Privacy Policy

Required (at registration): - Email address - Name (if provided via social login) - Authentication provider ID (Clerk User ID)

Automatically collected (during Service use): - IP address, User-Agent, access time - Cookies (session management, locale preference) - Video browse, analysis, and save history - Credit deduction and refund records

Payment information (for subscribers): - Payment method data is collected and stored directly by Paddle. We only receive the transaction ID, amount, and status. We do not store card numbers or other sensitive payment details.

Collection methods: direct input by the user, automatic logging during Service use, and transfer from third parties (Clerk, Paddle).

We use collected information for:

• Account authentication and management
• Service delivery (feed, analysis, save, notifications)
• Payment processing and subscription management
• Credit balance tracking and refund processing
• Customer support
• Service improvement and new feature development (statistical, anonymized)
• Fraud prevention and Service security
• Legal compliance

We retain personal information only as long as necessary. Some records are kept for legal compliance:

• Registration/deletion records: Deleted immediately upon account deletion (up to 30 days retained if fraud investigation is needed)
• Contract or withdrawal records: 5 years (Korean E-Commerce Law)
• Payment and service provision records: 5 years (Korean E-Commerce Law)
• Consumer complaint or dispute records: 3 years (Korean E-Commerce Law)
• Access logs: 3 months (Korean Communications Privacy Act)

We do not share personal information with third parties except when:

• You give prior consent
• Required by law or valid law enforcement request

We entrust the following subprocessors to operate the Service:

All processors operate under Data Processing Agreements (DPA) and process personal information only as instructed by the Company.

We transfer personal information internationally for Service operation:

• Destination countries: USA, UK, Singapore (server locations of Clerk, Paddle, Supabase, Google, Cloudflare)
• Data transferred: All items listed in Section 1
• Transfer timing: Continuously during Service signup and use
• Transfer method: Encrypted network (TLS) API communication
• Legal basis: User consent and GDPR Article 46 Standard Contractual Clauses (SCC)
• Retention: As per Section 3

You have the right to refuse international transfer, but Service use may be restricted as a result.

• Essential cookies: Session management, login persistence (Clerk)
• Preference cookies: Language selection (`NEXT_LOCALE`, `supascoop:locale`)
• Analytics cookies (planned): Service usage patterns (separate consent when introduced)

You may disable cookies in your browser settings, but disabling essential cookies will prevent Service use.

You may exercise the following rights (GDPR Articles 16-22 and Korean PIPA Articles 35-37):

• Access: View personal information we hold
• Rectification/Erasure: Correct or delete inaccurate information
• Restriction: Pause processing temporarily
• Portability (GDPR): Receive a copy of your data in structured format
• Withdraw Consent: Revoke consent for collection/use

To exercise these rights, email hi@maestiq.com. We will respond within 10 business days.

We use automated decision-making for:

• Scoop Score calculation: Algorithmic aggregation of view, like, comment, and freshness data (0-100)
• Feed ranking: Country-, category-, and Score-based ranking

You have the right to request an explanation or object to automated decisions. Email hi@maestiq.com to request human review.

We do not knowingly collect personal information from children under 14. If we discover a child under 14 has registered, we will delete the account and collected data immediately.

We have designated a Data Protection Officer (DPO) to oversee privacy matters:

• Name: DongHyun Yoon
• Position: Representative
• Email: hi@maestiq.com

All privacy-related inquiries, complaints, and remedies may be directed to the DPO.

We implement the following safeguards:

• Administrative: Internal management policies, regular staff training
• Technical: TLS/AES encryption, access control, intrusion detection, backups
• Physical: Server room access control (via subprocessors)

We will notify you of material changes to this Policy at least 7 days (30 days for material changes) in advance via in-Service announcement or email.

Effective date: 2026-04-19