NTurn ("Company," "we") respects your privacy and processes personal data in accordance with the Korean Personal Information Protection Act (PIPA), the EU General Data Protection Regulation (GDPR) where applicable, and the California Consumer Privacy Act as amended by the CPRA ("CCPA") where applicable.
1. Data Controller and Contact
- Data Controller: NTurn
- Privacy / Data Protection Contact: eddie@nturn.ai
- EU Representative (GDPR Art. 27) / UK Representative: to be appointed before EU/UK launch
2. Categories of Personal Data We Collect
| Category | Data |
|---|---|
| Account | Email address, name/nickname, password (stored encrypted) |
| Social login | Email and profile identifier provided by the identity provider (e.g., Google) |
| Payment | Payment method and transaction records (processed via payment gateway) |
| Automatically collected | Access logs, IP address, cookies, service usage records |
| Uploaded content | Source files/text for translation (may contain personal data; subject to the short-term retention policy) |
3. Purposes and Legal Bases for Processing (GDPR Art. 6)
| Purpose | Legal basis (GDPR) |
|---|---|
| Account creation, authentication, member management | Performance of a contract |
| Providing and operating the AI translation Service | Performance of a contract |
| Billing and settlement for paid Services | Performance of a contract; legal obligation |
| Security, fraud prevention, service improvement | Legitimate interests |
| Legal compliance and dispute handling | Legal obligation |
4. Recipients and Sub-Processors
We share personal data only with the following service providers acting on our behalf, under data processing terms:
| Recipient | Purpose |
|---|---|
| AI providers (Anthropic, OpenAI, Google, etc.) | AI translation processing, under APIs that prohibit use of input data for model training |
| Payment gateway / identity verification providers | Payment processing and identity verification |
| Cloud infrastructure providers | Server and storage operations |
5. International Data Transfers
Personal data may be transferred to and processed in countries outside your own, including for AI translation processing. Where required, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) and equivalent mechanisms. A copy of the safeguards can be requested via the contact above.
6. Data Retention
- Account data: retained until account closure, then deleted without undue delay.
- Uploaded content (original files): automatically deleted within a maximum of 7 days after upload. Upon a User's request, files are deleted immediately, including within 24 hours of upload.
- Where law requires longer retention (e.g., e-commerce records up to 5 years; access logs 3 months under Korean law), we retain data for those periods.
7. Your Rights (GDPR)
Subject to applicable law, you have the right to: access; rectification; erasure ("right to be forgotten"); restriction of processing; data portability; objection to processing; and withdrawal of consent at any time. You also have the right to lodge a complaint with your supervisory authority (e.g., your national Data Protection Authority, or the Korean Personal Information Protection Commission).
8. Your Rights (CCPA/CPRA — California Residents)
- Right to know what personal information we collect, use, and disclose.
- Right to delete personal information, subject to exceptions.
- Right to correct inaccurate personal information.
- Right to opt out of the "sale" or "sharing" of personal information. We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
- Right to non-discrimination for exercising your rights.
To exercise these rights, contact us at the email above. We will verify and respond within the timeframes required by law.
9. Cookies
We use strictly necessary cookies for authentication and session management. We do not use advertising or cross-site tracking cookies.
10. Children's Privacy
The Service is not directed to children under the age threshold set by applicable law, and we do not knowingly collect their personal data.
11. Security Measures
- Password hashing and encryption in transit (HTTPS).
- Access controls and least-privilege permissions.
- Short-term retention and automatic deletion of uploaded content to minimize exposure.
12. Changes to This Policy
We may update this policy due to changes in law or the Service. We will post the effective date and a summary of material changes within the Service.
Supplementary Provisions
This policy takes effect on June 23, 2026. (Draft — effective date to be confirmed after legal review.)