ListenTips

Privacy Policy

1. Personal Information Collected

The Company collects the following personal information to provide the Service. Items collected vary by user type.

  1. Corporate Administrator (at sign-up and login)
    • Name, email, phone number, login credentials (passwords stored as one-way hashes)
    • IP address (SHA-256 hashed)
    • Login attempt records (success/failure, timestamp)
  2. Reporter (when submitting and viewing reports)
    • Report content, attached files (when voluntarily provided)
    • IP address (converted via SHA-256 one-way hashing; the Company does not store the original)
    • Device type (PC/Mobile/Tablet)
    • Access time, language settings
    • ※ The Company does not separately request identifying information (name, email, contact, etc.) from the Reporter.
  3. Sales Inquirer (when submitting an inquiry form)
    • Name, email, company name, phone number, inquiry content
    • IP address, browser information (for sales response tracking and malicious request blocking)
  4. Payment Information (at subscription/payment)
    • Card issuer, masked card number (last 4 digits), billing key (Toss Payments identifier)
    • ※ Full card numbers and CVCs are not stored; they are securely held by Toss Payments.
  5. Automatic Operational Collection
    • Audit logs (administrator action records)
    • Authentication session cookies (NextAuth)

2. Purposes of Collection

  • Service provision and operation
  • User identity verification and authentication
  • Subscription fee payment and settlement
  • Service improvement and statistical analysis
  • Compliance with legal obligations

3. Anonymity Protection

Reporter anonymity is the core value of the Service. We protect anonymity through the following measures:

  • The Company does not separately request identifying information (name, email, contact, etc.) from the Reporter
  • IP addresses are converted via SHA-256 one-way hashing, and the Company does not store original IP addresses
  • The report page does not load external analytics or tracking scripts (Google Analytics, Vercel Analytics, etc.)
  • Reports are accessed only via report number and password, with no account linkage
  • The Company does not provide the Reporter's identifying information to Corporate Administrators
  • Server logs do not record the Reporter's identifying information

4. Retention Periods

  • Corporate Administrator information: until service termination
  • Report data: per the company's retention policy (default 3 years)
  • Payment information (E-Commerce Act): 5 years
  • Records on display·advertising (E-Commerce Act): 6 months
  • Records on contracts or order cancellations (E-Commerce Act): 5 years
  • Records on consumer complaints or dispute resolutions (E-Commerce Act): 3 years

5. Provision of Personal Information to Third Parties

In principle, the Company does not provide users' personal information to third parties. The following are exceptions:

  • When the user has consented in advance
  • When required by law
  • When providing payment information to Toss Payments for payment processing

6. Personal Information Processing Outsourcing

  • Toss Payments: Payment processing and recurring billing key management
  • Supabase Inc.: Database hosting and file storage
  • Vercel Inc.: Web hosting
  • Cloudflare Inc.: Bot protection and network security (including CAPTCHA verification)
  • Microsoft (Azure): Email delivery
  • Solapi: SMS notification delivery (handles phone numbers)
  • Google (Gemini API) · OpenAI · Anthropic: AI analysis is an optional feature; report content is processed only when a company uses it (the applicable provider depends on the company's settings)
  • Sentry (Functional Software Inc.): Application error collection and analysis (report bodies and other personal information are blocked from transmission)

7. Personal Information Protection Measures

  • Password bcrypt encryption (12 rounds)
  • TLS/SSL encryption in transit
  • Data isolation via Row Level Security (RLS)
  • Regular security checks and dependency vulnerability monitoring
  • Least-privilege access and audit log recording

8. User Rights

Users may at any time view, modify, or delete their personal information, and may request deletion of personal information through service termination. However, information subject to legal retention obligations will be retained for the applicable period.

9. Personal Information Protection Officer and Contact

Effective: April 16, 2026 · Last revised: May 22, 2026