NEUTAUR · Privacy Policy

Privacy Policy

Last updated: 2026-05-23 (Beta placeholder, Operation S marketing analytics + Operation Q OAuth verification disclosure) · Formal version: after Stripe Atlas incorporation and US legal counsel review

⚠️ Beta-stage Placeholder — This page is a temporary placeholder for the 5/30 public beta launch. A formal version compliant with GDPR / CCPA / Korean PIPA will be filed after Stripe Atlas Delaware C-Corp (Neutaur, Inc.) registration + IRS EIN issuance + US tax advisor + US legal counsel review.

1. Information We Collect

  • Email address (account identification + notifications)
  • Google OAuth sign-up: name, profile image, Google account identifier (sub claim)
  • Subscription billing: Stripe-tokenized payment information (raw card data is never stored on NEUTAUR servers)
  • Marketing analytics (collected at signup, server-side): IP address, User-Agent string, HTTP referrer URL, UTM parameters (utm_source, utm_medium, utm_campaign, utm_term, utm_content), first-seen timestamp, cumulative login count. Used solely to measure marketing channel attribution, fraud signals, and product engagement cohorts. Lawful basis: GDPR Article 6(1)(f) legitimate interest, CCPA service personalization, Korean PIPA Article 15(1)(4) marketing analysis.
  • Service usage logs: sign-up timestamp, slot usage history, subscription lifecycle events

2. How We Use Your Information

  • Account identification and service delivery (dashboard, slots, notifications)
  • Subscription billing and refund processing (Stripe-compliant)
  • Service quality improvement and fraud prevention
  • Marketing channel attribution and product analytics — measuring which acquisition channels deliver engaged users, evaluating onboarding funnel conversion, and improving creative/copy decisions. We do not sell or share these data points with third-party advertising networks.
  • Legal obligation compliance (tax reporting, dispute resolution)

3. Data Retention

Account data is deleted immediately upon withdrawal request. Payment records are retained separately per US IRS 7-year retention obligation and Korean e-Commerce Act 5-year retention obligation. Service usage logs are automatically anonymized after 6 months.

4. Third-Party Service Providers

  • Supabase — Authentication + database hosting (us-east-1)
  • Vercel — Web hosting (us-east-1)
  • Stripe — Payment processing (PCI-DSS Level 1)
  • Google OAuth — Social login provider
  • DigitalOcean — Backend infrastructure (NYC1)

5. Cookies and Tracking Technology

We use essential cookies for session management and Supabase Auth token storage. We also persist non-sensitive attribution cookies for up to 30 days (SameSite=Lax, JavaScript-readable) that record UTM parameters (utm_source, utm_medium, utm_campaign, utm_term, utm_content) and the first-seen timestamp captured at your first visit. These cookies are read once at signup to record acquisition channel attribution and are not shared with third-party advertising networks. Third-party analytics (e.g., Datadog RUM) and marketing cookies remain off during public beta and will be introduced under a separate consent flow after launch.

6. Your Rights

You may request access, correction, deletion, or processing restriction of your personal information by contacting us at the address below. We will respond within 48 hours.

7. Contact

Email: adrian.infracore@gmail.com
Operating Entities: Neutaur, Inc. (Delaware, USA) / Efdent Corp. (KR, Business Registration No. 745-81-03017)