Privacy Policy

Hottest Lab Inc. (hereinafter referred to as "Company") values the personal information of users and complies with relevant laws such as the "Personal Information Protection Act" and the "Act on Promotion of Information and Communications Network Utilization and Information Protection." Through this privacy policy, the Company informs users about the purposes and methods for which personal information provided by users is being used, and what measures are being taken to protect personal information.

1. Personal Information Collection Items and Methods

A. Personal Information Items Collected

The Company collects the following information to provide AI Girlfriend services:

  • Required Items: Email address or social login credentials (Google, Apple), profile images uploaded by users, chat messages and conversation history
  • Automatically Collected Items: IP address, cookies, service usage records, device information, access logs, in-app purchase history
  • Optional Items: User preferences and settings, device push notification tokens

B. Personal Information Collection Methods

  • Direct upload through website and mobile applications
  • Automatic collection during service usage
  • Collection during customer inquiries and consultation processes

2. Purpose of Personal Information Collection and Use

The Company utilizes collected personal information for the following purposes:

  • AI Girlfriend Service Provision: Providing personalized AI chat companions, generating AI-powered conversations and images, maintaining conversation history and context
  • Service Improvement: Improving service quality, AI conversation model performance, and user experience personalization
  • Prevention of Fraudulent Use: Preventing fraudulent use, unauthorized usage, and abuse of the service
  • Customer Support: Responding to user inquiries and handling complaints
  • Payment Processing: Processing in-app purchases and managing subscription services
  • Statistics and Analysis: Service usage statistics and analysis (in forms that cannot identify individuals)

3. Personal Information Processing and Retention Period

  • Chat Messages and Conversation History: Retained for the duration of account usage, deleted within 30 days after account deletion
  • AI-Generated Images: Stored as long as the user maintains them in the app, deleted upon user request or account deletion
  • User Profile and Uploaded Images: Retained during service usage period, deleted within 30 days after account deletion
  • Service Usage Records: Destroyed after 3 months of storage
  • Fraudulent Use Prevention Records: Stored for up to 1 year according to relevant laws

However, when necessary to preserve according to relevant laws, the Company retains personal information for the period specified by relevant laws:

  • Records related to contracts or withdrawal of offers: 5 years (E-Commerce Act)
  • Records related to payment and supply of goods: 5 years (E-Commerce Act)
  • Records related to consumer complaints or dispute resolution: 3 years (E-Commerce Act)
  • Website visit records: 3 months (Communications Secret Protection Act)

4. Third Party Provision of Personal Information

In principle, the Company does not provide users' personal information to third parties. However, exceptions are made in the following cases:

  • When users have given prior consent
  • When required by law or when requested by investigative agencies according to procedures and methods stipulated by law for investigative purposes

5. Outsourcing of Personal Information Processing

The Company outsources personal information processing as follows to improve services:

ContractorOutsourced Work ContentRetention and Usage Period
Google Cloud PlatformAI conversation processing, image generation, and server hostingService provision period
SupabaseUser authentication, database management, and file storageService provision period
FirebasePush notifications and analyticsService provision period
Cloudflare R2Image and media file storageService provision period

When concluding outsourcing contracts, the Company specifies matters concerning prohibition of personal information processing beyond the purpose of performing outsourced work, technical and administrative protective measures, restrictions on re-outsourcing, management and supervision of contractors, and responsibilities including damage compensation in documents such as contracts in accordance with Article 26 of the Personal Information Protection Act, and supervises whether contractors safely process personal information.

6. Rights of Users and Legal Representatives and Methods of Exercise

Users may exercise the following rights at any time:

  • Request for personal information access
  • Request for correction of personal information errors
  • Request for deletion of personal information
  • Request for suspension of personal information processing

Rights may be exercised in writing, by email, etc., according to the format specified in Annex No. 8 of the Enforcement Rules of the Personal Information Protection Act, and the Company will take action without delay.

7. Personal Information Destruction Procedures and Methods

A. Destruction Procedures

Information entered by users for service use is moved to a separate database after the purpose is achieved and stored for a certain period according to internal policies and information protection reasons under other relevant laws before being destroyed.

B. Destruction Methods

  • Electronic file format information: Deleted using technical methods that make records irreproducible
  • Personal information printed on paper: Shredded with a shredder or incinerated
  • Chat history and AI conversation data: Permanently deleted from all databases and backup systems
  • Temporary data in AI processing: Completely deleted from memory and cache immediately upon processing completion

8. Technical and Administrative Measures for Personal Information Protection

A. Technical Measures

  • Personal information is stored and managed in encrypted form
  • Systems are installed in areas with controlled external access to prevent personal information from being leaked or damaged by hacking or viruses
  • Safe transmission of personal information over networks through SSL (Secure Socket Layer) encrypted communication
  • Blocking external intrusions using firewalls
  • Operation of immediate processing and automatic deletion systems for uploaded images

B. Administrative Measures

  • Limiting access rights to personal information to the minimum number of personnel
  • Regular training for employees handling personal information
  • Operation of dedicated personal information protection organization
  • Establishment and implementation of internal management plans

9. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices

The Company uses ‘cookies‘ that store usage information and retrieve it from time to time to provide individualized customized services to users.

A. Purpose of Cookie Usage

  • Analysis of service usage frequency and visit times
  • Understanding users' areas of interest and service improvement
  • Providing automatic login functionality

B. Installation, Operation, and Refusal of Cookies

Users have the right to choose regarding cookie installation:

  • You can allow or refuse all cookies through web browser option settings
  • You can set to go through confirmation every time cookies are stored
  • However, if you refuse cookie storage, there may be restrictions on some service usage

10. Personal Information Protection Officer and Staff

The Company designates a personal information protection officer as follows to take overall responsibility for personal information processing matters and to handle user complaints and remedy damages related to personal information processing:

▶ Personal Information Protection Officer

  • Name: Inje Lee
  • Email: inje@hottest.com

Users may contact the personal information protection officer and relevant department regarding all personal information protection-related inquiries, complaint handling, damage remedies, etc. that occur while using the Company's services. The Company will respond to and process users' inquiries without delay.

11. Changes to Privacy Policy

This privacy policy applies from the effective date, and when there are additions, deletions, and corrections of changes according to laws and policies, it will be announced through announcements from 7 days before the implementation of changes. However, in case of important changes to user rights such as collection and utilization of personal information, provision to third parties, etc., it will be announced at least 30 days in advance.

12. AI Service-Specialized Personal Information Protection

Due to the characteristics of AI Girlfriend services, the following matters are additionally provided:

  • Conversation Data Processing: All chat messages and interactions with AI girlfriends are processed to provide personalized experiences. Conversation context is maintained during active sessions but can be deleted by users at any time.
  • AI Training Data Usage: The Company may use anonymized and aggregated conversation data to improve AI model quality and service performance. Individual users cannot be identified from this data. Users can opt out of this data usage in settings.
  • Third-Party AI Services: Third-party AI services such as Google AI, OpenAI, or other language models may be used for conversation generation and image creation, in which case the privacy policies of those services apply.
  • Content Moderation: To ensure user safety and comply with legal requirements, automated systems may monitor conversations for prohibited content (e.g., illegal activity, harassment). Only flagged content may be reviewed by human moderators.
  • User-Generated Content: Images uploaded by users or generated by AI are stored securely and are only accessible by the user who created them. The Company does not share or publicly display user content without explicit consent.
  • Age Verification: Our service is restricted to users aged 18 and above. We may implement age verification measures and immediately delete accounts of users found to be underage.

13. Rights Violation Remedy Methods

If you believe your personal information rights have been violated or you need assistance with privacy-related concerns, you may seek remedy through the following channels:

A. Contact the Company Directly

Please contact our Personal Information Protection Officer first:

Email: inje@hottest.com

We will respond to your inquiry within 7 business days

B. Data Protection Authorities

You have the right to lodge a complaint with your local data protection authority. Depending on your location:

  • European Union: Contact your national data protection authority or the lead supervisory authority
  • United States: Contact the Federal Trade Commission (FTC) or your state attorney general
  • United Kingdom: Information Commissioner's Office (ICO) at ico.org.uk
  • South Korea: Personal Information Protection Commission at www.kopico.go.kr or Personal Information Violation Report Center at privacy.kisa.or.kr
  • Other regions: Contact your local privacy or consumer protection agency

C. Alternative Dispute Resolution

If you are not satisfied with our response, you may also seek resolution through independent dispute resolution services or legal proceedings available in your jurisdiction.

Supplementary Provisions

This privacy policy takes effect from February 1, 2026.

If you have any questions regarding personal information protection, please contact the above personal information protection officer.