Privacy Policy
Effective date: 2026-05-24
OWLGCORP ("the Company") values Member privacy and works to comply with applicable data protection laws. This policy explains what personal data is collected, how it is used, and how we protect it.
Article 1 · Personal data collected
We collect the following to provide the Service:
- On sign-up: email, hashed password, display name, profile photo URL (when using social login).
- On payment: billing identifiers (Stripe customer/subscription IDs). Card details are not stored by the Company.
- Auto-collected during use: IP, cookies, access timestamps, browser metadata, usage statistics.
- Member-uploaded PPTX templates, binding data, and generated outputs.
Article 2 · Purpose of collection and use
- Identifying Members and preventing abuse
- Delivering core service (PPTX binding etc.)
- Processing payments and tracking usage
- Sending workspace invitation emails
- Statistical analysis for operations and quality
- Compliance with legal obligations (e-commerce, tax)
Article 3 · Retention and use period
- Account info: until withdrawal, except where law requires extended retention.
- Payment/transaction records: 5 years (Korean e-commerce consumer protection law)
- Access logs: 3 months (Korean telecom secrecy law)
- Uploaded templates/data: until deleted by the Member or upon withdrawal
- Generated outputs: auto-deleted after 7 days by default
Article 4 · Disclosure to third parties
The Company does not provide personal data to third parties beyond the processors listed below.
Article 5 · Data processors
The Company outsources the following to:
- Google LLC (Firebase Authentication, Firestore, Cloud Storage, Cloud Run) — auth, storage, hosting
- Stripe, Inc. — payment and subscription processing
- Resend, Inc. — email delivery (workspace invitations etc.)
These processors handle only minimum-necessary data under contract. Some are located overseas; data is transferred internationally.
Article 6 · International data transfers
| Recipient | Country | Purpose |
|---|---|---|
| Google LLC | USA (parts in Korea region) | Auth, DB, storage, compute |
| Stripe, Inc. | USA | Payment processing |
| Resend, Inc. | USA | Email delivery |
Article 7 · Member rights
Members may at any time request access, correction, deletion, or restriction of processing of their personal data via the settings page or the contact below. On withdrawal, all personal data is immediately destroyed, except where law requires retention.
Article 8 · Cookies and auto-collection
We use cookies or similar technology to maintain login sessions and improve usability. Members may disable cookies in their browser settings; some features may then be limited.
Article 9 · Technical and managerial safeguards
- Passwords stored as bcrypt one-way hashes
- API keys stored as prefix + bcrypt hash; raw key shown only once at issue
- All transport over HTTPS/TLS
- Firestore Security Rules and Storage Rules govern data access
- Least-privilege access (workspace-member based)
Article 10 · Privacy officer
The Company designates a privacy officer responsible for personal data processing.
- Email: babbage@owlgcorp.com
Members may report any privacy-related issue to the officer above.
Article 11 · Amendment notice
This policy may be amended in line with law, policy, or security technology changes. We will give at least 7 days' notice in the service before amendments take effect.