Privacy Policy

한국어 버전

Effective Date: January 1, 2024

1. Purpose

WellnessGo Co., Ltd. ("Company") respects the privacy of users of the voee service ("Service") and complies with applicable laws including the Personal Information Protection Act of the Republic of Korea, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and Google API Services User Data Policy. This Privacy Policy describes the categories of personal data we collect, how we use, store, share, and dispose of it.

2. Information We Collect

The Company collects the following information to provide the Service.

2.1 Data Stored on Our Servers

  • Authentication / identification: name, email address, profile image, unique identifier (received from the OAuth provider).
  • Automatically collected: IP address, access time, service usage logs, device information.
  • Optional: phone number, organization name.
  • Service content: transcripts (STT output, including SRT), call/meeting summaries, tags, action items, and meeting notes. These are retained so the user can re-access and search them in the app and on the web, and can be deleted by the user at any time.
  • Subscription & payment data: subscription plan/status, payment history (amount, currency, date, payment-method type), and identifiers issued by the payment gateway (billing key, purchase token, order ID). The Company does not store full card numbers or other sensitive payment credentials; these are handled by the payment gateway.

2.2 Data Automatically Deleted Immediately After Transcription

  • Original call/meeting audio files: uploaded to our servers solely to perform speech-to-text (STT) conversion. The audio files are automatically deleted from our servers immediately upon completion of transcription. Original audio is never persistently stored.

2.3 Data We Do Not Collect

We do not collect device call logs or SMS messages.voee does not transmit or store the device's system Call Log or SMS message content to its servers.

Summary: Original call/meeting audio files are uploaded only for transcription and are automatically deleted immediately after transcription completes. Text-based service content (transcripts, summaries, meeting notes) and authentication/payment data are stored on our servers to provide the Service, and the user can delete them at any time.

3. Social Login Integration and Google API Use

To make the user experience seamless, voee offers social login via Google and Kakao accounts, and integrations with Google Workspace APIs (Google Calendar, Google Tasks). The Company processes the following data only when the user explicitly grants permission on the consent screen. voee does not access, read, write, or send Gmail messages.

3.1 Google Sign-In (SSO)

  • Provider: Google LLC
  • Data accessed: Google account email, name, profile image, unique identifier (sub).
  • Purpose: account identification, authentication, prevention of duplicate sign-up.

3.1-b Kakao Sign-In (SSO)

  • Provider: Kakao Corp.
  • Data accessed: Kakao account unique identifier, nickname, profile image, and email (only if the user consents to providing their email).
  • Purpose: account identification and authentication.
  • Scope of processing: The Kakao account is used solely for login authentication. voee does not collect KakaoTalk messages, friend lists, or any other data. Users may disconnect voee at any time via Kakao's "Connected Services" management.

3.2 Google Calendar API (Optional)

  • Scopes: https://www.googleapis.com/auth/calendar.events, https://www.googleapis.com/auth/calendar.readonly
  • Data accessed: calendar event titles, descriptions, start/end times, locations, organizers, attendee emails, calendar names.
  • How it is used: displaying upcoming meetings inside voee; creating and updating events suggested from call/meeting summaries with the user's explicit confirmation; matching attendees to call history for context.
  • Storage: cached in the Company's database to power timeline and search; deleted immediately upon the user's request, sync removal, or account deletion.

3.3 Google Tasks API (Optional)

  • Scope: https://www.googleapis.com/auth/tasks
  • Data accessed: user's task lists, task titles, notes, due dates, completion state.
  • How it is used: creating follow-up tasks extracted from calls and meetings (with the user's confirmation); two-way sync of due dates and completion state between voee and Google Tasks.
  • Storage: cached in the Company's database; deleted immediately upon the user's request, sync removal, or account deletion.

3.4 Sharing and Limited Use

  • voee's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
  • The Company does not use data obtained through Google APIs for serving advertisements.
  • The Company does not sell user data to third parties.
  • The Company does not transfer Google user data to third parties except as necessary to provide or improve user-facing features that are prominent in the requesting application's user interface, comply with applicable law, or as part of a merger/acquisition with appropriate notice.
  • Humans do not read Google user data unless: (a) we have the user's affirmative agreement for specific messages, (b) it is necessary for security purposes such as investigating abuse, (c) it is required to comply with applicable law, or (d) the data is aggregated and de-identified for internal operations.

3.5 Security of OAuth Tokens

  • OAuth access and refresh tokens are stored encrypted at rest in the Company's database.
  • All transport between voee, the user's device, and Google APIs uses TLS encryption.
  • Access to tokens is restricted to a minimum number of administrators on a need-to-know basis.

3.6 User Control and Revocation

  • Users may revoke voee's access to their Google account at any time from Google Account Permissions.
  • Upon revocation or account deletion, all cached Google data on voee servers is destroyed in a manner that cannot be recovered.

4. Outsourcing of Personal Data Processing

To deliver the Service, the Company outsources certain processing operations to the following processors. Each processor handles only the data necessary for its contracted purpose.

ProcessorPurposeData Transferred
Microsoft Azure (Azure Speech / Cognitive Services)Speech-to-text conversion of call/meeting audio — processed transiently and discarded immediately after transcriptionAudio files (transient), language and speaker-diarization options
Summary API server (in-house or LLM providers such as OpenAI)Generation of summaries, tags, and sentiment analysis from transcripts — processed transiently, not retainedTranscript text (transient), call metadata
Google LLCGoogle SSO, Calendar and Tasks API integrationsSee Section 3
Toss Payments / Google Play BillingProcessing of paid-subscription payments and recurring billingPayment-method information, purchase token, order ID, payment amount

Data is transmitted over TLS. Processors destroy or anonymize the data after the purpose is fulfilled in accordance with the Company's policy. The Company supervises processors to ensure personal data is handled securely.

5. Purpose of Use

  • Member registration and management: identity verification, fraud prevention.
  • Service delivery: relationship management, AI summarization, automatic record-keeping.
  • Service improvement: usage analytics, development of new features.
  • Customer support: response to inquiries, distribution of announcements.

6. Retention and Deletion

Personal data is destroyed without delay once its purpose has been fulfilled, except where retention is required by law:

  • Records on contracts or withdrawal of subscription: 5 years (E-Commerce Act)
  • Records on payments and supply of goods or services: 5 years (E-Commerce Act)
  • Records on consumer complaints or disputes: 3 years (E-Commerce Act)
  • Access logs: 3 months (Communications Privacy Act)

Immediate disposal of user-generated content. Audio files for calls and meetings are deleted from the Company's servers immediately after transcription completes. Transcripts, summaries, and meeting notes are not persistently stored on the Company's servers; they are managed on the user's device.

User-initiated deletion. Users may delete their identification data and any related records at any time through Settings > Delete Data in the app or Profile > Danger Zone > Delete Accounton the web. Upon request, data is permanently removed from the Company's servers in an unrecoverable manner.

7. Destruction Procedure

Upon achieving its purpose, personal data is transferred to a separate database and stored for a period required by internal policy and applicable law before destruction. Electronic data is deleted using techniques that prevent recovery; printed records are shredded or incinerated.

8. Third-Party Disclosure

The Company does not sell or share user data with third parties. Except for the outsourced processing described in Section 4 (which is necessary to provide the Service), the Company does not disclose user data to outside parties, with the following exceptions:

  • When the user has given prior consent.
  • When required by law or by procedures established by law for investigative purposes.

9. Security Measures

  • Encryption of sensitive information such as passwords; encryption at rest for OAuth tokens.
  • Technical measures against hacking: TLS encryption in transit, firewall operations.
  • Access restriction: personal data handlers are kept to a minimum.

10. User Rights

Users may exercise the following rights regarding their personal data. The Company will respond without undue delay in accordance with applicable law.

  • Right of Access: request a list of personal data we hold and how it is processed.
  • Right to Rectification: correct inaccurate information. Most fields can be edited directly in the in-service profile settings.
  • Right to Erasure ("Right to be Forgotten"): delete personal data and service-generated content (call recordings, transcripts, summaries, caches). Users can perform this immediately via Settings > Delete Data in the app or Profile > Danger Zone > Delete Data on the web.
  • Right to Restrict Processing: request that the Company temporarily stop processing personal data.
  • Right to Data Portability: obtain a copy of personal data in a structured, commonly used, machine-readable format (e.g., JSON/CSV) and transmit it to another service. Contact the address below to request.
  • Right to Withdraw Consent: withdraw consent at any time by deleting the account or revoking OAuth access via Google Account Permissions.
  • Right to Object / Lodge a Complaint: object to the Company's processing by contacting us, and lodge a complaint with the Korea Personal Information Dispute Mediation Committee (privacy.kr) or other competent supervisory authority.

Identity verification may be required when a legal representative exercises rights on behalf of a user or when a user under 14 exercises rights.

11. Cookies

The Company uses cookies to provide personalized service. Users may refuse the installation of cookies through their browser settings; however, this may limit the use of certain features of the Service.

12. Data Protection Officer

  • Company: WellnessGo Co., Ltd.
  • Address: 2F #202, Dementia Tech Experiment Center, 249 Chuam-ro, Buk-gu, Gwangju, Republic of Korea (Woryul-dong, Technopark)
  • Email: developer@wellnessgo.kr

13. Changes to this Policy

This Privacy Policy may be updated to reflect changes in law or our practices. Material changes will be announced through in-service notices.