Postlab AI

Privacy Policy

This document outlines our principles and procedures regarding the collection, use, and retention of user personal information to protect your privacy.
Announcement Date: March 22, 2026 Effective Date: March 22, 2026
Postlab Co., Ltd. (the "Company") complies with the Personal Information Protection Act and other relevant laws, placing the highest priority on protecting users' personal information and rights. This Privacy Policy is intended to clearly explain the Company's responsibilities and the User's rights. It may be amended in accordance with changes in laws or Company policies, and any changes and effective dates will be announced via the website notices.

1. Definitions

A. "Personal Information" refers to information relating to a living individual that can identify the specific individual by name, resident registration number, etc. (including information that, even if it cannot identify a specific individual by itself, can be easily combined with other information to do so), and pseudonymized information. B. "User" refers to members and non-members who access POSTLABAI and receive services provided by the Company in accordance with this policy. C. "Member" refers to a person who has registered as a member by providing personal information to the Company. D. "Non-member" refers to a person who uses the services provided by the Company without registering as a member.

2. Consent to Collection of Personal Information

The Company provides a procedure for Users to select "Agree" or "Disagree" regarding the contents of the Privacy Policy or Terms of Service. If a User expresses intent to agree, it is considered consent to the collection of personal information.

3. Items Collected and Methods of Collection

A. Items of Personal Information Collected

The Company collects the following personal information for member registration, customer consultation, and service provision:
CategoryItems Collected/UsedPurpose of Collection/UseRetention Period
Sign-up (General)Email, password, name, title, organization nameMember identification, service provision, notice delivery, consultation responseUntil membership withdrawal or period required by law
Sign-up (OAuth)OAuth identifier, email, name, profile imageEasy login provision, account linkageUntil membership withdrawal or period required by law
Paid Service BillingPayment method info (card company, partial card number, payment ID), billing infoFee payment, settlement, refund processing, service provision5 years from payment date (Act on the Consumer Protection in Electronic Commerce) or period required by law
Service UsageService usage records, access logs, browser info, IP, device infoService quality improvement, security, prevention of fraudulent use, statistical analysisUp to 1 year from collection or period required by law
Customer SupportEmail, contact info, inquiry details, attachmentsComplaint handling, maintenance of consultation records3 years after consultation ends (Act on the Consumer Protection in Electronic Commerce) or period required by law

B. Methods of Collection

The Company collects personal information through the following methods:
  • Direct input by the User during the membership registration and service usage process.
  • Collection through customer center inquiries, consultations, emails, and written forms.
  • Information automatically generated during the service usage process (log data, cookies, etc.).
  • Provided by affiliates with the User's consent.

C. [IMPORTANT: Google Workspace Data Access & Scope Specificity]

* Data Access & Scope Justification: We request access to specific Google APIs (`gmail.readonly`, `gmail.modify`, `gmail.compose`, `gmail.send`, `gmail.labels`, `drive`, and `calendar`) strictly to allow the user's AI assistant to read, search, summarize, draft content, and organize mailbox labels on the user's behalf within the application. * Limited Use Policy: Our use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4. Purpose of Collection and Use of Personal Information

  • Service provision and contract fulfillment, user identification, identity verification.
  • Service improvement, new service development, customized service provision.
  • Customer consultation, complaint handling, delivery of notices and announcements.
  • Billing, payment, settlement, and refund of fees.
  • Prevention of illegal/fraudulent use, security maintenance, accident prevention and analysis.
  • Fulfillment of legal obligations and record preservation.

5. Data Retention and Destruction

  • The Company destroys personal information without delay after the purpose of collection and use has been achieved. However, in the following cases, it may be retained for a certain period in accordance with relevant laws:
  • Records on contracts or withdrawal of subscription: 5 years
  • Records on payment and supply of goods, etc.: 5 years
  • Records on consumer complaints or dispute resolution: 3 years
  • Records on identity verification: 6 months
  • Records on visits (access logs, etc.): 3 months
  • If it is necessary to preserve information according to the provisions of relevant laws, the Company retains the personal information for the period specified by the respective laws.

[Zero Data Retention for Google Data]

* Stateless Proxy: The Company's application operates strictly as a stateless proxy. * Zero Data Retention Principle: All Google Workspace data (emails, calendar events, drive files) is processed strictly in-memory for the duration of the active session to fulfill the user's immediate request. It is NEVER stored, logged, or retained in any database or physical storage belonging to the Company. * Immediate Destruction: Because no data is physically stored, all Google Workspace data instantly and automatically vanishes the moment the session or request concludes.

6. Procedure and Method of Destruction

  • Destruction Procedure: Personal information is transferred to a separate DB (or a separate filing cabinet for paper) after the retention period has expired or the purpose of processing has been achieved, and is destroyed after being stored for a certain period according to internal policies. It will not be used for any purpose other than retention required by law.
  • Destruction Method: Paper documents are shredded or incinerated, and electronic files are deleted using technical methods that render the records unrecoverable.

7. Provision of Personal Information to Third Parties

  • The Company processes the User's personal information only within the scope of the purpose of collection and use, and does not provide it to third parties without the User's prior consent.
  • However, exceptions may apply in the following cases:
  • If the User has consented to disclosure or third-party provision in advance.
  • If required by law, or if there is a request from investigative agencies in accordance with the procedures and methods prescribed by law for investigative purposes.
  • If necessary for statistical compilation, academic research, or market research, and provided in a form that cannot identify specific individuals.

8. Entrustment of Personal Information Processing

  • The Company may entrust personal information processing to external specialized companies if necessary to provide stable services, and will manage and supervise them in accordance with relevant privacy laws.
  • The entrusted company, details of the entrusted task, and entrustment period will be announced in this Privacy Policy or separate notices.

[Third-Party LLM Transfer & Zero Training Guarantee]

* Core Functionality Only: We transfer data to specific sub-processors (Azure OpenAI and Google Gemini APIs) solely for the purpose of providing the core AI chat functionality. * Zero Training Guarantee: We use enterprise-tier APIs, and we strictly guarantee that Google Workspace data is NEVER used to develop, improve, or train generalized AI and/or machine learning models.

9. Rights of Users and Legal Representatives

  • Users and legal representatives can view or modify their personal information at any time and may request the suspension of personal information processing.
  • If you wish to delete personal information or withdraw membership, you can request it through the settings menu within the service or the customer center, and the Company will take necessary action without delay.
  • The Company is not responsible for any problems arising from the User's failure to promptly update their personal information.
Revoking Google Account Access: Users may revoke the application's access to their Google Workspace data at any time by visiting their Google Account Permissions page (https://myaccount.google.com/permissions) and removing Postlab. Because our application operates on a strict zero-retention basis, revoking access immediately severs the connection, and there is no residual Google Workspace data stored on our servers to delete.

10. Matters Concerning the Installation, Operation, and Refusal of Automatic Data Collection Devices

  • The Company may use automatic collection devices such as cookies, ADID, and IDFA to provide personalized services to Users. Users may refuse such collection.
  • How to refuse cookie settings:
  • Chrome: Settings > Privacy and security > Cookies and other site data > Block cookies
  • Safari: Settings > Safari > Privacy > Block all cookies
  • Firefox: Settings > Privacy & Security > Cookies and Site Data > Block or allow
  • Microsoft Edge: Settings > Cookies and site permissions > Manage and delete cookies and site data
Refusing cookies may restrict the use of some services, such as login.
  • How to refuse ADID/IDFA collection:
  • ADID: Settings > Google > Ads > Opt out of Ads Personalization
  • IDFA: Settings > Privacy > Apple Advertising > Limit Ad Tracking

11. Technical and Administrative Safeguards

A. Technical Measures

  • Password Encryption: Member passwords are encrypted and stored, and can only be checked and changed by the user themselves.
  • Security Systems: We apply the latest security solutions and conduct regular inspections to prevent personal information from being leaked or damaged by hacking, viruses, etc.

B. Administrative Measures

  • Access Rights Management: We minimize the number of personnel handling personal information and implement regular training and password management policies for those personnel.
  • Dedicated Privacy Organization: We operate an internal inspection system to constantly check compliance with policies and take immediate action if issues are discovered.

12. Contact Information for the Privacy Officer

Privacy Officer

  • Name: Sehyun Jung
  • Position: CTO
  • Contact: contact@postlab.ai
Users may report any privacy-related complaints arising from the use of the Company's services to the Privacy Officer or the responsible department, and the Company will provide prompt and sufficient responses.

13. Duty of Notification

If this Privacy Policy is amended due to changes in laws, policies, or security technologies, the Company will announce the revised contents and effective date through website notices at least 7 days in advance. For changes that significantly affect Users, the advance notice period will be extended.
Postlab AI Agent