Privacy Policy
Effective date: May 1, 2026
Didymus Lab (the "Service") establishes and discloses this Privacy Policy in accordance with the Personal Information Protection Act (Act No. 19234, as amended in 2023), in order to protect users' personal information and to handle related grievances promptly and smoothly.
This English translation is provided for your convenience. The Korean version is the legally binding text.
How the content you provide is protected
- · Scripture passages and notes are used solely to generate your reports and are never used to train AI models.
- · We do not provide your data to third parties for marketing or sales purposes.
- · Notes on the Standard plan and above are stored encrypted with AES-256.
- · When you withdraw, your email, name, and church name are de-identified immediately, and usage records are fully deleted after 6 months.
Article 1 (Items of Personal Information Collected and Methods of Collection)
The Service collects the following personal information.
| Category | Items Collected | Method of Collection |
|---|---|---|
| Membership registration | Kakao account unique ID, email address, name, affiliated church | Kakao OAuth authentication and registration form input |
| Service use | Scripture passage, sermon type, sermon date, additional requests, feedback content | Request form and feedback form input |
| Waitlist application | Name, email address, affiliated church, contact (optional), desired plan | Waitlist application form input |
| Payment | Business registration number or mobile phone number for cash receipt issuance | Upon separate request |
| Automatic collection | Access IP, access date and time, service usage records | Automatically collected by the system |
Membership registration
Kakao account unique ID, email address, name, affiliated church
Kakao OAuth authentication and registration form input
Service use
Scripture passage, sermon type, sermon date, additional requests, feedback content
Request form and feedback form input
Waitlist application
Name, email address, affiliated church, contact (optional), desired plan
Waitlist application form input
Payment
Business registration number or mobile phone number for cash receipt issuance
Upon separate request
Automatic collection
Access IP, access date and time, service usage records
Automatically collected by the system
Article 2 (Purposes of Collection and Use of Personal Information)
The personal information collected is used only for the following purposes.
- Member identification, Kakao OAuth authentication, and service provision
- Receiving requests and delivering reports
- Delivering notices related to the Service, report completion notifications, and other communications (via email)
- Receiving feedback and providing responses
- Issuing cash receipts (upon request)
- Service improvement and statistical analysis (after de-identification)
- Preventing illegal or fraudulent use and handling violations of the terms of service
Article 3 (Retention and Use Period of Personal Information)
Personal information is destroyed promptly once the purpose of its collection and use has been achieved. However, it is retained for the following periods where required by applicable law.
- Member information: destroyed promptly upon membership withdrawal or service termination (provided that, where necessary for dispute resolution, it is retained until the dispute is resolved)
- Service usage records (request history): 6 months after withdrawal
- Waitlist application information: destroyed promptly upon completion of registration or withdrawal of the application
- E-commerce records (contracts, withdrawal of subscription, payment): 5 years (Act on Consumer Protection in Electronic Commerce)
- Records of consumer complaints and dispute handling: 3 years (Act on Consumer Protection in Electronic Commerce)
- Access logs: 3 months (Protection of Communications Secrets Act)
Article 4 (Provision of Personal Information to Third Parties)
As a rule, the Service does not provide users' personal information to third parties. The following cases are exceptions.
- Where the user has consented in advance
- Where investigative authorities or others request it pursuant to law
Article 5 (Outsourcing of Personal Information Processing)
The Service outsources the following tasks to external providers.
| Outsourced Party | Outsourced Task | Retention and Use Period |
|---|---|---|
| Vercel Inc. | Web server hosting, file (PDF) storage | Term of the outsourcing agreement |
| Supabase Inc. | Database (PostgreSQL) server operation | Term of the outsourcing agreement |
| Resend Inc. | Email delivery (notifications, announcements) | Term of the outsourcing agreement |
| Anthropic PBC | AI report generation (processing of Scripture passages and request content) | Term of the outsourcing agreement |
| Kakao Corp. | Member authentication (OAuth 2.0) | Term of the outsourcing agreement |
Vercel Inc.
Web server hosting, file (PDF) storage
Term of the outsourcing agreement
Supabase Inc.
Database (PostgreSQL) server operation
Term of the outsourcing agreement
Resend Inc.
Email delivery (notifications, announcements)
Term of the outsourcing agreement
Anthropic PBC
AI report generation (processing of Scripture passages and request content)
Term of the outsourcing agreement
Kakao Corp.
Member authentication (OAuth 2.0)
Term of the outsourcing agreement
Vercel, Supabase, Resend, and Anthropic maintain their servers in the United States, so personal information may be transferred overseas. Each provider holds internationally recognized security certifications (such as SOC 2). Anthropic processes the Scripture passages and request content submitted by members in order to generate AI reports, and such data is not used to train AI models. Kakao maintains its servers in the Republic of Korea.
Article 6 (Rights and Obligations of Data Subjects and How to Exercise Them)
Users may exercise the following rights. (Articles 35 through 37 of the Personal Information Protection Act)
- Right of access: the right to request access to one's own personal information processed by the Service
- Right to correction and deletion: the right to request correction or deletion of personal information that is inaccurate or no longer necessary
- Right to suspension of processing: the right to request that the processing of personal information be suspended
- Withdrawal of consent: the right to withdraw consent to the collection and use of personal information at any time
To exercise these rights, please send an email request to didymus@didymuslab.com, and we will act on it. We will notify you of the outcome within 10 days of receiving the request.
Article 7 (Destruction of Personal Information)
- Personal information whose retention period has elapsed or whose processing purpose has been achieved is destroyed without delay.
- Electronic files: permanently deleted in a manner that renders recovery impossible
- Paper documents: shredded or incinerated
Article 8 (Technical and Administrative Measures for the Protection of Personal Information)
- Authentication security: Kakao OAuth 2.0 authentication is supported, and for email registration, passwords are stored only as bcrypt one-way hashes (no plaintext is retained)
- Session management: session IDs are issued from cryptographically secure random values
- Data encryption: request content on the Standard plan and above is stored encrypted with AES-256-GCM
- Communication encryption: HTTPS (TLS) is applied
- Access control: direct database access is blocked for anyone other than the operator
- Regular security reviews and vulnerability checks
Article 9 (Use of Cookies)
- The Service uses session cookies to maintain login status.
- Session cookies are deleted upon logout. When "keep me logged in" is enabled, they are retained for up to 7 days.
- The Service does not use cookies for advertising or tracking purposes.
- Users may refuse cookies through their browser settings, but login will not be possible if they do.
Article 10 (Personal Information Protection Officer)
For inquiries, complaints, and remedies related to the processing of personal information, please use the contact below.
Personal Information Protection Officer: Didymus Lab Operator
Email: didymus@didymuslab.com
To report or seek advice regarding infringement of personal information, you may contact the Personal Information Protection Commission (privacy.go.kr, dial 182 without an area code).
Date of notice: April 15, 2026
Effective date: May 1, 2026