Polaris Office Co., Ltd. (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy outlines how we collect, use, disclose, store, and protect your information across our websites and services. It complies with international privacy regulations including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).
1. Information We Collect
• Identifiers: Name, email address, contact number, company name • Device Data: Device ID, browser type, OS, IP address, session ID • Usage Data: Login records, feature usage, cookies • AI Feature Data: User text input, uploaded files, generated outputs • Document Category: Files uploaded to the drive may contain: o Identifiers (e.g., name, contact details) o Commercial data (e.g., contracts, transaction records) o Employment data (e.g., resumes) o Sensitive information (e.g., health or biometric data) All documents are encrypted. Users are advised to manage document sharing carefully, especially when sensitive data is involved.
2.Purpose of Use and Legal Grounds
We process your personal data for the following purposes: • To provide, maintain, and improve our services (Contractual necessity) • To respond to inquiries and customer support (Contractual necessity) • To send service and product updates with your consent (Consent) • To conduct analytics and service enhancement (Legitimate interest) • To comply with legal and regulatory obligations (Legal obligation)
3. Use of AI Features
When using AI-powered services such as NOVA, your input (text, uploaded files) may be processed by third-party AI APIs (OpenAI, Anthropic, Perplexity AI, Stability AI, HeyGen, Leia Inc.) or our in-house service (Data Insight). When using third-party APIs, we only transmit the minimum necessary data required for processing. Unless otherwise stated, personal data transmitted to these services is deleted after processing. However, for certain services such as translation or other AI outputs, the result may be temporarily retained by us for up to 24 hours to ensure seamless delivery. • OpenAI: Data is deleted within 1 hour after chat session expiration • HeyGen, Leia Inc: Data is deleted within 24 hours
4. Data Retention
• Account data: until user deletion • Support records: 3 years • Login logs: 3 months • AI input/output data: retained up to 3 years • Shared AI chat content: retained for 7 days
5. International Data Transfers
• South Korea, Japan: Covered by GDPR adequacy decision • EU countries: Data transfers within recognized jurisdictions • United States: DPF used with providers like AWS, OpenAI
6. Third-Party Data Sharing & Subprocessors
We work with carefully selected third-party service providers (“subprocessors”) who support the operation, maintenance, and improvement of our services. These providers may access limited categories of personal data, strictly for predefined business purposes, in accordance with applicable privacy laws such as GDPR and CCPA. Categories of Third-Party Services and Their Business Purposes • Payment Processing: o PayPal – Billing and transaction processing o Paygate Co., KG Inicis Co. – Domestic and global payment gateway services • Cloud Infrastructure & Database Management: o Amazon Web Services (AWS) – Hosting and infrastructure services o MegazoneCloud – Cloud platform operation and database management o Zendesk – Customer support ticketing, system event tracking, and support log management • Web Application Firewall (WAF) Monitoring & Security: o SK Shieldus – WAF (Web Application Firewall) monitoring, security event detection, and compliance auditing These providers may access system logs and operational data solely for: o Detecting and preventing unauthorized access or security breaches o Auditing service performance and ensuring regulatory compliance o Debugging and resolving technical errors Categories of Data Shared with These Providers • Device Data: IP address, device model, OS version, browser type • Usage Logs: Login records, service usage patterns, feature access logs • System Event Logs: Authentication events, error logs, configuration changes • Transactional Data: Payment records and billing metadata • AI Input/Output: User-submitted prompts, uploaded files, and generated content (for specific services) All subprocessors are contractually obligated to protect your personal data and may only use it for the specific purposes described above. We do not sell or share your personal data for monetary gain or for targeted advertising.
7. Your Rights Under CCPA (California Users)
If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). We are committed to helping you understand and exercise these rights. • Right to Know: You can request information about the personal data we collect, the sources of that data, how we use it, and whether it has been shared with any third parties. • Right to Access or Delete: You have the right to request a copy of your personal information or ask us to delete it. • Right to Correct: If any personal information we hold about you is inaccurate, you can ask us to correct it. • Right to Opt-Out of Sale or Sharing: We do not sell your personal information for money or share it for cross-context behavioral advertising. We use tools like Google Analytics only for aggregated, anonymized statistics. • Right to Limit Use of Sensitive Personal Information: You may request that we use your sensitive personal information only for what’s necessary to provide our services. • Right to Non-Discrimination: You won’t be treated unfairly or differently for exercising your privacy rights. • How to exercise your rights: o Email us at: privacy@polarisoffice.com o Visit our Customer Center: https://www.polarisoffice.com/en/support
8. Your Rights Under GDPR (EU/EEA Users)
If you are located in the European Union (EU) or European Economic Area (EEA), you have specific rights under the General Data Protection Regulation (GDPR). We are committed to helping you understand and exercise these rights. • Right to Access, Correct, Delete, or Export: You can request access to your personal data, ask us to correct any inaccuracies, delete your data, or receive a copy in a portable format. • Right to Withdraw Consent: You can withdraw your consent at any time without affecting the lawfulness of prior processing. • Right to Object or Restrict Processing: You can ask us to stop or limit how we use your personal data in certain situations. • Right to Avoid Automated Decisions: You can request not to be subject to decisions made solely by automated means, including profiling, that significantly affect you. • Right to File a Complaint: If you believe your data protection rights have been violated, you can file a complaint with your local data protection authority. • How to exercise your rights: o Email us at: privacy@polarisoffice.com o Visit our Customer Center: https://www.polarisoffice.com/en/support
9. Cookies and Tracking
We use cookies for: • Session management • Website analytics (e.g., Google Analytics) You may manage cookie preferences in your browser. Here's how to do it on common browsers: • Microsoft Edge: Settings > Privacy, search, and services > Clear browsing data > Clear browsing data now • Chrome: Settings > Privacy and security > Clear browsing data • Firefox: Options > Privacy & Security > Cookies and Site Data • Safari (macOS): Preferences > Privacy > Cookies and website data
10. Children’s Privacy
Our services are not intended for children under 14. If you believe a child has submitted personal data to us, please contact us to have it deleted.
11. Data Security
We implement appropriate security measures including: • SSL/TLS encryption • Access control and audit logs • Regular backup and system monitoring • Technical safeguards
12. Contact Us
Data Protection Officer: Miles Haeseok Lee – CISO/CPO Email: support@polarisoffice.com Phone: 1566-1102 Data Requests: https://www.polarisoffice.com/en/support
13. Updates to this Policy
We may update this policy due to legal or operational changes. Updates will be posted on this page with a revised date. Public Notice Date: April 17, 2025 Effective Date: April 17, 2025
This policy may be translated for local users. In the event of conflict between versions, the Korean version shall prevail in Korea. The English version applies globally unless otherwise stated.
