Privacy Policy
Entity: Digitalog Technologies Inc.
Last updated: 2026.06.21
Digitalog collects the minimum personal data needed to operate digitalog.ai, respond to sales and recruiting inquiries, send press releases, and run the Digitalog products (Conma AI, Marcomm AI, etc.). This Policy reflects the requirements of the Korean Personal Information Protection Act (PIPA), the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), the Japanese Act on the Protection of Personal Information (APPI), the Singapore Personal Data Protection Act (PDPA), the French Loi Informatique et Libertés (LIL), and the German Bundesdatenschutzgesetz (BDSG). The Korean version is the canonical text.
1. Scope
This Policy covers digitalog.ai, the marketing channels we operate directly, our sales form, and our recruiting forms. Our products (Conma AI, Marcomm AI, etc.) are governed by separate product-specific privacy notices.
2. Data Controller
The controller is Digitalog Technologies Inc. A dedicated GDPR Article 27 representative for the EU will be appointed and published separately.
3. Categories of Personal Data
We collect the following categories. (1) Sales-form submissions: name, business email, company, role, country, product of interest, employee count, message, consent flag. (2) Recruiting submissions: name, email, role applied for, resume/portfolio, optional information you provide. (3) Newsletter subscription: email, subscription category, subscription timestamp. (4) Automatically collected: access IP (immediately anonymised), browser, OS, access timestamp, path, referrer. Plausible Analytics aggregates anonymously and stores no IP or cookie. (5) Cookies: a single NEXT_LOCALE language-preference cookie (12 months). No tracking cookies. We do not collect special-category data (race, religion, political opinion, health, sexual orientation, etc.) and do not knowingly process the data of children under 14 (PIPA) / under 16 (GDPR).
4. Purposes of Processing
We use the data only to: – Respond to sales inquiries and follow up – Run recruiting processes and notify candidates – Send newsletters and manage subscriptions – Analyse site operations and improve content – Respond to security incidents and prevent abuse – Comply with legal obligations We do not use the data for marketing profiling or ad targeting.
5. Legal Bases (GDPR / UK GDPR)
Where GDPR or UK GDPR applies, we rely on the following bases: – Consent (Art. 6(1)(a)): newsletter, optional fields – Contract (Art. 6(1)(b)): sales/recruiting follow-up – Legal obligation (Art. 6(1)(c)): tax, employment, accounting compliance – Legitimate interests (Art. 6(1)(f)): security, abuse prevention, site analytics Under Korean PIPA, processing is based on consent (Art. 15) or contract/legal obligation. Under Japanese APPI, processing is based on consent or statutory exception. For California residents under CCPA/CPRA, we do not 'Sell' or 'Share' personal information.
6. Retention
Retention windows: – Sales-form data: up to 12 months after the conversation closes – Recruiting submissions: 6 months for non-hired candidates (12 months with talent-pool consent); hired candidates fall under the employment policy – Newsletter subscription: until unsubscribed – Plausible aggregates: up to 24 months – Server logs: discarded within 24 hours Longer retention applies only where required by law (commerce, communications-secrecy, tax).
7. Recipients / Processors
We do not sell or rent personal data. We rely on the following processors, each bound by a GDPR Art. 28-compliant Data Processing Agreement: – Resend (email delivery, EU data centres) – Vercel Inc. (web hosting, global edge, SOC 2 Type II) – Plausible Analytics (EU-based anonymous analytics) – Polar.sh (per-product subscription billing) – Neon Database (PostgreSQL hosting, SOC 2 Type II)
8. International Transfers
Personal data may be transferred to the United States (Vercel, selected AWS regions), the EU/EEA (Resend, Plausible Analytics), and Singapore (selected AWS regions). We rely on adequacy decisions where available (incl. the EU-US Data Privacy Framework) or on EU SCCs. We never transfer data outside Korea without the consent or legal basis required by PIPA Art. 28-8, and never outside Japan without APPI Art. 24 compliance.
9. Universal Data-Subject Rights
Every data subject may: – Access the data we hold – Request correction / deletion – Withdraw consent / request a stop on processing – Object to automated decisions – Lodge a complaint with a data-protection authority Send requests to dpo@digitalog.ai. Identity verification may be required. We reply within 30 days (GDPR/UK GDPR) or 10 days (PIPA).
10. EU / UK Rights (GDPR)
Residents of the EU or UK have the following additional rights under GDPR Art. 15-22 and UK GDPR: – Right of access (Art. 15) – Right to rectification (Art. 16) – Right to erasure / right to be forgotten (Art. 17) – Right to restrict processing (Art. 18) – Right to data portability (Art. 20) – Right to object (Art. 21) – Right not to be subject to automated decisions (Art. 22) – Right to lodge a complaint with the supervisory authority — e.g. Korea PIPC, UK ICO, France CNIL, Germany BfDI, Ireland DPC Where processing is based on consent, you may withdraw it at any time; withdrawal does not affect prior lawful processing.
11. California Rights (CCPA / CPRA)
California residents have the following rights: – Right to Know the categories collected, used and shared – Right to Delete – Right to Correct – Right to Opt-Out of Sale/Sharing — Digitalog does not Sell or Share personal information, so no opt-out is required – Right to Limit Use of Sensitive Personal Information – Right to Non-Discrimination Send requests to dpo@digitalog.ai. We also accept California 'Shine the Light' third-party direct-marketing disclosure requests via the same channel. Requests via an Authorized Agent require power-of-attorney and identity verification.
12. Korea PIPA Rights
Under the Korean PIPA, data subjects may: – Request to access their data (Art. 35) – Request correction or deletion (Art. 36) – Request a stop on processing (Art. 37) – Withdraw consent or close their account – Claim damages (Art. 39) File complaints with the Personal Information Protection Commission (pipc.go.kr) or the Privacy Infringement Center (privacy.go.kr, hotline 182).
13. Singapore PDPA Rights
Singapore residents may exercise access, correction, withdrawal of consent, and (once in force) data-portability rights under the PDPA 2012. Requests to dpo@digitalog.ai; replies within 30 days. Complaints to the PDPC at pdpc.gov.sg.
14. Japan APPI Rights
Japanese individuals may request disclosure (Art. 33), correction/addition/deletion (Art. 34), and a stop on use or third-party provision (Art. 35). Requests to dpo@digitalog.ai or a designated Japanese representative. Complaints to the Personal Information Protection Commission at ppc.go.jp.
15. Automated Decisions and Profiling
We do not perform automated decisions producing legal or similarly significant effects on data subjects via the company website. Plausible Analytics is fully anonymous and does not build individual profiles.
16. Children
The company website is not intended for children under 14 (PIPA) or 16 (GDPR; lower thresholds 13-16 vary by Member State). If we learn we have collected such data without parental consent, we delete it immediately. The same applies to data of children under 13 under the U.S. COPPA.
17. Cookies and Similar Technology
We use a single strictly necessary cookie (NEXT_LOCALE, 12 months) for language preference, and no tracking cookies. See the separate Cookie Policy for detail.
18. Security Measures
We follow ISO 27001 / SOC 2-aligned controls: – TLS 1.3 in transit and AES-256 at rest – Least-privilege access with MFA – Periodic security reviews and external penetration tests – 12-month access-log retention and SIEM monitoring – 72-hour incident notification to supervisory authorities where required by GDPR Art. 33
19. Data Protection Officer
All data-protection enquiries: dpo@digitalog.ai. A formal GDPR Art. 37 DPO appointment will follow recruitment.
20. Complaints and Supervisory Authorities
Data subjects may file complaints with the relevant authority, including: – Korea: Personal Information Protection Commission (pipc.go.kr); Privacy Infringement Center (privacy.go.kr / hotline 182) – UK: ICO (ico.org.uk) – France: CNIL (cnil.fr) – Germany: BfDI (bfdi.bund.de) and the relevant state authority – Ireland: DPC (dataprotection.ie) – Japan: PPC (ppc.go.jp) – Singapore: PDPC (pdpc.gov.sg) – U.S. California: California Attorney General (oag.ca.gov/privacy)
21. Changes to this Policy
We may update this Policy to reflect legal, policy, or technical changes. Material changes are notified via the website and, where possible, by email. The updated Policy applies from its publication date; prior versions are available on request.
22. Contact
For questions or to exercise rights: – Email: dpo@digitalog.ai (Data Protection Officer)