Legal

Privacy Policy

Effective date: May 15, 2026 | Solo Scriptor | 한국어 버전 →

Solo Scriptor ("we", "our", or "the Company") operates the Lampstand AI service and is committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Korean Personal Information Protection Act (PIPA). This policy explains what data we collect, why, how long we keep it, and your rights.

1. Controller Identity

Data Controller
Company: Solo Scriptor
Representative: Ha Sung-woong
Email: soloscriptor@naver.com
KakaoTalk: @soloscriptor

2. Data We Collect

Category	Data items	When collected
Required	Email address, name (or display name)	Free trial sign-up, subscription registration
Automatically collected	AI call count, feature usage logs, credit usage history	During service use
Payment data	Processed entirely by the payment platform — we do not store card details	At subscription payment

Sermon manuscripts, notes, and other ministry content are stored only on your local device. When you request AI analysis, that content passes through our API server transiently but is never permanently stored on our servers or used to train any AI model.

3. Purposes and Legal Basis (GDPR Art. 6)

Purpose	Legal basis
Account creation and subscription management, license verification	Performance of a contract (Art. 6(1)(b))
Providing AI features (credit deduction, usage tracking)	Performance of a contract (Art. 6(1)(b))
Customer support	Legitimate interests (Art. 6(1)(f))
Fraud detection and security monitoring	Legitimate interests (Art. 6(1)(f))
Legal obligations (e-commerce, tax law)	Legal obligation (Art. 6(1)(c))

Legitimate interests: We process certain data (service anomaly detection, security) on the basis of our legitimate interest in keeping the service secure and operational. You have the right to object to such processing (see Section 8).

4. Third-Party Processors

We engage the following sub-processors under appropriate data processing agreements.

Processor	Purpose	Location	Retention
Cloudflare, Inc.	API proxy, security & CDN	United States	Until contract termination
Supabase, Inc.	Account & usage-log database	United States	Until contract termination
Google LLC	Gemini AI API (AI feature processing)	United States	Deleted immediately after processing
Toss Payments	Domestic (KR) card payment processing	South Korea	Statutory retention period for payment records
Gumroad, Inc.	International payment processing	United States	Statutory retention period for payment records

Note for non-Korean users: Toss Payments is a Korean-only payment platform. International users purchase through Gumroad, Inc.

5. International Data Transfers

Cloudflare, Supabase, Google, and Gumroad operate servers in the United States. Your data may therefore be transferred to the US. Each processor maintains appropriate safeguards for transfers from the EU/EEA:

Transfer destination	Recipient	Data transferred	Safeguard
United States	Cloudflare, Supabase, Google, Gumroad	Email address, usage logs	Standard Contractual Clauses (SCC) and/or EU–US Data Privacy Framework (DPF)

6. Retention Periods

Data	Retention period	Basis
Email address, name	1 year after subscription ends	Customer support, legal obligations
Service usage logs	1 year	Service improvement, dispute resolution
Payment records	5 years	Korean E-Commerce Act Art. 6; tax law

7. Data Security

Encryption in transit (HTTPS / TLS)
Minimal database access privileges with authentication controls
Encrypted storage of API keys and authentication tokens
External attack protection via Cloudflare WAF

8. Your Rights

Under GDPR and PIPA you have the following rights regarding your personal data:

Access — request a copy of the data we hold about you
Rectification — correct inaccurate data
Erasure ("right to be forgotten") — request deletion (except where retention is legally required)
Restriction of processing — ask us to pause processing in certain circumstances
Object to processing — object to processing based on legitimate interests
Data portability — receive your data in a structured, machine-readable format
Withdraw consent — where processing is based on consent, you may withdraw it at any time

How to exercise your rights:
Send an email to soloscriptor@naver.com with your name and the specific request.
Response time: within 10 business days (GDPR: within 30 days)

9. Right to Complain

If you are located in the EU/EEA and believe we are not handling your data lawfully, you have the right to lodge a complaint with your local supervisory authority. You may also contact the Irish Data Protection Commission (where Google LLC is based in the EU) or the supervisory authority in your country of residence.

Korean users may contact:

Personal Information Protection Commission (PIPC): www.pipc.go.kr / Tel. 182
KISA Privacy Violation Reporting Center: privacy.kisa.or.kr / Tel. 118

10. Cookies and Tracking

This website does not use advertising or analytics cookies. Cloudflare may set security-related cookies strictly necessary for service delivery. No third-party tracking scripts are loaded.

11. Changes to This Policy

If we make material changes to this policy, we will post a notice on our website at least 7 days before the changes take effect. Changes affecting significant rights will be communicated by email at least 30 days in advance.

This policy is effective as of May 15, 2026.