LETR WORKS
PrivacyPolicy
Twigfarm Co., Ltd. (the“Company”, “we”, “us”) operates the LETR WORKS service at http://letr.ai (the“Service”). This Privacy Policy explains how we collect, use, store, share,retain, and delete your personal information, including Google User Data receivedvia Google API services.
The Company's use andtransfer to any other app of information received from Google APIs adheres tothe Google API Services User Data Policy(https://developers.google.com/terms/api-services-user-data-policy), includingthe Limited Use requirements. See Article 5 for the full Limited Usedisclosure.
Article 1 Purpose of Collecting andUsing Personal Information
The Company collects and usespersonal information only for the purposes listed below. Information providedby users will not be used for any other purpose, and if the purpose of use ischanged, prior consent will be obtained.
As a data controller, theCompany complies with applicable laws and regulations, including the PersonalData Protection Act 2012 (PDPA) of Singapore, the Personal InformationProtection Act of the Republic of Korea, and the Google API Services User Data Policy.
• Membershipmanagement: Provision of membership services, personal identification,prevention of fraudulent and unauthorized use, confirmation of intention tojoin, age verification (under-14 prohibition), and handling of complaints.
• Servicedelivery and billing: Recording service use, processing payment information,fulfilling contracts.
• Servicedevelopment and marketing (NON-Google data only): Statistical analysis of usagepatterns, access frequency, and service performance. Google User Data is NEVERused for these purposes.
• Externalservice integration: Providing user-facing features that let users upload,download, translate, transcribe, render, and publish content via authorizedlinks to YouTube, Google Drive, Dropbox, and OneDrive. Use of Google User Datais strictly limited to providing or improving these user-facing features as setout in Article 5.
Article 2 Items and Methods ofCollecting Personal Information
When collecting personalinformation, the Company informs the user in advance of the purpose and itemsof collection and obtains the user's consent.
1. Methodsof collection. Information is collected through the following methods.
● Theuser voluntarily enters information during sign-up or service use.
● Athird party (such as an affiliate) provides information after obtaining theuser's consent in accordance with applicable law.
● Deviceinformation, IP address, cookies, visit timestamps, and unlawful-use recordsmay be automatically generated while using the PC web or mobile apps.
● Informationis received from external services (YouTube, Google Drive, Dropbox, OneDrive)via authorized OAuth 2.0 flow.
● Eventapplications and participation.
2. Itemscollected.
a. Whenregistering or modifying membership — Required: Name or nickname, email,password, date of birth.
b. Whensigning up via social media — Required: Google (name, email), Apple (name,email). Optional: Profile photo, interests, date of birth.
c. Paymentinformation — Bank account or credit card information for paid services andpayment processing.
d. Externalservice integration — Google User Data. Subject to the OAuth scopes youexplicitly authorize, we may receive: (i) YouTube — channel name, subscribercount, video count, full video list, video titles, descriptions, tags,thumbnails, captions/subtitles, video privacy status, upload date, view count,channel analytics, and OAuth access and refresh tokens; (ii) Google Drive —file/folder name, format, size, modification date, and (where the userexplicitly selects them) file contents necessary to perform the requested task.
e. Otherexternal service integration — Dropbox, OneDrive: file metadata such as name,format, size, modification date.
f. Automaticallycollected non-identifying data — Device information, cookies, and basicservice-usage statistics in a form that does not identify the user.
3. Purposesof collection and use.
● Useridentification, sign-up confirmation, fraud prevention.
● Providingservices, handling inquiries, delivering notices.
● Recordinguse and settling fees for paid services.
● Preventingand sanctioning actions that disrupt operations.
● Developingnew content and services, sending event information, marketing and advertising.Google User Data is NEVER used for these purposes beyond user-facing featuresthe user has explicitly requested.
● Buildinga secure and privacy-respecting service environment.
● Executingthe specific external-service tasks the user has requested.
4. YouTubeAPI Services — Notice. This Service uses YouTube API Services. By usingfeatures that connect to a YouTube account, you agree to be bound by:
● YouTubeTerms of Service: https://www.youtube.com/t/terms
● GooglePrivacy Policy: https://policies.google.com/privacy
● YouTubeAPI Services Terms of Service:https://developers.google.com/youtube/terms/api-services-terms-of-service
You may revoke our access to your Google or YouTube accountat any time at https://myaccount.google.com/permissions. The handling of alldata received via YouTube API Services and other Google APIs (collectively,“Google User Data”) is governed by Article 5 of this Privacy Policy.
Article 3 Consent to Collection ofPersonal Information
If your personal data is sharedwith a third party acting jointly with Twigfarm Co., Ltd. as a co-manager underthe PDPA, we will provide additional information about the primary contactmanager regarding the request for your rights to the extent required by law.
1. Usersmay agree to this Privacy Policy and the Terms of Use by clicking the “Agree”button. Once you click “Agree”, the information you entered will be stored inour customer database and used for the purposes specified above.
2. Ifyou enter and save additional personal information by modifying your memberinformation, you are deemed to have consented to that additional collection.
3. Whenconsent is collected through an affiliate, the affiliate also provides an“Agree” button procedure for the Privacy Policy and Terms of Use.
4. ForGoogle User Data specifically, additional consent is obtained through Google'sOAuth 2.0 consent screen at the moment of account linking. You retain the rightto revoke this consent at any time as described in Article 5.
Article 4 Processing and RetentionPeriod of Personal Information
1. Retentionand use period. We retain personal data only as long as necessary for thepurposes for which it was collected, in accordance with applicable laws. Whenyou withdraw from membership or withdraw consent, your data will be destroyedwithout undue delay upon achievement of the purpose or expiry of the retentionperiod. The following records are kept separately for the periods set byapplicable law, after which they are destroyed without delay:
a. Recordsof contracts and application withdrawal — Basis: Act on Consumer Protection inElectronic Commerce; Period: 5 years.
b. Recordsof payment and supply of goods — Basis: Act on Consumer Protection inElectronic Commerce; Period: 5 years.
c. Recordsof consumer complaints or dispute resolution — Basis: Act on ConsumerProtection in Electronic Commerce; Period: 3 years.
2. Membershipwithdrawal and re-signup. On withdrawal, personal information and activityrecords are permanently deleted and cannot be recovered. The account is alsodisconnected from all linked social media accounts. After withdrawal, you maysign up again using the same email or social account.
3. Rightsof data subjects. You may refuse consent to the collection of personalinformation. However, if you refuse to provide information that is essential,you cannot sign up or use the Service.
4. Retentionof Google User Data. Google User Data is subject to the stricter retentionand deletion rules in Article 5, Section 6.
Article 5 Google API Services UserData — Limited Use
LETR WORKS' use and transferto any other app of information received from Google APIs will adhere to theGoogle API Services User Data Policy(https://developers.google.com/terms/api-services-user-data-policy), includingthe Limited Use requirements.
1. Categoriesof Google User Data we receive. Subject to the OAuth scopes you explicitlyauthorize:
a. Profileinformation: name, email address, profile image.
b. YouTubedata: channel information, video metadata (titles, descriptions, tags,thumbnails), captions, channel analytics, and upload/edit permission scope.
c. GoogleDrive data: metadata and content of files or folders that you have explicitlyselected for processing.
d. OAuthaccess tokens and refresh tokens necessary to maintain the authorizedconnection.
2. Howwe USE Google User Data. We use Google User Data ONLY to provide or improveuser-facing features that the user has explicitly requested:
a. Reading,displaying, uploading, editing, or deleting YouTube channel content within theConnect.YouTube module on the user's instruction.
b. Translating,captioning, QC-checking, rendering, or otherwise processing files the user hasselected from Google Drive.
c. Returningthe processed output back to the user's authorized Google account whenrequested.
d. Providingcustomer support relating to the foregoing.
3. Howwe DO NOT USE Google User Data — Limited Use disclosures. In accordancewith Google's Limited Use requirements, the Company DOES NOT use Google UserData for any of the following purposes:
a. Training,fine-tuning, or evaluating any artificial-intelligence (AI) or machine-learning(ML) model, including generalized models and any proprietary LETR WORKStranslation, dubbing, or synthesis models.
b. Servingadvertisements, including but not limited to targeted, personalized,retargeted, or interest-based advertising.
c. Sellingor licensing Google User Data to data brokers or information resellers.
d. Determiningcredit-worthiness or for lending purposes.
e. Building,contributing to, or enriching any database for purposes other than providingthe user-facing features described in Section 2.
f. Anyhuman reading of Google User Data, except (i) with the user's affirmativeagreement for specific messages, (ii) where necessary for security purposes(such as investigating abuse), (iii) to comply with applicable law, or (iv)where the data has been aggregated and is used for internal operations inaccordance with applicable privacy laws.
4. Howwe SHARE Google User Data. We do NOT transfer Google User Data to thirdparties except:
a. Withthe user's prior, explicit consent.
b. Toservice providers (cloud infrastructure, security vendors) under a writtenagreement that requires them to apply protections at least as restrictive asthis Privacy Policy and to use Google User Data solely to support ouroperations.
c. Asnecessary to comply with applicable law, regulation, legal process, orenforceable governmental request.
In every case, the transfer remains subject to the LimitedUse restrictions in Section 3.
5. Howwe STORE and PROTECT Google User Data.
a. Encryptedin transit using TLS 1.2 or higher.
b. Encryptedat rest using AES-256 or equivalent.
c. OAuthtokens and credentials stored in a dedicated secure vault with role-basedaccess control, audit logging, and periodic security reviews.
d. Accessstrictly limited to authorized personnel who require it to operate theuser-facing features.
6. Howlong we RETAIN, and how to DELETE, Google User Data.
a. Weretain Google User Data only as long as necessary to provide the user-facingfeatures described in Section 2.
b. Whenyou disconnect your Google account from LETR WORKS, withdraw from membership,or request deletion, we will permanently delete the associated Google User Data(including OAuth tokens) without undue delay, and in any event within thirty(30) days, except where retention is required by law.
c. Youmay request deletion of your Google User Data at any time by: (i) contactingour Data Protection Officer at hyuntaek.park@twigfarm.net; (ii) disconnectingthe integration within LETR WORKS settings; or (iii) revoking access athttps://myaccount.google.com/permissions.
7. Changesto our handling of Google User Data. We will notify users at least thirty(30) days in advance of any material change to the practices set forth in thisArticle via email or in-product notice.
Article 6 Entrustment of PersonalInformation Processing
To provide reliable service, theCompany entrusts the processing of personal information to the following thirdparties to the minimum extent. The Company will not use or provide personalinformation beyond the scope described in Article 2. Members may withdrawconsent to provision of personal information at any time.
NOTE: None of the entrustedprocessors below receives Google User Data covered by Article 5.
Auth0 — Customersign-up and account management
• Contact:privacy@auth0.com
• Itemstransferred: nickname, email, password, date of birth
• Method:Transmitted at sign-up or withdrawal via a private network
• Period:Until membership withdrawal or termination of the entrustment contract (subject to legal retention)
MailChimp — Sendingemail marketing content
• Contact:privacy@mailchimp.com
• Itemstransferred: nickname, email, password, date of birth
• Method:Transmitted at sign-up or withdrawal via a private network
• Period:Until membership withdrawal or termination of the entrustment contract (subject to legal retention)
Typeform — Surveys,marketing, and UX research
• Contact:support@typeform.com
• Itemstransferred: information provided by survey respondents
• Method:Transmitted via private networks when responses are submitted
• Period:Until membership withdrawal or destruction of personal information as notified
Google LLC (GoogleAnalytics) — Statistics, performance, UX improvement
• Contact:Google support channels
• Itemstransferred: region, access history, content usage history
• Method:Remote transmission via private network during Service use
• Period:Until membership withdrawal or termination of the entrustment contract (subjectto legal retention)
Article 7 Provision of PersonalInformation to Third Parties
We do not provide user information to third parties beyond the scope of consent obtained atcollection, except:
1. When necessary to settle fees for information and communication services.
2. When required by law or to comply with statutory obligations.
For the avoidance of doubt, the provision of Google User Data to third parties is governed exclusively byArticle 5, Section 4 and is NOT subject to the broader exceptions in thisArticle.
Overseas data transfer
Your personal data may be stored on external servers located overseas. The Company may share information with affiliated companies and third-party service providers that may be located in countries other than your country of residence. Cross-border transfers are subject to the PDPA and other applicable data protection laws.
Article 8 Procedures and Methods forDestroying Personal Information
After the purpose has beenachieved, the Company destroys personal information without undue delay.
1. Destructionprocedure.
● Informationentered for sign-up is transferred to a separate database after the purpose isachieved, retained for the period required by law, and then destroyed inaccordance with internal policy.
● Informationtransferred to a separate database is not used for any purpose other than asrequired by law.
● TheData Protection Officer selects the data to be destroyed and approves thedestruction.
2. Destructionmethod.
● Electronicfiles are deleted using technical methods that render the recordsunrecoverable.
● Paperrecords are destroyed by shredding or incineration.
3. Dormantaccounts.
● Inaccordance with Article 39-6 of the Personal Information Protection Act andArticle 48-5 of its Enforcement Decree, the Company converts the personalinformation of members who have not logged in for more than one year into adormant account and manages it separately.
● Dormantinformation includes all data collected at sign-up or modification.
● TheCompany notifies the user via email one month before the separation date.
● Informationheld in dormant status is destroyed without delay after three (3) years.
Article 9 Personal InformationProtection Measures
1. Internalmanagement plan. The Company has established an internalpersonal-information management plan, including governance, the appointment ofa Data Protection Officer, and annual compliance reviews.
2. Accesscontrol. The Company restricts access to the personal-informationprocessing system, sets standards for granting, changing, and revoking access,trains personnel on confidentiality, and minimizes the number of personnel whohandle personal information. Violations of data-protection law are treated withthe utmost seriousness.
3. Encryption.The Company applies encryption (TLS in transit, AES-256 at rest) to safelystore and transmit personal information.
4. Integrityprotection. The Company applies measures to prevent unauthorized storage,forgery, or alteration of access records to personal information.
Article 10 Cookies
A. Operation andpurpose
The Company operates cookies asis standard for web services. Cookies are small pieces of information sent by awebsite to the user's browser and stored on the user's device. Cookies identifythe user's computer rather than the user personally and are used to maintainlogin state, remember IDs, and analyze usage patterns.
Google Analytics. This Websiteuses Google Analytics, a web analytics service provided by Google, Inc.(“Google”). Information generated by the cookies about your use of the Website(including your IP address) is transmitted to and stored by Google on serversin the United States.
B. Installation,operation, and rejection
You can choose whether to acceptcookies or delete existing cookies through your browser settings. If you refusecookies, some login-required features may be limited.
How to set cookies:
• Chrome:Settings → Privacy and Security → Cookies and other site data
• Safari:Settings → Privacy → Manage Website Data
• Edge:Settings → Cookies and site permissions
Article 11 Data Protection Officerand Contact
The Company has designated aData Protection Officer to protect users' personal information. For anyprivacy-related questions, requests, or complaints — including requestsconcerning Google User Data — please contact us. We respond to verifiablerequests within thirty (30) days.
Data Protection Officer / Personal Information ProtectionOfficer
• Name:Hyuntaek Park
• Department:R&D Center
• Email:hyuntaek.park@twigfarm.net
Article 12 Changes to This PrivacyPolicy
This Privacy Policy takes effecton May 11, 2026. If we make changes, we will notify users via a notice on theWebsite or a separate notice at least seven (7) days before the changes takeeffect. For changes affecting Google User Data, we will provide notice at leastthirty (30) days in advance as set out in Article 5, Section 7.
This Privacy Policy is governedby the laws of Singapore. Where applicable, the processing of personal data isalso subject to other data protection laws, including the Personal InformationProtection Act of the Republic of Korea and the Google API Services User DataPolicy.
Effective Date: May11, 2026
PreviousEffective Date: October 31, 2024
