Value Labs, represented by Taebeom Kim (the "Company"), respects the personal information of users of Klavy (the "Service") and complies with applicable privacy laws. This Privacy Policy explains the personal information processed by the Company, the purposes of processing, retention periods, user rights, and safeguards.
1. Data Controller
Data controller: Value Labs
Service name: Klavy
Representative: Taebeom Kim
Business address: 4F, Sintri Complex 4, 260 Sinjeong-ro, Yangcheon-gu, Seoul, Republic of Korea
Business registration number: 216-29-00213
Mail-order business report number: 2016-Seoul Yangcheon-0055
Privacy contact email: klavyapp@gmail.com
2. Purposes of Processing
The Company processes personal information for membership registration and identification, account creation and login, Service provision and project storage, AI planning, IA, wireframe, and image generation, customer support, notices regarding terms or policies, paid service payment and subscription management, prevention of misuse and security incidents, service quality improvement and statistics, marketing information where the user has opted in, and compliance with legal obligations.
3. Personal Information Processed
1. Registration and account management: email address, password, nickname, mobile phone number, terms agreement status, privacy policy agreement status, age confirmation, and marketing opt-in status.
2. Social login: identifiers, email address, name, or profile information provided by the social login provider as necessary for registration and login.
3. Service usage: access time, IP address, cookies, browser and device information, usage records, project creation and edit records, inquiry details, notification records, and error logs.
4. AI feature usage: ideas, service descriptions, planning details, project structures, IA information, wireframe requests, image generation requests, generated results, attachments, and stored Content entered by the user.
5. Payment and subscription: payment method identifiers, approval information, subscription status, order history, and refund history. Sensitive payment source information such as full card numbers is processed by payment processors and is generally not stored directly by the Company.
6. Customer support and dispute handling: requester information, inquiry details, handling results, and supporting materials.
4. Retention and Use Period
The Company retains and uses personal information until the processing purpose is achieved. Upon membership withdrawal, personal information is destroyed or separately stored without delay. However, records required by law or necessary for dispute handling and prevention of misuse may be retained for the required period, including contract or withdrawal records for 5 years, payment and supply records for 5 years, consumer complaint or dispute records for 3 years, access logs for the period required by applicable law, and minimum account identifiers for a reasonable period to prevent misuse.
5. Provision to Third Parties
The Company does not provide personal information to third parties except where the user has consented, where required by law, or where a competent authority requests information through lawful procedures.
6. Entrustment of Processing
The Company may use external service providers for the following processing activities.
1. Resend: delivery of Service-related emails.
2. Paddle or Polar: payment approval, subscription management, and refund processing.
3. AI model providers used by the Service, such as OpenAI, Anthropic, Google (Gemini), MiniMax, Moonshot AI (Kimi), and Zhipu AI (GLM): processing of user requests for generative AI features.
4. Infrastructure and storage providers such as Railway and Cloudflare R2: server operation, file storage, and backups.
The Company manages entrusted processing through contracts or service terms that require appropriate safeguards, restrictions on processing beyond the entrusted purpose, and proper retention and deletion. If entrusted providers or tasks materially change, the Company will notify users through this Policy or the Service.
7. International Transfer
Because the Company uses overseas infrastructure and solution providers, personal information or user-submitted content may be processed outside Korea.
1. Resend: email address, recipient details, delivery history / United States / transferred electronically when sending sign-up, verification, payment, or notice emails.
2. AI model providers such as OpenAI, Anthropic, Google (Gemini), MiniMax, Moonshot AI (Kimi), and Zhipu AI (GLM): prompts, attachments, and generated outputs / overseas regions including the United States or each provider's processing infrastructure location / transferred by API when a user runs an AI feature.
3. Paddle or Polar: order information, payment identifiers, subscription and refund data / overseas / transferred electronically through checkout flows or APIs when payment or refund processing is requested.
4. Infrastructure providers such as Railway and Cloudflare R2: access logs, uploaded files, and technical logs / overseas / stored electronically in the course of providing the Service.
International transfer details may change depending on actual operational services, and the Company will apply the notices and safeguards required by applicable law.
8. Destruction of Personal Information
The Company destroys personal information without delay when retention periods expire, processing purposes are achieved, or membership is withdrawn. Electronic files are deleted in a manner that prevents restoration, and paper documents are shredded or incinerated. Information required to be retained by law is stored separately.
9. User Rights
Users may request access, correction, deletion, suspension of processing, or withdrawal of consent regarding their personal information through Service settings or the privacy contact email. The Company will handle such requests without delay in accordance with applicable law. The Service is not intended for children under 14, and the Company does not knowingly collect personal information from children under 14.
10. Cookies and Similar Technologies
The Company may use cookies and similar technologies for sign-in maintenance, security, abuse prevention, storing cookie consent state, language settings, and service quality improvement. Essential cookies are always used to provide the Service, while preference, analytics, and marketing cookies are managed according to the user's choices. The Company does not currently add non-essential analytics or advertising retargeting scripts such as Google Analytics or Meta Pixel to the public site. If such tools are introduced later, they will only run for users who have consented to the relevant categories. Users may change or delete cookie choices through Cookie Settings in the Service footer or browser settings, but blocking essential cookies may limit functions such as sign-in, security, personalization, and parts of the Service. More details are available in the Cookie Policy.
11. Security Measures
The Company implements reasonable technical and managerial safeguards, including access control, password encryption or one-way hashing, encrypted transmission, access log retention and review, security updates, backups, internal management plans, and minimization of personnel handling personal information.
12. Privacy Officer
Privacy Officer: Taebeom Kim
Privacy contact email: klavyapp@gmail.com
Users may contact the Privacy Officer for inquiries, complaints, or remedies related to personal information protection.
13. Remedies
Users may contact relevant authorities such as the Personal Information Infringement Report Center or Personal Information Dispute Mediation Committee for privacy infringement consultation or dispute resolution.
14. Changes to this Policy
The Company may amend this Privacy Policy due to changes in law, the Service, or personal information processing practices. Material changes will be announced through the Service, email, or notices.
Supplementary Provision
This Privacy Policy applies from the effective date.