Privacy Policy
Last updated: May 2026
1. Introduction & Data Controller
EMORA AI operates this platform and acts as the data controller for all personal data processed through this service.
Contact: administrator@tryemora.com | DPO: administrator@tryemora.com Phone: +82-10-5170-5136.
By using EMORA AI, you acknowledge this Privacy Policy governs how we collect, use, and protect your information.
2. Data We Collect
- Account: email address, username, hashed password, registration date
- Profile: display name, avatar, bio, language preference
- Usage: chat logs, characters interacted with, session activity, mission progress
- Payment: billing details processed via Toss Payments Co., Ltd. (payment processing including cards, transfers, and mobile pay; card/account data held exclusively by Toss Payments β we do not store raw card data)
- Technical: IP address, browser/device type, cookies, log data
- Date of birth: collected to comply with COPPA (under-13) and GDPR-K (under-16 EEA) parental consent requirements (flag only, no document stored)
- Communications: support emails, feedback submissions
3. Legal Basis for Processing (GDPR Art. 6)
- Contract performance (Art. 6(1)(b)): operating your account, delivering services
- Legitimate interests (Art. 6(1)(f)): fraud prevention, security, analytics, improving services
- Legal obligation (Art. 6(1)(c)): tax records, law enforcement requests, safety obligations
- Consent (Art. 6(1)(a)): optional features such as marketing communications
4. How We Use Your Data
- Providing and maintaining the platform and its features
- Processing payments and managing GEM balances
- Personalising your experience (language, character recommendations)
- Detecting fraud, abuse, and illegal content
- Complying with legal and regulatory obligations
- Communicating service updates, security notices, and support responses
5. Data Sharing & Disclosure
We do NOT sell, rent, or trade your personal data.
- Toss Payments Co., Ltd.: payment processing (cards, transfers, mobile pay) and fraud prevention. Payment identifiers only (card/account data held exclusively by Toss Payments). Retention: 5 years per e-commerce law.
- xAI / Grok: AI text and image generation (api.x.ai)
- Vercel: hosting and edge delivery (United States)
- Supabase / AWS Tokyo (ap-northeast-1): database and file storage
- Law enforcement: when required by valid legal process
- NCMEC / IWF: mandatory reporting of child sexual abuse material if detected
6. International Data Transfers
- South Korea: primary development and operations
- Japan / AWS Tokyo (ap-northeast-1): database and storage
- United States / Vercel: hosting infrastructure
- Transfers to countries outside the EEA are covered by Standard Contractual Clauses (SCCs) pursuant to GDPR Chapter V.
7. Data Retention
- Account data: retained for the life of the account + 90-day grace period after deletion
- Chat logs: 12 months from creation
- Payment records: 7 years (tax and legal obligation)
- Safety / moderation logs: 3 years
- Encrypted backups: purged within 30 days of the original data deletion
8. Your Rights Under GDPR
EEA/UK residents may exercise the following rights. We respond within 30 days.
- Access: request a copy of your personal data
- Rectification: correct inaccurate or incomplete data
- Erasure ('right to be forgotten'): request deletion where no overriding legal basis exists
- Restriction: limit processing while a dispute is resolved
- Portability: receive your data in a structured, machine-readable format
- Object: oppose processing based on legitimate interests
- Automated decisions: request human review of automated decisions that affect you
- Lodge a complaint: contact your local Data Protection Authority
- Email administrator@tryemora.com or administrator@tryemora.com to exercise your rights.
9. CCPA Rights (California Residents)
- Know: request disclosure of the categories and specific pieces of data we collect
- Opt-out of sale: N/A β we do not sell personal information
- Deletion: request erasure of your personal information
- Correction: request correction of inaccurate personal information
- Non-discrimination: exercising your rights will not affect your access to services
- Submit requests to: administrator@tryemora.com β we respond within 45 days
10. Korean Personal Information Protection Act (PIPA / κ°μΈμ 보보νΈλ²)
- Data controller (μ²λ¦¬μ): EMORA AI
- Purpose of collection (μμ§ λͺ©μ ): account management, service delivery, legal compliance
- Retention period (보μ κΈ°κ°): 90-day grace period following account closure, unless otherwise required by law
- Users in South Korea may exercise rights under PIPA by contacting administrator@tryemora.com
11. Cookies
- Essential cookies: required for authentication and session management β cannot be disabled
- Functional cookies: language preference, theme settings β optional
- We do NOT use tracking cookies or third-party advertising cookies
12. Children's Privacy (COPPA / GDPR-K)
EMORA does not knowingly collect personal data from children under 13 years of age (or under 16 in the European Economic Area). If you are under 13 (or under 16 in the EEA), please do not use our service without verifiable parental consent. If we discover that we have collected personal data from a child below the applicable age threshold without parental consent, we will delete that data promptly. Parents or guardians may contact us at administrator@tryemora.com.
13. Security
- Data in transit: TLS 1.2+ encryption
- Data at rest: AES-256 encryption
- Passwords: bcrypt hashing (never stored in plaintext)
- Regular security reviews and penetration testing
- Data breach notification: affected users and relevant authorities notified within 72 hours per GDPR Art. 33
14. Contact Us
- General: administrator@tryemora.com
- Privacy / GDPR: administrator@tryemora.com
- Data Protection Officer: administrator@tryemora.com
- Legal: administrator@tryemora.com
- Safety / CSAM: administrator@tryemora.com
- CCPA requests: administrator@tryemora.com
Last updated: May 2026. This Privacy Policy supersedes all prior versions.