Privacy Policy

The operator collects the following data.

• Account (required): Email address, password hash, name or nickname.
• Social login: Email, name, and profile image when signing up via Google or Kakao.
• Service usage: Carousel prompt text, uploaded images, and metadata about generated carousels.
• Automatically collected: IP address, User-Agent, Referer, cookies, session, and usage logs.
• Payments (post-launch): Sensitive card details are processed directly by our payment provider Polar (Merchant of Record). The operator only stores transaction identifiers, amounts, and timestamps.

• Member identification, sign-up and withdrawal management, identity verification
• Providing core features such as AI carousel generation, template recommendations, and downloads
• Payment processing, billing, refunds, and fraud prevention (post-launch)
• Customer support and product announcements
• Aggregated, de-identified analytics to improve service quality
• Legal compliance and dispute resolution

Personal data is destroyed without delay once the purpose of collection has been fulfilled. The following items are retained for the periods listed below.

• On account withdrawal: Immediate deletion
• Payment and transaction records: 5 years (Korean E-Commerce Act — not applicable during beta)
• Access logs (IP, User-Agent): 3 months (Korean Communications Privacy Act)
• AI input text: Up to 30 days, then auto-deleted per Anthropic API policy
• Dispute records: Up to 3 years depending on the matter

The operator does not share your personal data with outside parties, except in the following cases.

• You give explicit prior consent
• Disclosure is required by law or by lawful process from an investigating authority
• Authentication information is received from Google or Kakao for social login (this is collection, not disclosure)

The operator uses the following processors to deliver the Service.

Some data is transferred abroad for AI processing (Anthropic, US), image search (Pexels, US/DE), and Google authentication (US). By signing up or using the Service, you acknowledge and consent to these transfers.

Only your prompt text and authentication identifiers are transferred. Sensitive items such as payment details and passwords are not transferred internationally.

You may exercise the following rights at any time.

• Access, correction, deletion, and processing-suspension requests
• Data portability requests
• Withdrawing consent and closing your account
• EU/EEA residents: GDPR Articles 15 to 22 — access, erasure, portability, objection, and the right to refuse automated decision-making

Contact lycoco067@gmail.com to exercise these rights. We respond within 7 business days.

The operator does not collect personal data from children under the age of 14. Sign-up is restricted to users aged 14 and over.

We use essential cookies for session management, language preference, and security. We do not use non-essential analytics or advertising cookies. You may disable cookies in your browser, but some features may not work properly.

• One-way password hashing (bcrypt)
• HTTPS / TLS 1.2+ in transit
• Least-privilege access controls and audit logs
• Database and backup encryption
• Regular vulnerability checks and security updates

The operator personally handles data protection inquiries.

• Operator: CarouselMaker
• Email: lycoco067@gmail.com

You may also contact the Korean Personal Information Dispute Mediation Committee (1833-6972), KISA Privacy Center (privacy.kisa.or.kr, 118), the Supreme Prosecutors' Office Cybercrime Division (02-3480-3573), or the Korean National Police Cyber Bureau (cyberbureau.police.go.kr, 182).

This policy may be updated to reflect legal or service changes. We will announce changes in-product at least 7 days before they take effect (30 days for material changes).