LeeonIPL (the "Company") establishes and discloses this Privacy Policy in accordance with applicable laws to protect the personal information of users of the FindIP service (the "Service") and to handle related concerns promptly and smoothly.
1. Categories of Personal Information Collected
The Company collects the following personal information to provide the Service.
- Required: email address, password
- Optional: name
- Automatically collected: IP address, cookies, service usage records, API call logs
- At payment (paid subscribers): card brand, last 4 digits, expiry month/year (the full card number, CVC, and card password are entered and transmitted directly through the Paddle.com Market Limited ("Paddle") checkout and are not stored on Company servers)
- When registering business information (optional): business name, business registration number, representative name, business address, industry/category, tax invoice email address
2. Purpose of Collection and Use
- Member registration and management: identity verification, prevention of fraudulent use
- Service delivery: API key issuance, usage management, customer support
- Payment processing, settlement, and automatic recurring charges
- Issuance of electronic tax invoices (limited to users who have registered business information)
- Payment-related notifications such as failures and renewals (cannot be opted out of under Korean e-commerce law)
- Service improvement and statistical analysis
- Delivery of announcements and service-related notices
3. Retention and Use Period
Personal information is destroyed immediately upon account withdrawal. However, the following items are retained pursuant to applicable laws.
- Records on contracts or withdrawal of subscription: 5 years (Act on Consumer Protection in Electronic Commerce)
- Records on payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce)
- Electronic tax invoice records: 5 years (Framework Act on National Taxes)
- Business information (name, registration number, etc.): 5 years after the end of the transaction
- Records on consumer complaints or dispute resolution: 3 years
- Access logs: 3 months
4. Provision to Third Parties
The Company does not, in principle, provide users' personal information to outside parties. The following are exceptions.
- When the user has given prior consent
- When required by law, or when an investigative agency requests it for the purpose of an investigation in accordance with the procedures and methods prescribed by law
5. Outsourcing of Personal Information Processing
The Company outsources the processing of personal information as follows to improve the Service.
- Payment and seller of record: Paddle.com Market Limited (UK) — global card payments, recurring billing, tax (VAT/sales tax) reporting, and refund processing. Paddle acts as the Merchant of Record for this transaction and is responsible for payment, taxes, and refunds.
- Receipts and tax invoices: invoices issued by Paddle at the time of payment serve as receipts; tax invoices for Korean business users are issued upon separate request.
- Email delivery: Resend — transactional emails such as payment notifications and renewal alerts
- Authentication: Google Firebase Auth — member authentication
- Data storage: Google Firestore — storage of member, subscription, and payment information
- Hosting: Google Cloud Platform / Firebase App Hosting — service operation
- Operational alerts: Telegram — Enterprise inquiry intake and payment-anomaly alerts (internal operator channel)
Recipients may not use personal information for any purpose other than the entrusted task, and the Company periodically reviews their compliance with personal-information protection measures.
6. International Transfer of Personal Information
The Company transfers personal information internationally to operate the Service as follows. Users have the right not to consent to such transfers, but withholding consent may restrict the use of core service features such as payment, login, and email notifications.
| Transferee (Contact) | Country | Items Transferred | Purpose | Retention |
|---|---|---|---|---|
| Paddle.com Market Limited (privacy@paddle.com) | UK · EU | email, payment method (card brand, last 4 digits, expiry), billing country, IP | Global card payments, recurring billing, tax reporting, refund processing (Merchant of Record) | 7 years after end of transaction (UK accounting law) |
| Resend, Inc. (security@resend.com) | USA | email, name, send metadata | Transactional email delivery | Send logs up to 30 days |
| Google LLC (Firebase Auth) (support-kr@google.com) | USA | email, password hash, UID, auth tokens, login IP | Member authentication and session management | Until account withdrawal |
| Google LLC (Firestore) (support-kr@google.com) | USA | member, subscription, payment, usage metadata | Storage of member/subscription/payment data | Until account withdrawal (excluding statutorily retained items) |
| Google LLC (Cloud Platform / Firebase App Hosting) (support-kr@google.com) | USA | access IP, request logs, cookies, user agent | Service hosting, operation, traffic monitoring | Access logs 3 months |
Time and method of transfer: Data is transmitted in real time over an encrypted HTTPS (TLS) channel when the user uses the corresponding feature (registration, login, payment, email delivery).
Safeguards: The Company has executed Standard Contractual Clauses (SCCs) or Data Processing Agreements (DPAs) with each processor and applies in-transit encryption (TLS), access controls, and access-log monitoring.
7. Rights of Users
- Users may at any time access or correct their personal information.
- Users may withdraw consent to the collection and use of personal information by withdrawing their account.
- Inquiries regarding personal information may be directed to the Data Protection Officer.
8. Rights of Users in the EEA / United Kingdom (GDPR)
If you reside in the European Economic Area or the United Kingdom, you have the following rights with respect to your personal data under the General Data Protection Regulation:
- Right of access — to confirm whether the Company processes your data and to obtain a copy
- Right to rectification — to correct inaccurate or incomplete data
- Right to erasure ("right to be forgotten") — to request deletion in cases provided by law
- Right to restriction of processing — to limit how your data is used in specific circumstances
- Right to data portability — to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller
- Right to object — to object to processing based on legitimate interests, including profiling
- Right to withdraw consent — at any time, without affecting the lawfulness of processing prior to withdrawal
- Right to lodge a complaint with a supervisory authority
To exercise any of these rights, contact the Data Protection Officer (see §10). The Company will respond within one (1) month, extendable by two further months for complex requests.
9. Rights of Users in California (CCPA / CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
- Right to know what personal information the Company collects, uses, discloses, and sells
- Right to delete personal information the Company has collected, subject to legal exceptions
- Right to correct inaccurate personal information
- Right to opt out of sale or sharing — the Company does not sell or share personal information for cross-context behavioral advertising. There is therefore nothing to opt out of, but you may submit such a request and we will confirm.
- Right to limit use of sensitive personal information
- Right to non-discrimination for exercising any of these rights
To exercise these rights, contact the Data Protection Officer (see §10).
10. Data Protection Officer
- Name: Lee Geon-cheol
- Title: Data Protection Officer / Privacy Inquiries
- Email: contact@findip.ai
- Phone: +82-2-864-6222
11. Destruction of Personal Information
- Personal information whose retention period has expired or whose processing purpose has been achieved is destroyed without delay.
- Information in electronic-file form is permanently deleted in a manner that cannot be recovered.
12. Use of Cookies
The Company uses cookies for authentication-session management. Users may refuse cookie storage through their browser settings, although doing so may restrict service usage.
This Privacy Policy takes effect from July 8, 2025. Payment- and tax-invoice-related items were added on April 13, 2026; Telegram operational alerts were added on April 25, 2026; Paddle payment processing and the international-transfer items were added on May 9, 2026.