Involuti

Legal

TermsPrivacyYouth

Chapter 1: General Provisions

Article 1 (Purpose)

Involuti (hereinafter referred to as "the Company") values the user's personal information above all else and is committed to ensuring that users can safely use the Company's AI-based role-playing platform and related services (hereinafter referred to as "the Service"). The Company strictly complies with all relevant laws, including the "Personal Information Protection Act" and the "Act on Promotion of Information and Communications Network Utilization and Information Protection, etc." of the Republic of Korea, and has established and disclosed guidelines to protect the rights and interests of users. This policy is intended to transparently notify users of the purposes for which the Company collects and processes user information and the measures taken to ensure security.

Article 2 (Principles and Philosophy of Personal Information Processing)

  1. Principle of Minimum Collection: The Company collects information lawfully and fairly only within the minimum necessary scope to achieve the original purposes of providing the service and advancing intelligent models.
  2. Prohibition of Use Beyond Purpose: The Company does not process the collected personal information beyond the scope of the original purpose of collection or provide it to third parties arbitrarily without the user's explicit prior consent. Exceptions are made when there are special provisions in the law or legitimate requests from investigative agencies.
  3. Transparency and Notification Obligation: In the event of an amendment to the Privacy Policy, the Company shall take measures to ensure that users can easily check the changes at any time through notices within the service. For changes that have an adverse effect on users, the Company shall notify users at least 30 days before the implementation and may also notify users individually via email, etc.

Chapter 2: Items and Methods of Collection

Article 3 (Detailed Items for Collection)

The Company collects the following personal information to provide the service, train models, strengthen security, and provide a customized user experience. It is classified into mandatory and optional items.

  1. Member Registration and Basic User Identification Information

    • Mandatory Items: Email address (ID), nickname, registration date, access logs, language cookies.
    • Optional Items: Profile image, preferred character genres, and themes.

  2. AI Service Interaction Data (Optional Items)

    • Prompt Input Data: All types of text, commands, scenario settings, and all data entered by the user into the input box within the service to interact with AI characters.
    • Conversation Logs: The entire context of real-time conversations exchanged with the AI system, satisfaction evaluation records for responses, and all session data to maintain conversation consistency.
    • Character Persona Settings: User-generated content (UGC), such as the personality, tone, background story, and reaction logic for specific situations of a character designed or modified by the user.
    • Uploaded Data: All information contained in images, text documents, etc., uploaded by the user to utilize multi-modal functions.

  3. Paid Service Use and Transaction Information (Upon paid payment)

    • Transaction Records: Payment date and time, payment amount, type of subscription product, and all records of withdrawal of offer and refund.

  4. Device and Environment Information

    • User's hardware specifications, operating system (OS) type and version, web browser type, unique device identifier, resolution, and language settings.

Article 4 (Methods of Collection)

The Company collects personal information only through the following lawful methods and does not perform unfair collection against the user's will.

  1. Direct input of information by the user when joining the website.
  2. Automatic system storage in real-time when inputting prompts and conversing with AI characters during the service use process.
  3. Voluntary provision through customer center email inquiries, chat consultations, event applications, etc.
  4. Technical automatic collection through log analysis tools during service use.

Chapter 3: Purpose of Processing and AI Model Utilization Policy

Article 5 (Detailed Processing Purposes)

The Company processes the collected information for the following specific purposes. If the purpose changes, the Company will take necessary measures, such as obtaining separate consent.

  1. Provision of Basic Service Functions and Fulfillment of Contract

    • User identification and verification, service membership registration, and management.
    • Implementation of real-time conversation functions with AI characters and provision of data synchronization services.
    • Payment processing and granting of paid membership rights upon purchase of paid services.

  2. Advancement of AI Models and Quality Improvement (Utilization for Training)

    • Data Training (Fine-tuning): After de-identifying the collected prompts and conversation logs, they are used as training data to improve the natural language processing capabilities of AI models, strengthen character acting abilities, and improve context understanding.
    • Strengthening Safety Guardrails: Optimizing filtering algorithms and performing safety tests to prevent the generation of harmful content such as hate speech, sexual exploitation material, and dangerous information in advance.

  3. User Management and Ensuring Security Stability

    • Monitoring for acts violating the Terms of Use (prohibited acts such as child sexual exploitation attempts) and preventing unauthorized use.
    • System load management and response to security threats for stable service operation.

Article 6 (De-identification Measures and Notification of Data Opt-out Rights)

  1. Principle of De-identification: When using conversation data for training, the Company first performs de-identification processing to technically and completely remove personally identifiable information (name, email, etc.).
  2. Opt-out Rights: Users clearly have the right to refuse the use of their conversation records for AI training through the settings menu within the service, and the Company technically guarantees this.

Chapter 4: Retention Period and Destruction Policy

Article 7 (Retention and Use Period)

The Company retains personal information only for the period prescribed by law or the period agreed upon with the user, and destroys it without delay when the purpose is achieved.

  1. Member Information: Retained until membership withdrawal. However, to prevent unauthorized use, access logs are stored separately for 6 months after withdrawal.
  2. Statutory Retention Obligations:
    • Contract and payment records: 5 years
    • Consumer complaint or dispute handling records: 3 years
    • Service access records: 3 months

Article 8 (Destruction Procedures and Methods)

  1. Destruction Procedure: The Company selects personal information for which the reason for destruction has occurred and destroys it with the approval of the Privacy Officer.
  2. Destruction Method: Information in electronic file format is permanently deleted using technical methods that cannot be reproduced, and paper documents are shredded or incinerated.

Chapter 5: Third-party Provision and Entrustment Policy

Article 9 (Notification of Data Transfer to Overseas AI Model Partners)

  1. Utilization of External APIs: This service may link and use APIs of leading overseas LLMs (OpenAI, Google, etc.) or AI model service providers (OpenRouter, etc.) to generate optimal responses.
  2. Data Transfer and Security: When a user enters a prompt, that data may be encrypted and transmitted to the partner's server for real-time response generation. The Company reviews the partner's security regulations to ensure that data is processed safely.

Article 10 (Entrustment of Tasks)

The Company may entrust service operation support (Supabase, Vercel), email sending (Resend), payment processing, etc., to specialized companies for smooth service provision. The Company constanty supervises the trustee to ensure that personal information is managed safely when concluding an entrustment contract.

Chapter 6: Rights and Obligations of Users

Article 11 (Methods to Exercise Rights)

  1. Items of Rights: Users may request to view, correct, delete, or suspend the processing of their personal information at any time.
  2. Processing Procedure: The Company will notify the results of the measures without delay after verifying the identity.

Article 12 (Measures to Ensure Safety)

  1. Technical Measures: One-way encryption of passwords, application of SSL encryption to data transmission sections.
  2. Administrative Measures: Minimizing the authority to access personal information and conducting regular security education for employees.

Chapter 7: Privacy Officer and Notification Obligations

Article 13 (Designation of Privacy Officer)

The Company designates a responsible person as follows to protect the user's personal information and handle related complaints.

Article 14 (Revision of the Policy and Authority to Revise)

The Company reserves the right to modify or amend this policy at any time without prior notice based on the operating environment and technical requirements. Amendments will be notified through notices within the service, etc.

Enforcement: 2026-02-12