Privacy Policy
Last updated: February 18, 2026
The original of this policy was written in Korean. To the extent any translated version of this policy conflicts with the Korean version, the Korean version shall prevail.
1. Purposes of Collection and Use of Personal Information
LOING (hereinafter the "Company") collects and uses personal information for the following purposes:
- Member management: Identifying members, verifying identity, and responding to service usage inquiries
- Service provision: Providing customized learning content, managing learning progress, and managing Nogli character data
- Service improvement: Optimizing AI difficulty adjustment through analysis of learning patterns, and developing new services
- AI-based automation: Automatic adjustment of learning difficulty (ELO system), recommendation of customized questions, and generation of TTS audio
- Marketing and notifications: Notifications of events and updates (limited to users who have consented)
2. Items of Personal Information Collected
| Category | Items Collected |
|---|---|
| Required items | Email address, password (encrypted), nickname, learning language settings, native language settings |
| Optional items | Profile picture, self-introduction, phone number, date of birth, nationality |
| Upon social login | Social account identifier (Google ID), profile image (within the scope provided by the relevant platform) |
| Automatically collected | Device information, OS version, app version, access IP, access date and time, learning activity logs, FCM push token |
3. Retention and Use Period of Personal Information
A user's personal information is destroyed immediately after the purposes of its collection and use have been achieved. However, where retention is required under the following statutes, the information is stored separately for the corresponding period:
| Retained Item | Retention Period | Legal Basis |
|---|---|---|
| Records concerning contracts or withdrawal of subscription, etc. | 5 years | Act on Consumer Protection in Electronic Commerce (Korea) |
| Records concerning payment of price and supply of goods, etc. | 5 years | Act on Consumer Protection in Electronic Commerce (Korea) |
| Records concerning consumer complaints or dispute resolution | 3 years | Act on Consumer Protection in Electronic Commerce (Korea) |
| Records concerning labeling and advertising | 6 months | Act on Consumer Protection in Electronic Commerce (Korea) |
| Access logs of the personal information processing system | 1 year or more | Standards for Measures to Ensure the Safety of Personal Information (PIPC notice) |
4. Provision of Personal Information to Third Parties
As a general rule, the Company does not provide users' personal information to third parties. However, the following cases shall be exceptions:
- Where the user has consented in advance
- Where a request is made in accordance with statutes
- Where processing is entrusted within the scope necessary for the provision of services (see Article 5)
5. Entrustment of Personal Information Processing
For the provision of services, the Company entrusts personal information processing tasks as follows:
| Entrustee | Entrusted Task | Retention Period |
|---|---|---|
| Google (Firebase) | Authentication, push notifications, app analytics | Until termination of the entrustment contract |
| Wasabi Technologies | Cloud storage of learning content (audio, images) | Until termination of the entrustment contract |
| OpenAI | AI-based generation of learning questions | Deleted immediately upon completion of processing |
| ElevenLabs | TTS voice synthesis | Deleted immediately upon completion of processing |
| Microsoft (Azure) | TTS voice synthesis | Deleted immediately upon completion of processing |
| Google (AdMob) | Provision of advertising services | Until termination of the entrustment contract |
6. Transfer of Personal Information Abroad
For the provision of services, the Company transfers personal information abroad as follows:
| Destination Country | Entrustee | Items Transferred | Purpose |
|---|---|---|---|
| United States | Google (Firebase) | Device identifier, email | Authentication, push notifications |
| United States | Wasabi Technologies | Learning content files | Cloud storage |
| United States | OpenAI | Learning data (de-identified) | Question generation |
| United States | ElevenLabs | Text data | Voice synthesis |
| United States/Japan | Microsoft (Azure) | Text data | Voice synthesis |
All transfers abroad are carried out in compliance with the protective measures under Article 28-8 of the Personal Information Protection Act (Korea), and the Company has entered into personal information processing entrustment contracts with the relevant entrustees.
7. Procedures and Methods for Destruction of Personal Information
Destruction Procedure
- Selection of items subject to destruction upon expiration of the retention period or achievement of the processing purpose
- Approval by the Chief Privacy Officer
- Execution of destruction and management of records
Destruction Method
- Electronic files: Permanently deleted by technical means that make recovery and reproduction impossible
- Paper documents: Shredded with a shredder or incinerated
8. Measures to Ensure the Safety of Personal Information
The Company takes the following measures to ensure the safety of personal information:
- Encryption: Passwords are stored using bcrypt one-way encryption, and transmission channels are encrypted with SSL/TLS.
- Access restriction: Access rights to personal information are minimized, and access records are managed.
- Access control: Access rights to the personal information processing system are managed on a role-based basis.
- Key management: Sensitive information such as encryption keys and API keys is managed separately as environment variables.
- Security inspection: Regular security inspections and remediation of vulnerabilities are conducted.
9. Users' Rights and How to Exercise Them
Users may exercise the following rights at any time:
- Request to access, correct, or delete personal information
- Request to suspend the processing of personal information
- Request for membership withdrawal
Procedure for Exercising Rights
- Receipt: Submit a request through the in-app settings or to support@loing.app
- Identity verification: Verification of whether the requester is the data subject (additional authentication if necessary)
- Processing: Processed within 10 days from the date of the request
- Notification: The result of processing is notified by email
Membership withdrawal can be made in-app via [Profile > Settings > Delete account] or on the website's Account Deletion Request Page.
10. Information on Automated Decision-Making
Based on a user's learning data, the Company's AI algorithms automatically make the following decisions:
- Adjustment of learning difficulty: Using the ELO rating system, questions suited to the user's level are automatically selected.
- Recommendation of customized content: Personalized learning content is recommended through analysis of learning history.
Users have the right to request an explanation of automated decisions or to refuse automated decisions. For related requests, please contact support@loing.app.
11. Personal Information of Children Under 14 Years of Age
Where the Company collects the personal information of a child under 14 years of age, it obtains the consent of the child's legal representative. The legal representative may request access to, correction, deletion of, or suspension of processing of the child's personal information, in which case the Company shall take the necessary measures without delay.
12. Receipt of Advertising Information
- The Company sends marketing emails and push notifications only where it has obtained the user's prior consent.
- Users may withdraw their consent to receipt at any time in the in-app settings.
- Even after withdrawal of consent to receipt, notifications essential to the operation of the service (security alerts, changes to the terms, etc.) may still be sent.
13. Chief Privacy Officer
Person in charge: Privacy Protection Officer
Email: privacy@loing.app
External Reporting and Counseling Agencies
- Privacy Infringement Report Center: privacy.kisa.or.kr / Tel. 118
- Personal Information Dispute Mediation Committee: www.kopico.go.kr / Tel. 1833-6972
- Supreme Prosecutors' Office Cyber Investigation Division: www.spo.go.kr / Tel. 1301
- National Police Agency Cyber Investigation Bureau: ecrm.police.go.kr / Tel. 182
14. Matters Concerning Changes to the Privacy Policy
This Privacy Policy may be amended in accordance with changes in statutes, policies, or security technologies, and in the event of any amendment, prior notice will be given through in-service announcements or by email.
If you have any inquiries, please contact us at support@loing.app.