← back to koreanpulse.dev

Privacy Policy

Last updated: 2026-05-05

koreanpulse ("we", "us", "the service") operates the website at koreanpulse.dev and the related MCP server distribution. This policy covers how we collect, use, retain, and disclose personal data in compliance with the Republic of Korea's Personal Information Protection Act (PIPA) and the EU/EEA General Data Protection Regulation (GDPR).

For users in California, this document also serves as our notice under the California Consumer Privacy Act (CCPA).

1. Personal data we collect

  • Email address — when you join the launch waitlist or contact us. Required to deliver the service or communication you requested.
  • Self-described role (analyst, rotator, diaspora, journalist, developer, other) — optional, only if you select it on the waitlist form. Used to size audience segments in aggregate.
  • Payment metadata — when you purchase a paid plan: name, country, last four card digits, plan, subscription status. The full payment instrument is held by Lemon Squeezy, Inc. (our merchant of record); we receive only the metadata fields above.
  • License-key usage — period_calls counter and period_started_at timestamp, tied to your license key. Used to enforce the per-tier query cap.
  • Server logs — Cloudflare records IP, user agent, request path, and response code as part of normal operation. Retained 30 days.

We do not use cookies for tracking. We do not embed third-party analytics, ad pixels, or social media trackers on the marketing site.

2. Why we collect it (purposes & lawful basis)

DataPurposeLawful basis (GDPR)
Email (waitlist)Single launch announcementConsent (Art. 6(1)(a))
Email (paid customer)Service delivery, billing notificationsContract (Art. 6(1)(b))
Payment metadataLicense issuance & validationContract (Art. 6(1)(b))
License-key usagePer-tier quota enforcementContract (Art. 6(1)(b))
Server logsSecurity, abuse mitigationLegitimate interest (Art. 6(1)(f))

3. Retention periods

  • Waitlist email: until launch announcement is sent, or you unsubscribe (whichever first). Maximum 24 months.
  • Paid customer records: 5 years after the last transaction, as required by Korean tax and commerce law (전자 상거래법 §6, 부가가치세법).
  • License usage counters: cleared at the end of each billing period; aggregate totals retained 24 months.
  • Server logs: 30 days, then automatically deleted by Cloudflare.

4. Third parties we share data with (sub-processors)

We do not sell or rent personal data. We share the minimum necessary with the following processors to operate the service:

  • Lemon Squeezy, Inc. (USA) — payment processing (merchant of record). Receives full payment instrument.
  • Cloudflare, Inc. (USA) — hosting, DNS, KV storage, license database (D1). Receives all service traffic.
  • Vercel, Inc. (USA) — landing page hosting. Receives marketing-site visit logs only.
  • OpenAI, LLC (USA) — translation and summarisation of Korean source text. Receives the Korean text you submit via the MCP server. Per OpenAI's API terms, this data is not used to train models.

Each of these sub-processors maintains its own privacy and security commitments. International transfers (Korea → USA / EU → USA) rely on Standard Contractual Clauses where applicable.

5. Your rights

Under PIPA, GDPR, and CCPA you may request to:

  • access the personal data we hold about you;
  • correct inaccurate data;
  • delete your data (right to be forgotten);
  • restrict or object to processing;
  • obtain a copy of your data in a portable format;
  • not be subject to a decision based solely on automated processing (we do not perform such automated decisions);
  • withdraw consent at any time without affecting prior processing.

To exercise any of these rights, email [email protected]. We will respond within 30 days. If you are an EU resident, you also have the right to lodge a complaint with your local supervisory authority.

6. Data Protection Officer / 개인정보 보호책임자 (CPO)

koreanpulse is operated by an individual founder. The contact point for all data-protection matters, in both Korean and English, is the email above. Korean users may also reach the Personal Information Protection Commission (개인정보보호위원회) at privacy.go.kr for any unresolved complaint.

7. Security

All traffic is TLS 1.2+. License keys are stored hashed. Payment credentials never reach our servers (handled by Lemon Squeezy). We disclose any confirmed personal-data breach to affected users and to the relevant supervisory authority within 72 hours, as required by GDPR Art. 33 and PIPA §34.

8. Children

koreanpulse is not directed to children under 14 (PIPA threshold) or under 16 (GDPR threshold). We do not knowingly collect data from minors. If you believe we have, contact us and we will delete it.

9. Changes to this policy

We will notify users of material changes at least 30 days in advance via the email associated with their account, and post the updated policy at this URL. Continued use after the effective date constitutes acceptance.