# Privacy Policy for the Entire PrivateStater Product Line Last Modified: March 29, 2026 (UTC+9 Seoul Time) PrivateStater takes privacy very seriously and thoroughly protects and transparently manages the personal information of its service users in accordance with South Korea's Personal Information Protection Act and related laws. For better privacy, it is recommended to periodically check the transparency report and warrant canary. https://privatestater.com/privacy # Article 1 - Items of Personal Information Collected and Retention Period ## 1. When using PrivateStater ### Items collected by the website administrator - List of registered projects (e.g., my-blog) - List of registered websites (e.g., my-blog-web) - List of registered hostnames (e.g., privatestater.com) - Team members and users with pending invitations (e.g., gpdir16, john03) ### Items collected from visitors when using Analytics All data is anonymized and not linked to personal information, so it is impossible to identify, track, or connect individuals. - Browser type (e.g., Firefox, Tor Browser) - Language settings (e.g., ko-KR, en) - Device type (e.g., Desktop) - Date of visit (e.g., 2025/05/03) - Page visited (e.g., /blog/post1.html) - Referrer (e.g., duckduckgo.com) - Click event ID (e.g., signup-button, hero-cta) - Temporary visitor ID for duplicate prevention (24-hour TTL) - Session history (e.g., / visit -> /docs visit -> /pricing visit) If a request is presumed to be from a crawler, the following information may be additionally collected: - Crawler name and provider (e.g., DuckDuckBot, AhrefsBot) ### Items collected from visitors when using Captcha The captcha widget processes the following information when a user attempts a captcha. No information is sent before the user triggers it. - Success status (e.g., true, false) - Attempt date (e.g., 2025/05/03) - Requested hostname - Temporary captcha ID (120-second TTL) ### Items collected from visitors when using Feedback When you send feedback through the feedback widget, it processes the following information. No information is sent before the user triggers it. - Feedback content (e.g., "This page is too slow") - Submission date (e.g., 2025/05/03) - Star rating (e.g., 1-5) - Email address (if attached by the user) - Screenshot (if attached by the user) - Browser/device information (if attached by the user) - Language information (if attached by the user) - Page URL (if attached by the user) - Console logs (if attached by the user) ## 2. When using PrivateStater ID ### Information collected from users **Username** - Example: gpdir16 - Retention Period: Deleted upon account deletion - Description: A virtual name to distinguish users **Hashed Password** - Example: 65c21f0... - Retention Period: Old hash is deleted when the password is changed - Description: A one-way encrypted password that cannot be recovered **Email Address** - Example: hello@privatestater.com - Retention Period: Old email address is deleted when the email is changed/deleted - Description: The user's email address **Information collected by Paddle** https://www.paddle.com/legal/privacy ### Information stored internally **Session Key** - Example: dj43g9q5... - Retention Period: Deleted upon logout or automatically after 7 days from creation - Description: A means to temporarily authenticate a user, randomly generated upon login **Purchased Items** - Example: {"wdt": "true"} (part of the value stored on the server) - Retention Period: Information on the PrivateStater server is deleted upon account deletion, but information stored on Paddle is not deleted for payment security - Description: A list of paid services the user has purchased or subscribed to for a license, and partial information from the device used at the time of purchase for verification ## 4. Information collected when using LocalKeys ### Information collected from users - No information is collected except for the license information stored at the time of purchase. ### Information stored internally - No information is collected except for the license information stored at the time of purchase. # Article 2 - User Rights and How to Exercise Them You can view, modify, or delete your account information at any time. To delete your account, click on Account > Delete Account in the PrivateStater ID dashboard. To download all your information, please contact hello@privatestater.com. # Article 3 - Provision of Personal Information to Third Parties As a general rule, PrivateStater does not provide or share collected personal information with external companies or third parties. However, it may be provided only in the case of a legal request, and in this case, we will send an email to the relevant user (if possible) about the matter. # Article 4 - Special Provisions for Residents of the European Union and European Economic Area This provision applies to residents of the European Union (EU) and the European Economic Area (EEA). ## 3. Data Storage Location Below are the locations where all data is stored: - MongoDB: DigitalOcean's FRA1 (Germany) region - Redis: Redis Cloud - Amazon Web Services' us-west-1 (USA) region - Non-periodic MongoDB backups: South Korea ## 4. Rights of EU Users Under the GDPR, you can exercise the following rights: - Right of access: Request information about the data collected - Right to rectification: Request correction of inaccurate data - Right to erasure: Request deletion of data - Right to restriction of processing: Request restriction of data processing - Right to data portability: Request transfer of data to another service - Right to object: Object to the processing of data - Right to lodge a complaint with a supervisory authority: File a complaint with the data protection authority in your country You can exercise your rights by sending a request to hello@privatestater.com, and we will respond within one month. Since PrivateStater visitor data is anonymized and aggregated, individual access/deletion is technically impossible. # Article 5 - Chief Privacy Officer PrivateStater will respond promptly and sincerely to inquiries related to personal information protection. If you have any additional questions, you are always welcome to email us. ## Contact Information - Person in charge: Jang Jaewon - Business email: hello@privatestater.com - Personal email: me@gpdir16.com - Country: South Korea (UTC+9) # Article 6 - Changes to the Privacy Policy The Korean version of this policy is the original and authoritative version. The policy may be changed in accordance with laws, regulations, or changes in service.