Privacy Policy
This policy describes what sinho ("we", "us") collects when you use sinho.ai and related services (the "Service"), why we collect it, and the choices you have. We keep it deliberately short because we collect deliberately little.
1. What we collect
- Account data — your email address, a password hash if you set a password, and the identity reference from your sign-in provider (e.g. Google or Kakao) if you use social sign-in. We never receive your provider password.
- Billing data — your subscription plan, status, billing period, currency, and invoice records. Card details go directly to Stripe, our payment processor; we never see or store card numbers.
- Preferences and content you create — settings such as signal lists and display preferences.
- Security and service logs — IP address, timestamps, and request metadata used for authentication, rate limiting, fraud prevention, and debugging.
We do not run advertising trackers or third-party analytics, and we do not sell or rent personal data. Cookies are limited to what sign-in strictly requires (your session).
2. How we use it
- To provide and secure the Service (accounts, sessions, entitlements).
- To bill subscriptions and send transactional email: verification, password reset, payment receipts, payment-failure notices, and the pre-renewal reminder required for Korean cardholders. We do not send marketing email.
- To meet legal obligations (tax and accounting records, consumer-protection notices).
3. Who processes it
- Stripe — payment processing (card data, charges, invoices).
- Amazon Web Services — hosting and email delivery. Service data is stored in the AWS Seoul region (ap-northeast-2).
These processors act on our instructions. We share data with authorities only where the law requires it.
4. Retention
- Account data is kept while your account exists. When you delete your account, data is purged within 30 days, except records we must keep longer by law.
- Billing and tax records are retained for the periods required by applicable law (in Korea, generally 5 years for commerce records).
- Security logs are kept briefly and rotated.
5. Your rights
You may access, correct, export, or delete your personal data, and object to or restrict certain processing, subject to applicable law (including the Korean Personal Information Protection Act). Most of it you can do in the app's Settings; for anything else, email daniel@sinho.ai and we will respond promptly.
6. Security
Passwords are stored only as modern salted hashes (Argon2id); transport is TLS everywhere; access to production data is restricted and audited; payment credentials never touch our systems.
7. Children
The Service is not directed to children and may not be used by anyone under 18 (or the age of majority in your jurisdiction).
8. Changes and contact
We will announce material changes to this policy in the Service or by email. Privacy questions: daniel@sinho.ai.