Smooth AI Privacy Policy
Frictionless Inc. (hereinafter "Company") values the personal information of users and complies with relevant laws and regulations including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection. Through this Privacy Policy, the Company informs users how their personal information is used and what measures are taken to protect their personal information.
Article 1 (Items and Methods of Personal Information Collection)
1. Personal Information Items Collected
A. Items collected during membership registration
- [Required] Email address, password, name (or nickname)
- [Optional] Profile picture, occupation, company name, contact information
B. Items collected when using paid services
- [Required] Payment information (card number, expiration date, payment password, etc.), payment records
C. Items automatically collected during service use
- - Device information: IP address, device identifier, operating system, browser type and version
- - Service usage records: Access date and time, usage records, cookies, access logs
- - When using AI services: Voice data, meeting recording and text conversion data, analysis result data
2. Methods of Personal Information Collection
- - Direct input by users during membership registration and service use
- - Automatic collection during service use
- - Collection through customer service consultations
Article 2 (Purpose of Collection and Use of Personal Information)
The Company uses the collected personal information for the following purposes:
1. Service Provision and Operation
- - Member identification and identity verification
- - Providing AI-based real-time translation, speech suggestions, and feedback services
- - Meeting content analysis and report generation
- - Preserving records related to service use
2. Member Management
- - Identity verification for membership service use
- - Personal identification, prevention of unauthorized use by problematic members
- - Confirmation of registration intent, registration and registration frequency restrictions
- - Record preservation for dispute resolution
- - Complaint handling and delivery of notices
3. Paid Service Provision
- - Payment and settlement for paid services
- - Subscription management and payment history management
- - Refund processing
4. Service Improvement and Development
- - Development of new services and improvement of existing services
- - AI model training and performance improvement (after anonymization)
- - Service usage statistical analysis
- - Providing personalized services to users
5. Marketing and Advertising Use (with optional consent)
- - Providing event and promotion information
- - New service announcements
Article 3 (Retention and Use Period of Personal Information)
1. In principle, the Company destroys personal information without delay after the purpose of collection and use has been achieved. However, the following information is retained for the specified period for the following reasons:
A. Information retention according to Company internal policy
- - Records of unauthorized use: 1 year (prevention of unauthorized use)
B. Information retention according to relevant laws
- - Records of contracts or subscription withdrawal: 5 years (Act on Consumer Protection in Electronic Commerce)
- - Records of payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce)
- - Records of consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce)
- - Website visit records: 3 months (Protection of Communications Secrets Act)
2. Personal Information Processing upon Member Withdrawal
Upon member withdrawal, the Company destroys the member's personal information without delay. However, if retention is required by relevant laws, the information is stored separately for the applicable period and then destroyed.
Article 4 (Provision of Personal Information to Third Parties)
- The Company processes users' personal information only within the scope specified in Article 2 and does not process beyond the original scope or provide it to third parties without prior consent from users.
- However, the following cases are exceptions:
- - When the user has consented in advance to third-party provision
- - When required by law or when requested by investigative agencies according to procedures and methods prescribed by law for investigation purposes
- - When necessary for statistical compilation, academic research, or market research and provided in a form that cannot identify specific individuals
Article 5 (Entrustment of Personal Information Processing)
1. The Company entrusts personal information processing as follows for smooth service provision:
| Entrusted Company | Entrusted Tasks | Retention and Use Period |
|---|
| Payment Gateway (PG) Company | Payment processing and payment information management | Until termination of entrustment contract |
| Cloud Service Provider | Data storage and server operation | Until termination of entrustment contract |
| AI Service Provider | Speech recognition (STT), real-time feedback generation, translation, natural language processing, report generation | Until termination of entrustment contract |
| Customer Service Agency | Customer inquiry response | Until termination of entrustment contract |
2. When entering entrustment contracts, the Company clearly stipulates compliance with personal information protection regulations, confidentiality of personal information, prohibition of third-party provision, liability for damages in case of incidents, entrustment period, and obligations to return or destroy personal information after processing is complete, and supervises entrusted companies to process personal information safely.
Article 6 (Procedures and Methods for Destroying Personal Information)
1. Destruction Procedures
The Company destroys personal information without delay when it becomes unnecessary due to expiration of retention period, achievement of processing purpose, etc.
2. Destruction Methods
- - Information in electronic file format: Complete deletion using technical methods to prevent recovery and reproduction
- - Personal information printed on paper: Shredding with a shredder or incineration
Article 7 (Rights of Users and Legal Representatives and How to Exercise Them)
1. Users may exercise the following rights related to personal information protection against the Company at any time:
- - Request to view personal information
- - Request for correction if there are errors in personal information
- - Request for deletion
- - Request to suspend processing
2. How to Exercise Rights
- - Direct processing through settings menu within the service
- - Request via email or customer center
- - Contact the Personal Information Protection Officer in writing, by phone, or by email
3. If a user requests correction or deletion of errors in personal information, the Company will not use or provide the personal information until the correction or deletion is complete.
4. In the case of children under 14 years of age, legal representatives may request viewing, correction, deletion, or suspension of processing of the child's personal information.
Article 8 (Measures to Ensure Security of Personal Information)
The Company takes the following measures to ensure the security of personal information:
1. Administrative Measures
- - Establishment and implementation of internal management plan for personal information
- - Minimization of employees handling personal information and regular training
- - Regular internal audits of personal information processing systems
2. Technical Measures
- - Encryption of personal information (passwords, payment information, etc.)
- - Installation and updates of security systems against hacking
- - Installation of access control systems and authority management
- - Storage and prevention of forgery/alteration of personal information access records
3. Physical Measures
- - Access control to computer rooms, data storage rooms, etc.
Article 9 (Installation, Operation, and Rejection of Cookies)
1. Purpose of Using Cookies
The Company uses cookies to provide more appropriate and useful services to users. Cookies are used for the following purposes:
- - Analysis of users' access frequency and visit time
- - Understanding users' interests and preferences
- - Providing personalized services through analysis of service usage records
2. Installation, Operation, and Rejection of Cookies
Users have the option to accept or reject cookie installation. Through web browser options, users can allow all cookies, go through confirmation each time a cookie is stored, or refuse storage of all cookies.
3. How to Set Cookies (Examples)
- - Chrome: Settings > Privacy and Security > Cookies and Other Site Data
- - Safari: Preferences > Privacy
- - Firefox: Settings > Privacy & Security > Cookies and Site Data
4. If you refuse to store cookies, some services may be difficult to use.
Article 10 (Special Provisions for Personal Information Processing Related to AI Services)
1. Collection of Voice and Meeting Data
The Company collects users' voice data, meeting recording data, and text conversion data to provide AI-based English coaching services.
2. Purpose of Data Processing
- - Providing real-time translation and summary services
- - Providing speech suggestion features
- - Generating post-meeting feedback and analysis reports
- - AI model training and service quality improvement (after anonymization)
3. Data Retention Period
- - Meeting data: Securely stored with end-to-end encryption (immediately deleted upon user's deletion request)
- - Analysis reports: Retained until member withdrawal
4. User Rights
- - Users may request deletion of meeting data and analysis reports at any time.
- - Users may refuse the use of their data for AI training purposes.
5. Third-Party Voice Data
Users must not provide data containing others' voices or personal information to the Company without their consent when using the service. All legal responsibility arising from violation of this lies with the user.
6. AI Technology and External Data Transfer
The Company utilizes the following AI technologies to provide services, and user data may be transferred to external AI services for service provision:
| AI Function | Data Transferred | Processing Purpose |
|---|
| Speech-to-Text (STT) | Voice data (real-time streaming) | Real-time speech transcription |
| Real-time English Feedback | Transcribed text | Grammar/expression coaching feedback generation |
| Speech Suggestions/Translation/Reports | Transcribed text, conversation context | Conversation suggestions, translation, analysis report generation |
※ External AI service providers may be located overseas, and user data may be transferred internationally for service provision.
7. AI-Generated Content Notice
The following outputs provided by this service are automatically generated by artificial intelligence:
- - Real-time English feedback (grammar, expression corrections, etc.)
- - Speech suggestions (response suggestions based on conversation context)
- - Word/sentence translation
- - Meeting analysis reports
AI-generated content is for reference purposes only and does not replace professional advice. The Company discloses to users that content is AI-generated in accordance with Korea's "Framework Act on the Development of Artificial Intelligence and Establishment of Trust."
Article 11 (Personal Information Protection Officer)
The Company has designated a Personal Information Protection Officer as follows to be responsible for overall personal information processing and to handle user complaints and remedy damages related to personal information processing:
▶ Personal Information Protection Officer
- - Name: Hansol Lee
- - Position: CTO
- - Email: hansol@trysmooth.ai
Users may contact the Personal Information Protection Officer regarding all inquiries, complaints, and damage remedies related to personal information protection arising from using the Company's services. The Company will respond to and process user inquiries without delay.
Article 12 (Methods for Remedying Rights Violations)
Users may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc. to receive remedies for personal information infringement.
- - Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
- - Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
- - Supreme Prosecutors' Office Cyber Investigation Division: 1301 (www.spo.go.kr)
- - National Police Agency Cyber Bureau: 182 (ecrm.cyber.go.kr)
Article 13 (Changes to Privacy Policy)
- This Privacy Policy is effective from the effective date, and in case of additions, deletions, or corrections due to changes in laws and policies, changes will be announced through notices 7 days before the implementation of changes.
- In case of significant changes to users' rights, notice will be given 30 days before the implementation of changes.
Article 14 (Effective Date)
This Privacy Policy is effective from January 1, 2026.