Privacy Policy

Effective Date: May 28, 2026 Last Updated: May 28, 2026

This Privacy Policy explains how FooAI ("FooAI," "we," "us," or "our") collects, uses, and protects information when you visit fooai.io (the "Site"). FooAI is a company organized under the laws of the Republic of Korea, and this Site is operated globally from Korea.

1. Scope

This Policy applies only to fooai.io — the FooAI corporate and careers site. Our individual products (including Egglink, FadeTalk, Noteline, LingoFive, RecordPort, and any future brands) operate on separate domains and are governed by their own privacy policies and terms. Please review the policy of each product site before using it.

The Site does not offer accounts, purchases, payments, or user-generated content. It exists to introduce FooAI, share our work, and invite candidates to contact us.

2. Information We Collect

We collect only the minimum information needed to operate the Site and respond to inquiries.

2.1 Information you provide directly

Email correspondence — when you write to us at contact@fooai.io or a similar address, we receive your email address, name, message, and any attachments.
Job applications — when you apply by email, we receive your resume, portfolio, cover letter, and any other materials you attach, plus the metadata of that email.

2.2 Information collected automatically

When you visit the Site, Vercel Analytics records aggregated, cookie-less usage data on our behalf. This includes:

Page URL viewed
Referrer (the prior page that linked you to us)
Browser type and version
Operating system
Approximate country and region (derived from IP address; full IP is not stored)
Timestamp

Vercel Analytics does not use cookies, does not fingerprint your device, and does not track you across sites or sessions. No persistent identifier is created.

2.3 Information we do not collect

The Site does not collect payment information, government identifiers, precise geolocation, biometric data, or any "sensitive personal information" as defined under California or EU law. We do not knowingly collect information from children (see Section 11).

3. How We Use Information

We use the information described above for the following purposes:

Purpose	Information Used
Responding to your inquiry	Email content
Evaluating your candidacy and conducting hiring processes	Job-application materials
Understanding aggregate Site traffic and improving content	Analytics data
Detecting and preventing abuse, security incidents, and fraud	Analytics data, email metadata
Complying with legal obligations and enforcing our Terms	All categories, as necessary

We do not use your information for advertising, profiling, automated decision-making with legal effects, or training machine-learning models.

4. Legal Bases for Processing (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under Article 6 of the GDPR:

Consent (Art. 6(1)(a)) — when you voluntarily send us an inquiry or a job application, you consent to our processing the information you provide for the stated purpose. You may withdraw consent at any time (see Section 8).
Legitimate interests (Art. 6(1)(f)) — operating the Site, measuring aggregate traffic with cookie-less analytics, maintaining security, and recruiting talent. We have assessed these interests against your rights and consider them proportionate.
Legal obligation (Art. 6(1)(c)) — retaining records to comply with tax, accounting, and other statutory duties under Korean and applicable foreign law.

5. Sharing and Disclosure

We do not sell or rent personal information. We disclose information only in the following limited cases:

Service providers (processors) acting on our written instructions:
- Vercel Inc. (United States) — Site hosting and cookie-less analytics
- Google LLC (United States) — Workspace email (contact@fooai.io) and document storage used to receive and review inquiries and applications
Legal and safety disclosures — to comply with a valid legal request from a competent authority, to enforce our Terms, or to protect the rights, property, or safety of FooAI, our users, or the public.
Corporate transactions — in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections and continued application of this Policy or an equivalent one.

We do not share information with advertisers, data brokers, or analytics vendors beyond those listed above.

6. International Transfers

FooAI is based in the Republic of Korea. Because our processors operate from the United States, the information you provide may be transferred to, stored in, and processed in the United States or other jurisdictions whose data-protection laws may differ from those of your country of residence.

When we transfer personal data outside your jurisdiction, we rely on appropriate safeguards, including:

Standard Contractual Clauses approved by the European Commission and the UK Information Commissioner's Office, where applicable.
EU-U.S., UK Extension, and Swiss-U.S. Data Privacy Framework participation by our U.S. processors (Vercel and Google), where applicable.
Korea-equivalent safeguards under Article 28 of the Korean Personal Information Protection Act ("PIPA"), with prior notice and processor agreements as required.

You may request a copy of the safeguards in place for a specific transfer by contacting us at the address in Section 14.

7. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes described in this Policy.

Category	Retention Period
Email correspondence	Up to 2 years from last contact, then deleted
Job-application materials (unsuccessful applicants)	Up to 1 year, unless you ask us to keep them on file longer
Job-application materials (hired applicants)	Transferred to the employee record and retained per Korean labour and tax law
Vercel Analytics data	Aggregated; raw events retained per Vercel's standard retention (typically up to 1 year)
Records required by law (e.g., tax, accounting)	For the period required by applicable statute (typically 5 years under Korean tax law)

When the retention period expires, we delete or irreversibly anonymise the information using secure methods (electronic erasure, document shredding for any printed copies).

8. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal information. We honour all valid requests at no charge and will respond within the time required by applicable law (typically 10 days under PIPA, 30 days under GDPR, 45 days under CCPA).

8.1 Korea — Personal Information Protection Act (Articles 35–39)

Right to access the personal information we hold about you
Right to correction of inaccurate information
Right to deletion (subject to legal retention obligations)
Right to suspend processing
Right to be notified of how your information is used
Right to compensation for damages caused by a violation of PIPA

8.2 European Economic Area, United Kingdom, Switzerland — GDPR / UK GDPR

Access (Art. 15) — confirmation and a copy of your data
Rectification (Art. 16) — correction of inaccurate data
Erasure (Art. 17) — "right to be forgotten" in defined circumstances
Restriction of processing (Art. 18)
Data portability (Art. 20) — receive your data in a structured, machine-readable format
Objection (Art. 21) — including to processing based on legitimate interests
Withdrawal of consent (Art. 7(3)) at any time, without affecting prior lawful processing
Lodge a complaint with your local supervisory authority. A list is maintained by the European Data Protection Board (edpb.europa.eu).

8.3 California — CCPA / CPRA

If you are a California resident, you have the right to:

Know what personal information we have collected, used, and disclosed, including categories, sources, purposes, and recipients
Access a copy of your personal information
Delete your personal information, subject to legal exceptions
Correct inaccurate personal information
Opt out of "sale" or "sharing" — FooAI does not sell or share personal information as those terms are defined under the CCPA, and we have not done so in the preceding 12 months
Limit use of sensitive personal information — we do not collect sensitive personal information
Non-discrimination for exercising your rights

You may also designate an authorised agent to submit requests on your behalf. We will verify your identity using the email address or other information you provide.

8.4 How to exercise your rights

Send a written request to contact@fooai.io with the subject line "Privacy Request" and a description of what you would like us to do. We may ask for information needed to verify that the request is genuinely yours. If we cannot fulfil a request, we will explain why.

9. Cookies and Tracking

The Site does not use cookies. Vercel Analytics, our only analytics tool, operates without cookies and without cross-site tracking. We do not deploy advertising pixels, retargeting tags, or social-media trackers.

If we add any tool that uses cookies or comparable tracking technology in the future, we will:

Update this Policy in advance,
Display a cookie banner where required by law (including the GDPR ePrivacy regime), and
Obtain your consent before activating non-essential trackers.

10. Security

We apply technical and organisational measures appropriate to the sensitivity of the information we process, including:

TLS 1.2+ encryption in transit
Encryption at rest on Vercel and Google infrastructure
Access control on a need-to-know basis for FooAI staff
Regular review of vendor security posture (SOC 2, ISO 27001 where available)
Logging and monitoring for unauthorised access

No system is perfectly secure. In the event of a personal-data breach that meets the notification threshold under PIPA Article 34, GDPR Articles 33–34, or applicable U.S. state law, we will notify regulators and affected individuals within the timeframes required.

11. Children's Privacy

The Site is intended for adults. We do not knowingly collect personal information from children under 14 years of age (the threshold for parental consent under PIPA Article 22-2) or under 13 years of age (the threshold under the U.S. Children's Online Privacy Protection Act). If you believe a child has provided information to us, please contact us at contact@fooai.io and we will delete it promptly.

12. Third-Party Links

The Site contains links to our product sites and to external resources. We are not responsible for the privacy practices of any third party. Review their policies before sharing personal information.

13. Changes to This Policy

We may update this Policy as our practices or the law evolves. When we do:

The Last Updated date at the top of this page will change.
For material changes that affect your rights, we will post a prominent notice on the Site at least 7 days in advance (and 30 days in advance for changes that materially expand our use of personal information).
If we have your email address and a change requires fresh consent, we will reach you directly.

Your continued use of the Site after the effective date of a revised Policy constitutes acceptance of the updated terms, except where additional consent is required by law.

14. Contact Us

Personal Information Protection Officer

Role: Founder & CEO
Email: contact@fooai.io (use the subject line "Privacy Request")
Location: Seoul, Republic of Korea

You may also lodge a complaint with the Korean Personal Information Protection Commission (pipc.go.kr, tel. 1833-6972), the Korea Internet & Security Agency Privacy Call Center (privacy.go.kr, tel. 118), or your local data-protection authority (for EEA, UK, Swiss, or U.S. residents).

15. Governing Law

This Policy is governed by the laws of the Republic of Korea, without regard to conflict-of-laws principles. Rights afforded under the GDPR, UK GDPR, CCPA/CPRA, and other applicable laws are preserved for residents of those jurisdictions.

This English version is the operative text. A Korean translation may be provided for convenience; in case of conflict, the English version controls except where Korean law requires otherwise.