Privacy Policy

1. Purposes of Processing Personal Data

We collect and process the minimum personal data reasonably necessary to operate NeoSQL. Depending on applicable law, we process personal data on one or more lawful bases, including your consent, performance of a contract, compliance with legal obligations, and our legitimate interests in operating, securing, and improving the Services.

• Account registration, identity verification, sign-in, and account administration
• Providing project storage, synchronization, sharing, recovery, templates, and collaboration features
• Providing ERD creation, schema management, and code generation based on Database Metadata
• Responding to support requests, delivering notices, and handling incidents or technical issues
• Service analytics, security monitoring, abuse prevention, auditing, and handling disputes
• Processing payments, managing subscriptions, billing, invoicing, and refunds for Paid Services

2. Categories of Personal Data We Process

Depending on the type of service and how you use NeoSQL, we may process the following categories of personal data:

• Account registration and standard login: login ID, password, nickname, and email address
• Social login: identifiers, email address, nickname, profile photo, and profile information provided by the relevant social login provider
• Support requests: name, email address, message content, attachments, and support history
• Project sharing and collaboration: invited email addresses, participant nicknames, roles, and access logs
• Automatically collected data: IP address, browser and device information, operating system, access times, usage records, error logs, cookies, and session data
• Project Data: project settings, connection information, table definitions, ERD information, template settings, and user preferences
• Database Metadata: schemas, tables, columns, relationships, constraints, and other structural information
• Paid Service data: order information, payment status, approval and cancellation history, recurring billing status, billing details, refund records, and information needed for invoicing or tax documentation

We generally do not store highly sensitive payment authentication data such as full card numbers or account passwords. Where such data is required to complete a transaction, it is processed by payment processors or other specialized providers rather than by us.

3. Retention Periods

We retain personal data for as long as it is necessary for the purposes described in this Policy, for the duration of your relationship with us, or as required by applicable law. Retention periods may vary depending on your jurisdiction and the type of data involved.

• Account information: until your account is deleted, unless a longer retention period is required by law
• Authentication tokens and session data: until you sign out or the applicable validity period expires
• Project and synchronization data: until you delete it or your use of the Services ends, except where retention is reasonably necessary for backup, security, fraud prevention, or dispute resolution
• Support history: generally up to 3 years after the request is resolved, unless a longer period is needed to resolve disputes or comply with law
• Contract, withdrawal, billing, payment, consumer complaint, and advertising records: retained for the period required by applicable law

4. How We Collect Personal Data

• Directly from you when you register, sign in, make a payment, contact support, share a project, or participate in events or promotions
• Automatically through cookies, logs, usage records, and device or connection information generated as you use the Services
• From third parties such as social login providers, payment processors, or other partners, where you have authorized the transfer or the law otherwise permits it

5. Project Data, Metadata, and Storage Methods

Because of how NeoSQL works, we process Project Data and structural database information.

• We may process Database Metadata such as schemas, tables, columns, relationships, and constraints.
• In offline mode, data may be stored locally on your device, for example in a local file system directory named ".neosql".
• In online mode, data may first be stored in your browser or device storage and then synchronized with remote infrastructure through our synchronization services.
• We focus on the structural information needed to operate the Services, but information you enter, import, or share within your projects may also be stored and processed.

6. Disclosure to Third Parties

We do not disclose personal data to third parties except in the following circumstances:

• Where you have given your prior consent
• Where limited information is shown to collaborators or invited participants as needed for project sharing or collaboration features
• Where disclosure is required by law, regulation, court order, or other legal process, or to enforce our terms or protect the rights, property, or safety of the Company, our users, or others
• In connection with a merger, acquisition, reorganization, financing, asset transfer, or similar corporate transaction (in which case we will notify you of any material change to how your personal data is handled)

We do not sell your personal information for monetary consideration, and we do not share it for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA").

7. Service Providers and Processing on Our Behalf

We may engage service providers to process personal data on our behalf as reasonably necessary to operate the Services, including for cloud hosting, email delivery, authentication, payment processing, subscription management, remote storage, and synchronization infrastructure.

Where required by applicable law, we enter into appropriate contracts with those providers and oversee their handling of personal data.

8. International Transfers

Your personal data may be processed in countries other than your own, including the Republic of Korea, when we use cloud, email, authentication, collaboration, payment, analytics, or other service providers. The data protection laws of those countries may differ from the laws of your jurisdiction.

When we transfer personal data out of the European Economic Area, the United Kingdom, or another jurisdiction with cross-border transfer requirements, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, adequacy decisions issued by the relevant authorities, or other lawful transfer mechanisms. You may contact us using the details in Section 15 to request more information about these safeguards.

9. Deletion and Destruction

Once personal data is no longer needed for the purposes for which it was collected, or once the applicable retention period expires, we will delete or anonymize it without undue delay, unless continued retention is required or permitted by law.

• Electronic files are deleted using methods designed to make recovery difficult or impracticable.
• Paper records are shredded, incinerated, or otherwise securely destroyed.
• Where the law requires separate retention, the relevant information is kept securely and segregated from other data.

10. Cookies and Similar Technologies

We may use cookies and similar technologies to provide, secure, and improve the Services, including to:

• Keep you signed in and handle authentication
• Remember your settings and preferences
• Provide essential features and help secure the Services
• Analyze usage patterns and diagnose errors or incidents

You can control cookies through your browser settings. Blocking cookies may affect features such as automatic sign-in and persistent sessions.

11. Security Measures

• Access controls and permission management
• Protection of transmission channels and authentication credentials
• Logging, monitoring, and anomaly detection
• Limiting personnel access and maintaining internal policies and procedures
• Security updates and vulnerability response

No method of transmitting or storing data electronically is completely secure, and we cannot guarantee absolute security.

If we become aware of a personal data breach that affects your information, we will investigate the incident, take reasonable steps to contain and remediate it, and notify the relevant supervisory authority and affected individuals where, and within the timeframes, required by applicable law.

12. Your Rights and Choices

Depending on where you live and which laws apply, you may have rights regarding your personal data, including the right to:

• Access the personal data we hold about you
• Correct, update, or delete your personal data
• Restrict or object to certain processing
• Withdraw consent where processing is based on consent
• Close your account or stop using the Services

You can exercise these rights through our support channels or by contacting us using the details below. We may need to verify your identity, and we may limit or decline a request where permitted by law. We will not discriminate against you for exercising any of your privacy rights.

Where applicable, you also have the right to lodge a complaint with the data protection or privacy supervisory authority in your jurisdiction. For users in the European Economic Area or the United Kingdom, this is your local data protection authority. For users in California, additional rights regarding the categories of personal data we collect and how it is used may apply, and you may submit verifiable consumer requests using the contact details below.

We do not use your personal data to make decisions that produce legal or similarly significant effects about you solely by automated means without human involvement.

13. Children's Privacy

The Services are not directed to children. We do not knowingly collect personal data from children under the minimum age set by applicable law (for example, under 13 in the United States under the Children's Online Privacy Protection Act, under 16 in many EEA member states under the GDPR, and under 14 in Korea) without the consent of a parent or legal guardian where such consent is required. If you believe that a child has provided personal data to us, please contact us using the details below and we will take appropriate steps to delete the information.

14. Paid Services, One-Time Payments, and Recurring Billing

We may offer, or later introduce, Paid Services, one-time payments, and automatically renewing subscriptions.

• For Paid Services, we may process order details, payment status, approval and cancellation history, refund information, and information needed for invoicing or tax documentation.
• Where recurring billing is offered, we may process information needed to verify payment methods, renew subscriptions, notify you of failed payments, and handle cancellations and refunds.
• We generally do not store full card numbers, account passwords, or other highly sensitive payment authentication data. Such data is typically handled by payment processors or other regulated financial service providers.
• As we expand payment or subscription features, we may update this Policy or the relevant service screens to reflect the payment provider, the data processed, retention periods, and refund or billing practices.

15. Contact for Privacy Matters

If you have questions, complaints, or requests regarding this Privacy Policy or how we handle your personal data, please contact us using the information below.

• Company: Unvus Co., Ltd.
• Email: contact@unvus.com
• Data Protection Officer: to be appointed; updates will be reflected here when available

16. Complaints and Regulatory Contacts

If you are in Korea, you can contact the following organizations for help with privacy-related complaints or disputes. If you are elsewhere, you may also contact your local data protection or consumer protection authority.

• Korea Internet & Security Agency, Privacy Infringement Report Center: privacy.go.kr / 118
• Personal Information Dispute Mediation Committee: kopico.go.kr / 1833-6972
• Supreme Prosecutors' Office of Korea: spo.go.kr / 1301
• Korean National Police Agency: ecrm.police.go.kr / 182

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the law, the Services, or our practices. When we make material changes, we will provide notice through the Services, our website, or another reasonable method as required by applicable law.