative protective measures are applied at all times to prevent unauthorized access and leakage.
3. Personal Information Collection Items and Retention Period
3-1 Collection Items for Account-Based Services
The Company collects the minimum personal information necessary to provide the service, and collects the following items based on the user's consent. Upon payment, the sensitive full credit card information is not collected directly by the Company, but is securely collected and processed by our official payment partner, Paddle.
Category | Items | Purpose of Collection | Retention Period |
|---|---|---|---|
Required | Email, Password | Account creation, login, identity verification | Immediately deleted upon account withdrawal (However, if preservation is required by law, until the corresponding period) |
Optional | Name, affiliation, title, contact information | Technical consultation, 1:1 dedicated consulting (Ultra), customized support | Immediately deleted upon account withdrawal |
Payment | Billing email, country, address, business name, business registration number, masked payment method information (e.g., last 4 digits of the card) | Paid plan subscription, tax settlement, fraudulent payment prevention | Retained for 5 years in accordance with the Electronic Commerce Act |
Automatic | Access IP, device information, User-Agent, error logs | Security enhancement, prevention of malicious use, and service quality improvement | Up to 1 year |
3-2 Processing Information in the Course of Service Use
Data generated in the course of users utilizing commercial services is processed as follows for AI model advancement and service continuity.
Category | Items | Purpose of Processing | Retention Standard |
|---|---|---|---|
Input Data | Uploaded documents (images, PDFs, etc.), text | Providing AI processing results and AI model training and advancement | Retained until account withdrawal (De-identified after being utilized for AI model training) |
Processing Metadata | Request time, task ID, system status | Performance monitoring, error response, and credit deduction history management | Up to 1 year (5 years for payment evidence) |
Result Data | OCR results, structured information, extracted metadata | Providing results to the user and saving them in the workspace | Saved and maintained on the server until account withdrawal |
3-3 Asynchronous Processing Data Retention
For mass document processing or asynchronous API use, data is retained as follows for service stability.
Items | Retention Period | Purpose |
|---|---|---|
Input Data | Until account withdrawal | Delay response |
Output Data | Until account withdrawal | User re-verification |
Intermediate Logs | Until account withdrawal | Failure analysis and AI model retraining |
However, temporary logs for system error response are retained for up to 30 days.
4. User Management and Identity Verification
For secure account management, the Company encrypts and stores passwords using an irreversible hash function that cannot be decrypted, and internal staff access rights are strictly controlled according to the principle of least privilege. Login records and security event logs are retained for the period prescribed by relevant laws solely for the purpose of threat detection and service quality improvement. For paid plan (e.g., Ultra) users, member information may be utilized within the scope necessary for smooth 1:1 dedicated consulting and technical support.
5. Special Rules on Data Processing by Service Nature
DEEP Agent applies the following data processing principles for user convenience and AI technology advancement as a commercial SaaS service.
Data Storage and Maintenance: Outputs and extracted data generated by the user during the service use process are stored and maintained in the workspace for the user's continuous business utilization. These are not deleted upon session termination or page exit and are preserved until account withdrawal.
Utilization for AI Model Advancement: The Company may utilize the data and outputs uploaded by the user to improve the quality of the service and train AI models. Detailed matters follow Article 2 (Principles of Personal Information Processing) and Article 3 (Collection Items).
Special Rules for Beta Services (e.g., DEEP Parser): Beta services prior to official release are provided for the purpose of function verification and error detection. Logs and data generated during the use of beta services may be subject to different retention standards than official services, and the Company may manage such data separately as deemed necessary for operation.
6. Mass Document Processing and Asynchronous API Policy
6-1 Retention Standards by Data Type
When utilizing mass document processing and asynchronous APIs, data is retained according to the following standards to ensure service stability and the user's data continuity.
Data Type | Purpose of Retention | Maximum Period |
|---|---|---|
Input Data | Providing service results and AI model advancement training | Until account withdrawal |
Output Data | Result inquiry and redownload within the workspace | Until account withdrawal |
Error Logs | System failure analysis and technical support | Up to 1 year |
Meta Information | Service quality improvement and credit deduction history management | 5 years (complying with the Electronic Commerce Act) |
6-2 Exceptions for On-Premise Services
In the case of services provided in an on-premise environment, all data is processed and stored exclusively within the customer's own infrastructure. The Company does not access the user's input, output, or log data, nor does it transmit and store them on the Company's servers, unless explicitly requested by the customer or under a separate maintenance contract.
7. Technical Inquiry and Customer Support
Personal information collected during website inquiries, technical support, and partnership consultation processes is used exclusively for the purpose of receiving inquiries and managing history. In particular, for the 1:1 dedicated consulting and technical support services provided to paid plan (e.g., Ultra) users, consultation history and technical logs may be retained during the service use period to provide smooth service. These are not destroyed upon simple termination of the consultation but are maintained until account withdrawal for continuous care and failure analysis.
8. Marketing, Seminars, and Recruitment Process
Personal information collected upon registering for newsletters and seminars is processed solely for the purpose of sending event announcements and service update information, and users may opt out of receiving them at any time. Personal information submitted during the recruitment process is retained for up to 3 years after the end of recruitment (upon the applicant's consent), but upon request for deletion, it is destroyed without delay, excluding the scope prescribed by relevant laws.
9. Cross-Border Transfer of Personal Information and Global Payment Processing
he Company transfers personal information overseas as follows to ensure the stable provision of the service and global payment processing. The payment processing of this service is performed through Paddle, the official Merchant of Record. By using the global payment service, the user is deemed to have agreed to the cross-border transfer below concurrently with the payment process.
Merchant of Record and Transferee: Paddle.com Market Ltd (UK and global branches)
Transferred Items: Name, billing email, address, country information (including browser cookie information for payment and fraud detection)
Transferred Country: United Kingdom (UK) and the location of the respective company's data centers
Purpose of Transfer: Order processing, subscription payment execution, global tax settlement, and fraudulent payment detection
Retention Period: Subject to Paddle's independent Privacy Policy and the laws of the respective country
Method and Time of Transfer: Real-time transmission via encrypted communication (HTTPS) when using the payment service
10. Destruction of Personal Information, Guarantee of Rights, and Security Measures
The Company destroys the information without delay when the personal information retention period expires or the purpose of processing is achieved. If preservation is required by laws, the information is preserved until the corresponding period and then destroyed. Electronic files are deleted using irreversible methods, and paper documents are shredded or incinerated. Data subjects can exercise their rights to access, correct, delete, suspend processing, and withdraw consent. However, upon account withdrawal, all data in the workspace (including extraction outputs) is immediately destroyed and cannot be recovered; therefore, the user has the obligation to back up the data directly before withdrawal. The Company limits its liability for data loss due to the user's negligence in backup. The Company secures safety through the following measures:
Administrative Measures: Establishment of internal regulations, regular security training, access right management
Technical Measures: Data encryption, operation of intrusion prevention and anomaly detection systems
Physical Measures: Access control and record management of data centers
This Policy will be notified 7 days in advance in case of changes, and any changes disadvantageous to users will be notified at least 30 days in advance.
End of Doc.