Privacy Policy
Last Updated: July 7, 2026
HadayaLab ("Company", "we", "us", or "our") establishes this Privacy Policy ("Policy") regarding the handling of user's personal information and business data in the "Touchless" service and related operations ("Service"). This Policy is in compliance with the Act on the Protection of Personal Information and related laws, and promises highly transparent data management.
1. Information We Collect
We collect the following information through lawful and fair means in order to provide the Service:
- User Information: Company name, full name, department, title, email address, phone number, location, and other contact and identification information.
- Business Data: Business flows necessary for creating workflow diagnosis maps and automated pipelines, configuration information for utilized tools, API keys, and tokens.
- Usage History & Logs: Usage history of the Service, system access logs (audit logs), IP addresses, browser information, and Cookie information.
- Payment Information: Credit card information and bank account information (Note: Payment processing companies directly acquire and manage this; we only retain the payment result).
2. Purpose of Use
We will use the collected information appropriately within the scope of the following purposes:
- To provide, maintain, protect, and improve the Service.
- To propose optimal AI automation plans based on the user's business flow (creation and operation of workflow diagnosis maps).
- To respond to important notices, guidance, and inquiries regarding the Service.
- For billing of usage fees, payment processing, and related administrative procedures.
- To investigate and respond to unauthorized use, violations of the Terms of Service, and security incidents.
- To create statistical data processed so that individuals cannot be identified, and for marketing analysis.
3. Data Transmission to AI Model Providers and Strict Protection
The Service utilizes advanced external AI models such as Google Cloud (Vertex AI) and Anthropic to execute autonomous processing. When transmitting data to these providers, we strictly guarantee the following protection measures:
- Absolute Prohibition of Training Use (Zero Data Retention & Opt-out): Based on Enterprise API contracts, the transmitted data will never be used for the continuous learning, training, or improvement of the AI models of each provider.
- Data Non-retention (Stateless Processing): In temporary processing executed in isolated environments such as Vercel Sandbox and secure containers, the data used for processing is immediately destroyed from physical memory upon task completion or timeout.
4. Provision to Third Parties
Except in the following cases, we will not provide personal information and business data to third parties without obtaining the user's prior consent:
- When disclosure or provision is required by laws and regulations (including the Act on the Protection of Personal Information).
- When it is necessary for the protection of human life, body, or property, and it is difficult to obtain the consent of the individual.
- When it is particularly necessary for improving public health or promoting the sound growth of children, and it is difficult to obtain the consent of the individual.
- When it is necessary to cooperate with a state organ, a local government, or a person entrusted by them in executing the affairs prescribed by laws and regulations.
- When outsourcing all or part of the handling of personal information to a trusted contractor within the scope necessary to achieve the purpose of use (in this case, we will appropriately supervise the contractor).
5. Cookies and Other Tracking Technologies
Our website and the Service use Cookies and similar tracking technologies to understand usage, improve convenience, and deliver appropriate advertisements. Users can disable or reject Cookies through their browser settings, but in that case, some features of the Service may not function properly.
6. Security Management Measures
We take the following necessary and appropriate measures to prevent the leakage, loss, or damage of the acquired personal information and business data and for other security management:
- Technical Protection Measures: Communication encryption (TLS 1.3), database encryption (AES-256), strict access control (principle of least privilege), and introduction of multi-factor authentication.
- Organizational Protection Measures: Appointment of a Chief Information Security Officer, regular security education for employees, and constant monitoring and regular auditing of access logs.
- Physical Protection Measures: Restriction of physical access to servers and network equipment (compliant with cloud provider security standards).
7. Disclosure, Correction, and Suspension of Use of Personal Information
Users may request the disclosure, correction, addition, deletion, suspension of use, or suspension of third-party provision of their personal information held by us. If you wish to make a request, please contact the inquiry window below. After confirming your identity, we will respond within a reasonable period and scope.
8. Changes to Privacy Policy
We may change this Policy from time to time as necessary due to amendments to laws and regulations, changes in service specifications, and other reasons. If we make significant changes, we will notify users in an easy-to-understand manner by posting on our website or directly notifying users. The changed Policy shall become effective at the time it is announced.
9. Contact Us
For opinions, questions, complaints, and other inquiries regarding the handling of personal information under this Policy, please contact the following window.
HadayaLab
Security & Compliance Desk
Email: privacy@hadayalab.com