RUNEKT Legal · Privacy Policy

Privacy Policy

Version: v2026.06.03  ·  Effective: June 3, 2026

Explains how RUNEKT processes personal information and the rights available to users of the Service.

1. Overview

HoneyMnB. Ltd. ("Company") is committed to protecting personal information in compliance with applicable data protection laws while providing the RUNEKT Service. This Policy explains what personal information we collect, how we use it, to whom we disclose or transfer it, and what rights you have. This Policy applies to users worldwide, including those outside the Republic of Korea.

2. Personal Information We Process

(1) Account Registration and Management: email address, password hash, display name, language preference, email verification timestamp, consent timestamp and version for Terms and Privacy Policy, account status, access logs, account deletion timestamp.

(2) Service Delivery and Operations: conversation content, prompts, uploaded files and metadata, generated output, selected model, routing path, token/credit usage, error logs, usage timestamps, session identifiers.

(3) Payment and Billing: purchased products, payment status, order/receipt/refund records, and information required for tax and accounting. Sensitive payment data (e.g., card numbers) is processed by payment processors, not stored by the Company.

(4) Security and Abuse Prevention: hashed or masked IP addresses, User-Agent strings, access patterns, policy violation events, account sanction records, and appeal content.

3. Purpose of Processing

(1) Member identification, registration verification, email verification, login, and account security;

(2) AI model calls, conversation and file processing, output generation, usage measurement, credit deduction;

(3) Subscription management, auto-renewal, payment, receipt/refund/tax processing;

(4) Fault analysis, error correction, and customer support;

(5) Detection and response to abuse, security threats, policy violations, and payment fraud;

(6) Legal obligation compliance, auditing, and dispute resolution;

(7) Service quality improvement and internal analysis (using de-identified data where applicable).

4. Retention Period

Personal information is deleted promptly after the processing purpose is achieved or upon member request, except:

(1) Account information: until deletion is complete; may be retained longer for disputes, abuse prevention, or legal obligations.

(2) Conversations and files: until deleted by the member or account deletion is complete; backup/log/audit records are deleted or de-identified after a limited period.

(3) Payment, refund, and accounting records: for the period required by applicable law (up to 5 years).

(4) Security and abuse prevention records: up to 3 years.

5. Third-Party Disclosure, International Transfer, and Consent

The Company does not sell your personal information. Depending on the AI model selected, your prompts, conversations, uploaded files, and necessary metadata will be transmitted to AI Model Providers such as OpenAI, Anthropic, Google, and StepFun. These providers may be located in the United States, European Union, Asia, or other jurisdictions outside Korea. By agreeing to the Terms of Service, you expressly consent to this international data transfer. Each AI Model Provider's data processing is governed by their own privacy policies; the Company is not responsible for how AI Model Providers handle your data. The Company may also disclose personal information as required by law, in response to lawful government requests, to protect rights, or to respond to urgent security threats.

6. Processing Entrustment (Sub-Processors)

The Company may entrust hosting, database management, email delivery, payment processing, security monitoring, log analysis, and customer support tasks to third-party service providers. The Company manages sub-processors through contracts to ensure safe data handling. A list of sub-processors will be published in this Policy once confirmed.

7. Cookies and Similar Technologies

The Company uses cookies and local storage for login session maintenance, security, language preferences, theme settings, and service quality analysis. You may disable cookies through your browser settings; however, disabling essential cookies may restrict login-dependent functionality.

8. Your Rights

You have the right to access, correct, delete, restrict processing, withdraw consent, close your account, and request export of your personal information. The Company will process requests within the timeframe required by applicable law after identity verification. Deletion or restriction may be limited for information subject to legal retention obligations, dispute resolution needs, or security requirements.

9. Data Security and Limitations

The Company implements reasonable technical and organizational security measures including access controls, authentication, encryption, logging, backups, vulnerability assessments, and data minimization. The Company cannot guarantee complete security. Absent willful misconduct or gross negligence, the Company is not liable for unauthorized access, hacking, or cyberattacks by third parties.

10. Automated Processing and AI Usage

The Service automatically calls external AI models to generate responses based on member input. AI-generated responses are automated outputs; the Company does not guarantee accuracy, completeness, or currency. Members should carefully consider the risk of transmission to AI Model Providers before inputting personal, sensitive, or confidential information. The Service may use automated analysis of account behavior, usage anomalies, and policy violation signals for abuse prevention and security purposes.

11. Children's Privacy

The Service is not directed at children under 14 years of age. If the Company learns that personal information of a child under 14 has been collected, it will promptly delete such information in accordance with applicable law.

12. Data Deletion

When the retention period expires or the processing purpose is achieved, personal information is promptly deleted using methods that make recovery difficult. Information required by law to be retained is stored separately.

13. Data Processing Upon Service Termination

Upon service termination, the Company will delete personal information within a reasonable period. Records subject to legal retention obligations, minimum records necessary for dispute resolution, and payment/tax records may be retained for the required period. The Company will provide reasonable guidance on data export options before termination.

14. Abnormal Use Response and Appeal Processing

To detect, investigate, and respond to abuse, security threats, payment risks, and policy violations, the Company may process account status, login/session records, hashed or masked IP and User-Agent identifiers, payment/credit records, policy violation events, administrative action records, and appeal content. This information will be retained for the period necessary for review, appeal processing, dispute resolution, and legal compliance, after which it will be deleted or de-identified.

15. Privacy Contact

For privacy-related inquiries, requests to exercise your rights, or to report a potential violation, please contact us through the in-app support channel. If you are located in the European Union, you may also lodge a complaint with your local data protection authority.

16. Policy Changes

The Company may update this Privacy Policy. Material changes will be communicated in advance for a reasonable period. Where separate consent is legally required, such consent will be obtained separately.