Tridot Inc. (hereinafter the "Company") complies with the Personal Information Protection Act and applicable laws and regulations to protect the freedoms and rights of data subjects. The Company hereby establishes and discloses this Privacy Policy to ensure the lawful processing and safe management of personal information.
| Category | Details |
|---|---|
| Service Name | AVADOT |
| Data Controller | Tridot Inc. |
| Key Information Processed | Member information, login data, age verification data, AI conversation content, character settings, AI-generated content, uploaded files, voice/video usage data, payment and refund records, usage logs, device information, report/block records |
| AI Learning and Improvement | Members may opt out of having their data used for future AI learning through settings or customer support. |
| Chief Privacy Officer | Kyung-Chan Jeon / CEO / official@tridot.io / +82-10-6708-1246 |
| Contact for Inquiries | official@tridot.io |
| Effective Date | June 10, 2026 |
The Company processes personal information for the following purposes and legal bases. Personal information being processed is not used for purposes other than those stated below. If the purpose of processing changes, the Company will obtain separate consent or take necessary measures in accordance with applicable laws.
| Purpose | Details | Legal Basis |
|---|---|---|
| Registration and Account Management | Verification of registration intent, member identification and authentication, account creation and management, login, identity verification, age verification, membership maintenance and restriction, prevention of account misuse, various notices and notifications | Contract performance, consent, legal obligation |
| AI Character Service | AI character conversations, voice/video interactions, character creation/editing/sharing, AI-generated content, conversation history storage, maintaining user settings, personalized experience | Contract performance, consent |
| Paid Services and AVADOT Links | Payment processing, top-up, link deduction, subscription, auto-renewal, withdrawal of subscription, refund, overpayment processing, payment history management, prevention of fraudulent payments | Contract performance, legal obligation |
| Customer Support and Dispute Resolution | Inquiry processing, identity verification, response, complaint handling, refund guidance, report processing, rights infringement response, dispute mediation, record retention | Contract performance, legal obligation, legitimate interest |
| Service Safety and Fraud Prevention | Abnormal usage detection, abuse prevention, hacking/identity theft/spam/macro prevention, reporting/blocking, youth protection, AI safety management, terms violation investigation | Legitimate interest, legal obligation |
| Service Improvement and New Feature Development | Quality improvement, error analysis, statistical analysis, AI response quality improvement, recommendation/personalization improvement, new service development | Consent, legitimate interest, pseudonymized data processing |
| Marketing and Events | Event operations, benefit provision, promotion notifications, advertising messages, targeted marketing | Optional consent |
| Legal Compliance | E-commerce record retention, telecommunications data retention, tax documentation, response to requests from investigative/judicial/administrative agencies | Legal obligation |
The Company processes the minimum personal information necessary for service provision. Basic services are available without consenting to optional items; however, certain features requiring those items may be restricted.
| Category | Personal Information Items | Retention Period |
|---|---|---|
| Required | Email address, password (encrypted), nickname or name, service language, registration date, member identifier | Until membership withdrawal |
| Social Login | Identifier provided by social login provider, email address, profile information consented to by the member | Until membership withdrawal |
| Identity/Age Verification | Name, date of birth, gender, mobile phone number, carrier, connecting information (CI) or duplicate subscription confirmation information (DI), verification result | Until membership withdrawal or retention period required by law |
| Account Security | Login records, password change records, account status, restriction records, identification information for withdrawal/re-registration prevention | 7 days after withdrawal for fraud prevention, or as required by operational policy |
| Category | Personal Information Items | Retention Period |
|---|---|---|
| AI Conversations | Text entered by member, prompts, conversation content, interaction records with characters, AI responses and generated results | Until membership withdrawal or deletion by member |
| Character Creation/Management | Character name, profile, settings, personality, background, images, visibility, tags, author information | Until membership withdrawal or deletion by member |
| Image/File Features | Images uploaded by member, files, attachments, image generation request information, generated results | Until membership withdrawal or deletion by member |
| Voice/Video Features | Voice input, voice-generated content, video call usage data, call time, call duration, quality/error logs, voice/video generated results | Period necessary for service provision and quality management |
| Reports/Blocks | Report target, report reason, report content, processing result, blocked member/character information, operational action records | Period necessary for dispute resolution and fraud prevention |
The Company does not use voice or video data as biometric information for member identification. However, if members include sensitive personal information in conversations or files during service use, such information may be included in and processed as part of AI conversation and content data. Please exercise caution when entering information.
| Category | Personal Information Items | Retention Period |
|---|---|---|
| Payments | Payment method type, payment date/time, payment amount, purchased product, order number, transaction identifier, app marketplace receipt information, payment status | Retention period per applicable e-commerce laws |
| AVADOT Links | Paid and free link grant/use/deduction/expiration records, balance, validity period, refund eligibility | Until membership withdrawal or retention period required by law |
| Refunds/Overpayments | Refund application details, refund reason, refund amount, refund processing records, identity verification information, bank account information (if required) | Retention period per applicable laws after refund completion |
The Company does not directly store core payment method information such as credit card numbers or account passwords. Payment processors or app marketplaces may process such information. Actual processing methods depend on the payment method and app marketplace policies.
| Category | Personal Information Items | Retention Period |
|---|---|---|
| Customer Support | Email address, name or nickname, mobile phone number (if needed), inquiry content, attachments, response content, processing result | 3 years after inquiry resolution or retention period required by law |
| Events | Name, nickname, email address, mobile phone number, shipping address, participation records, winning records, information for tax withholding | Retention period per applicable laws after event conclusion and prize delivery |
| Marketing | Email address, mobile phone number, push token, advertising identifier, marketing consent status and date, interests, service usage behavior | Until consent withdrawal or membership withdrawal |
The following information may be automatically generated or collected during service use.
| Category | Personal Information Items | Retention Period |
|---|---|---|
| Access and Usage Records | IP address, cookies, access date/time, visit records, click/search/view records, content usage records, error logs, fraud records | Until purpose achievement or retention period required by law |
| Device Information | Device model, operating system, browser information, app version, language, country, device identifier, advertising identifier, push token | Until purpose achievement or membership withdrawal |
| Security Information | Login failure records, abnormal access records, block/sanction records, report processing records | Period necessary for fraud prevention and dispute response |
The Company destroys personal information without delay when it becomes unnecessary due to expiration of the retention period, achievement of the processing purpose, membership withdrawal, or consent withdrawal. However, information required to be retained by applicable laws is stored separately for the applicable period.
| Item | Legal Basis | Retention Period |
|---|---|---|
| Records on contracts or withdrawal of subscriptions | Act on Consumer Protection in Electronic Commerce | 5 years |
| Records on payment settlement and supply of goods | Act on Consumer Protection in Electronic Commerce | 5 years |
| Records on consumer complaints or dispute resolution | Act on Consumer Protection in Electronic Commerce | 3 years |
| Records on labeling and advertising | Act on Consumer Protection in Electronic Commerce | 6 months |
| Books and supporting documents for tax transactions | Framework Act on National Taxes, Corporate Tax Act, etc. | 5 years |
| Access logs and telecommunications data | Protection of Communications Secrets Act | 3 months |
| Records for fraud prevention | Legitimate interest and dispute response | Reasonable period necessary to achieve purpose |
Even after membership withdrawal, public characters being used by other members, public content, report/dispute processing records, and records required to be retained by law may be retained for a necessary period and, where possible, anonymized or de-identified.
The Company does not, in principle, provide personal information to third parties. However, personal information may be provided in the following cases:
When the Company provides personal information to third parties, it will notify and obtain consent regarding the recipient, purpose, items provided, retention and usage period, right to refuse consent, and disadvantages of refusing consent.
Currently, the Company does not regularly provide personal information to any third party (Not applicable).
The Company may entrust some personal information processing tasks to external specialists for smooth service provision. The Company supervises and manages the trustees to ensure they safely process personal information when entering into entrustment contracts.
| Processor | Delegated Tasks |
|---|---|
| Amazon Web Services, Inc. (AWS) | Data storage, server operation, infrastructure management |
| Google LLC (Gemini API) | AI response generation, image generation |
| Google LLC (Firebase Authentication) | Member authentication, social login |
| RevenueCat, Inc. | Payment processing, receipt verification, refund processing |
| Apple Inc. (App Store) | In-app payment processing |
| Google LLC (Google Play) | In-app payment processing |
| Google LLC (GA4) / PostHog, Inc. / Microsoft Corporation (Clarity) | Service usage analysis, error analysis, performance improvement |
| Functional Software, Inc. (Sentry) | Error analysis, performance monitoring |
| Langfuse GmbH | LLM response quality monitoring |
When trustees or entrusted tasks change, the Company will promptly disclose the changes through this Privacy Policy or obtain prior consent as required by applicable laws.
When clouds, AI models, analytics tools, or customer support tools used for service provision are operated by overseas entities or store/process data in overseas regions, personal information may be transferred abroad. The Company will fulfill notification and protective measures under the Personal Information Protection Act when overseas transfers occur.
AWS uses the Seoul Region (ap-northeast-2) and is therefore not subject to overseas transfer. The following entities transfer data overseas.
| Recipient | Country | Purpose |
|---|---|---|
| Google LLC (Gemini API) | United States | AI response and generation |
| Google LLC (Firebase Authentication) | United States | Member authentication and social login |
| Google LLC (Google Analytics 4) | United States | Service analysis and improvement |
| RevenueCat, Inc. | United States | Payment processing and refund management |
| PostHog, Inc. | United States | Product analysis and improvement |
| Microsoft Corporation (Clarity) | United States | Service UX analysis and improvement |
| Functional Software, Inc. (Sentry) | United States | Error analysis and performance monitoring |
| Langfuse GmbH | Germany | LLM response quality monitoring |
Data subjects may refuse overseas transfer of personal information. However, refusing overseas transfers that are essential for service provision may restrict the use of corresponding features or services.
The Company may pseudonymize and utilize personal information for statistical compilation, scientific research, service improvement, AI safety analysis, quality enhancement, and fraud prevention.
| Purpose | Information Pseudonymized | Retention Period |
|---|---|---|
| AI response quality improvement and safety analysis | AI conversation content, input data, AI-generated content, character settings, report/block records | Within 5 years after pseudonymization |
| Service usage analysis and new feature development | Service usage records, click/view records, error logs, device information | Within 5 years after pseudonymization |
| Fraud detection and security improvement | Abnormal usage records, sanction records, access logs, payment anomalies | Until purpose achievement |
The Company stores pseudonymized information and additional information separately, restricts access rights, and does not process pseudonymized information for the purpose of identifying specific individuals. If information capable of identifying specific individuals is generated during pseudonymized data processing, the Company will immediately cease processing and retrieve and destroy such information.
The Company may collect service usage records and behavioral information through cookies, SDKs, advertising identifiers, analytics tools, and similar technologies on websites and applications.
| Items Collected | Collection Method | Purpose | Retention Period |
|---|---|---|---|
| Cookies, visit records, click/search/view records | Automatic collection during website visits or app use | Login maintenance, user convenience, service analysis, error improvement | Until purpose achievement |
| Advertising identifiers, device information, app usage events | Collection through SDKs during app launch or use | Personalized services, advertising measurement, fraud prevention | Until purpose achievement or consent withdrawal |
| Access logs, IP address | Automatic collection during service access | Security, incident response, legal record retention | 3 months per Protection of Communications Secrets Act, etc. |
Analytics and advertising tools used by the Company:
Data subjects may refuse cookie storage or processing of behavioral information for targeted advertising purposes through the following methods:
Refusing cookies or behavioral information collection may restrict login maintenance, personalized features, event participation, or use of certain services.
The Company may request the following access permissions in mobile applications. Basic services are available without consenting to optional permissions; however, features requiring those permissions may be restricted.
| Permission | Required | Purpose |
|---|---|---|
| Camera | Optional | Profile images, character images, image input or video features |
| Photos/Media/Files | Optional | Image upload, AI image generation, saving or sharing generated content |
| Microphone | Optional | Voice input, AI voice calls, voice generation features |
| Notifications | Optional | Service announcements, chat notifications, payment/refund/event alerts |
| Device Information | Required / Automatic | Security, error analysis, service optimization, fraud prevention |
Access permissions can be changed in the device settings menu.
The Company implements the following measures to prevent loss, theft, leakage, forgery, alteration, or damage of personal information:
Data subjects may exercise the following rights against the Company at any time:
These rights may be exercised through in-service settings, customer support channels, or email (official@tridot.io). The Company may verify whether the person requesting rights exercise is the data subject or a legitimate representative, and may request documents such as a power of attorney to verify authority when a representative exercises rights.
The Company will process requests for rights exercise within the period prescribed by applicable laws. However, requests may be restricted in whole or in part if other laws require retention of the personal information, if there is a risk of infringing on the life, body, property, or rights of others, or if it would be difficult to perform the service contract.
The Company may utilize automated systems in service operations including AI recommendations, content filtering, fraud detection, youth protection, and spam prevention.
Where the Company makes decisions that significantly affect the rights or obligations of a data subject by processing personal information through a fully automated system, the data subject may request rejection of the decision, an explanation, or reprocessing with human intervention in accordance with applicable laws.
The Company will provide necessary explanations or reprocessing measures upon request from data subjects unless there are legitimate reasons not to. However, requests may be limited when automated decisions fall under legal exceptions, such as when special provisions exist in applicable laws or when they are necessary for contract performance.
The Company designates a Chief Privacy Officer to oversee personal information processing operations and handle complaints, damage relief, and rights exercise requests related to personal information.
| Category | Details |
|---|---|
| Chief Privacy Officer | Kyung-Chan Jeon |
| Title | CEO |
| Contact | official@tridot.io / +82-10-6708-1246 |
| Rights Exercise Contact | official@tridot.io |
Data subjects may contact the following institutions for consultation or remedies regarding personal information infringement.
| Institution | Contact | Website |
|---|---|---|
| Personal Information Infringement Report Center (KISA) | 118 | privacy.kisa.or.kr |
| Personal Information Dispute Mediation Committee (KOPICO) | 1833-6972 | www.kopico.go.kr |
| Supreme Prosecutors' Office, Cyber Investigation Division | 1301 | www.spo.go.kr |
| National Police Agency Cyber Crime Report System | 182 | ecrm.police.go.kr |
When the Company modifies this Privacy Policy, it will announce the changes, effective date, and reasons for the change through in-service notices or the website at least 7 days before the effective date. If the changes materially affect the rights of data subjects, the Company will provide notice at least 30 days in advance or individually notify data subjects through reasonable means such as email or push notifications.
1. This Privacy Policy shall be effective as of June 10, 2026.
2. Previous versions of this Privacy Policy may be viewed through in-service notices or a separate link.
3. Company Information