Privacy Policy

dadokim (the “Company”) processes personal data for the following purposes.

• Required (running the service): anonymous identification, card generation, payment, refunds, customer support, and email magic-link recovery.
• Required (safety operations · protecting life): the Safety Router’s classification of suicide / self-harm crisis signals and routing to emergency guidance. Because this classification involves mental-health information, it is sensitive data under PIPA §23, and we process it on the basis that it is clearly necessary to protect the life and physical safety of the data subject (§23(1)(2) · §15(1)(2)).
• Optional (opt-in · only with consent): one-line replies to a card, remembered card memories (30-day TTL), and ★pinned cards.
• Analytics (legitimate interest): card reactions (star ratings, emoji), dwell and scroll behavior, session patterns, and KPI calculation.
• Legal obligations: e-commerce and tax record retention, and cooperation with lawful emergency-rescue requests from investigative authorities under the Suicide Prevention Act §19-3.

※ No ad targeting · no pixels (no Meta, Google, or TikTok pixels). Mental-health-adjacent data is never used for advertising.

※ The raw text you type is discarded immediately after the LLM responds, and neither the raw text nor a hash of it is stored. Phone numbers, emails, and similar details are automatically masked before anything is sent abroad (to an LLM API provider).

※ Detection of suicide / self-harm crisis signals (safety-level classification) is processed only transiently during card generation, for safe routing. Safety statistics are retained only as de-identified aggregates (level · classification-pattern ID), with no personal identifier, raw text, or hash, so we don’t store any individual’s crisis history or mental-health profile. We do not process other sensitive data (sex life, political views, medical diagnoses, etc.), and we detect and warn client-side so you don’t enter such details in the free-text line.

※ The LLM provider does not use your data for training. Because the LLM is core to the service, refusing the international transfer means the service can’t be used (where a substitute is possible, we fall back to a free beta card).

※ More on the LLM API subprocessing policy: AI notice

• Request to view, correct, delete, or suspend processing of your data
• Unsubscribe from emails (except magic-link recovery, which is required for transactions)
• Delete data tied to your anonymous ID (clear cookies or email us)
• Delete ★pinned cards, remembered card memories, and card replies instantly (in My cards)
• Request deletion of a referral relationship (email · handled within 15 days)

Requests: privacy@dadokim.com · or the in-service deletion-request form

This service accepts one line of free text. We recommend that you don’t enter any of the following.

• Your real name, phone number, address, or national ID / foreigner registration number
• Bank account or credit card numbers
• Health status, diagnoses, medications, or other medical information
• Direct expressions of self-harm or suicide (if detected, card generation is blocked and you’re pointed to 119 · 109)

※ As you type, the PII patterns above are auto-detected and flagged client-side (not blocked). A modal explains this on first use.

• Separated access privileges (anon key vs. service role)
• Row Level Security (RLS) policies (you can SELECT only your own data)
• HTTPS · TLS 1.3 in transit · encryption at rest
• Data-minimization principle (neither the raw free-text line nor a hash is stored · safety statistics are de-identified aggregates only)
• Automatic deletion of Safety Router logs every 90 days
• Automatic deletion of inactive anonymous data after 1 year (cron)
• Automatic cron for 5-year credit expiry · 15-minute magic-link expiry

• anonymous_id cookie: anonymous identification (required · running the service) · 1 year
• first_utm cookie: records where you first arrived from (UTM, captured once · first-party analytics) · 1 year
• localStorage: records that you’ve seen the first-input modal · cookie notice (once)
• Analytics: cookieless aggregation (Vercel Web Analytics — no cookies, no personal data) plus our own events table
• No ad-tracking pixels (no third-party tracking via Meta, Google, TikTok, etc.)

Cards in this service may include sentences generated or recommended by generative AI. This is not a medical, psychological-counseling, treatment, or diagnostic service. For details, see the AI notice page.

This service (dadokim) is operated by Deepnode (딥노드), and its representative, 오한울, also serves as the Data Protection Officer (DPO) (Personal Information Protection Act §31 · Enforcement Decree §32).

• Business name: Deepnode (딥노드) · Representative: 오한울
• Business Reg. No.: 194-53-01159 · E-commerce Reg. No.: 2026-경기김포-3829
• Address: 경기도 김포시 고촌읍 상미1로 7, 205동 605호
• DPO contact: privacy@dadokim.com

To report or get help with a privacy violation → Personal Information Protection Commission (privacy.go.kr · 182, no area code) · KISA (privacy@kisa.or.kr · 118)

• v1.0 (2026-05-27): initial draft · legal review pending
• v2.3 (2026-05-28): 5-year credit expiry · ★pin policy · magic link · added international-transfer table
• v2.4 (2026-05-28 · current): reclassified processing bases (removed “implied consent”) · PII detection · first draft reflecting counsel v0.1 and an LLM-drafted summary
• Next update: v3.0 after final legal review