Privacy Policy
Version 1.0.3 · May 25, 2026
Privacy Policy
Effective Date: May 26, 2026
Version: 1.0.3
Ludilogy Inc. (the "Company"), headquartered in the Republic of Korea, strives to respect and protect users' personal information. This Privacy Policy explains how personal information is processed in SayWave and related websites, apps, APIs, content, and features (the "Service") under Article 30 of Korea's Personal Information Protection Act.
This English version is a translation of the Korean Privacy Policy. Translations are provided for user convenience. If there is any discrepancy, ambiguity, or conflict between this translation and the Korean Privacy Policy, the Korean Privacy Policy prevails.
1. Personal Information We Process
The Company may process the following information to the extent necessary to provide the Service.
1.1 Account and Profile Information
- Name, email address, profile photo, and unique identifiers provided by OAuth providers
- Username, bio, profile image, language settings, and notification settings
- Birth year or birth month information for age verification
- Account benefit information such as subscription tier, ad-free status, Pearl balance, and payment status
1.2 User Content and Community Information
- Waves, prompts, media, code, titles, descriptions, tags, cover images, generation results, and related metadata created, uploaded, published, shared, or saved by users
- Community activity such as comments, likes, bookmarks, follows, blocks, content reports, profile reports, and comment reports
- When messaging features are used, conversation participation information, encrypted message data, send times, and related metadata
1.3 Guest Use Information
Guests may use public feeds, Explore, search, tag results, shared links, and Wave execution features permitted by the Company without logging in. During this process, the Company may process the following information to provide the Service, ensure security, prevent abuse, compile statistics, and enforce policies:
- Identifiers for requested content or execution targets, access route, app version, and language/region settings
- Device type, operating system, browser or app environment, User-Agent, access time, and error logs
- IP address and network information. However, anonymous report events may store hashed values instead of raw IP addresses.
- Guest age verification status and birth year or similar information stored in local storage
- For guest reports, report target, report reason, optional custom reason, hashed local device identifier, IP hash, app version, language, usage surface, and client report identifier
1.4 Automatically Collected Information
- Feature usage records, execution records, generation request status, error logs, and performance logs
- Device identifiers, advertising identifiers, or tracking consent status. Advertising identifiers are used for advertising only where permitted by applicable law and platform policy and where the user has consented.
- Information needed for Service operations and quality improvement, including Firebase Analytics, Crashlytics, server logs, and security logs
1.5 Payment and Subscription Information
The Company may process payment receipts, transaction identifiers, product identifiers, subscription status, refund or cancellation status, and other information necessary for payment verification provided by App Store or Google Play. The Company does not store full card numbers, bank account numbers, or other direct payment method information.
2. Purposes of Processing
The Company processes personal information for the following purposes:
- Providing the Service, managing accounts, login, identity confirmation, age verification, and minor protection
- Providing public content viewing, search, recommendations, execution, and shared links
- AI generation, Wave saving, publishing, remixing, execution, and generation history management
- Comments, reports, blocks, community safety, content review, and policy enforcement
- Receiving guest reports, preventing duplicate reports and abuse, and supporting local hiding
- Payment verification, subscription management, Pearl grants and revocation, refunds, and payment dispute handling
- Ad delivery, ad consent management, checking ad-free status, and preventing ad-related abuse
- Customer support, notices, terms changes, security alerts, and Service-related communications
- Error analysis, quality improvement, statistics, security, fraud and abuse prevention
- Compliance with law, responses to authorities, dispute handling, and rights protection
3. Guest Information Processing
Guests may use the Service in a limited scope before signing up. Account-based storage, sync, recovery, or personalization may not be provided during guest use.
Guest age verification information is generally stored only in local device storage and is not synced to an account. If a guest logs in or signs up, the Company may require a separate member age verification process, and that information may be linked to the account.
When a guest submits a report, the reported content may be hidden immediately on that device, and the hidden list is stored in local storage. The Company may store an anonymous report event on the server for Service safety and abuse prevention. In that case, the report table does not store raw IP addresses or raw local device identifiers and may store HMAC or other one-way hashed values.
Ad banners are not shown to guests. However, basic logs may be processed for Service stability, security, statistics, content loading, and error analysis.
4. AI Processing and Third-Party Providers
To provide AI generation features, the Company may send user-entered prompts, selected media, generation request metadata, and generation results to third-party AI providers. This processing is performed to generate the requested content, conduct safety checks, respond to errors, and improve Service quality.
The Company strives to apply contractual, configuration, or policy safeguards available to prevent third-party AI providers from using data beyond what is necessary to process user requests. However, processing conditions of third-party providers may vary by provider, model, region, and time.
Users who do not want to use AI generation features may avoid using those features, and if AI generation consent is revoked in the Service, consent may be requested again before future generation requests.
5. Third-Party Provision and Processing Vendors
The Company may use the following categories of processors or third-party service providers to provide the Service.
| Processor/Provider | Country | Purpose | Processed Information |
|---|---|---|---|
| Supabase, Inc. | United States | Database, authentication, storage, server functions | Account information, User Content, report information, usage data |
| Google LLC (Firebase, AdMob, etc.) | United States, etc. | Analytics, crash reporting, push notifications, ad consent and ad delivery | Device information, usage data, error logs, ad-related information |
| Apple Inc. | United States, etc. | Apple login, in-app purchases, subscription and refund processing | Apple ID identifier, email if shared, payment receipts and transaction information |
| Google Play | United States, etc. | Google login, in-app purchases, subscription and refund processing | Google account identifier, email if shared, payment receipts and transaction information |
| AWS, Oracle Cloud, Cloudflare and other infrastructure providers | United States, etc. | Hosting, CDN, security, network delivery | Service data, access logs, content delivery data |
| Third-party AI providers | United States or other disclosed regions | AI content generation requested by users and related safety processing | Prompts, selected media, generated content and metadata |
The Company may provide personal information where required by law, with user consent, where necessary to protect life, body, or property, or where necessary to respond to rights infringement or resolve disputes.
6. Advertising and Tracking
The Company may show ads to logged-in users on the free plan or certain plans. Before requesting ads, the Company may check whether ad requests are permitted through applicable law, platform policy, App Tracking Transparency (ATT), Google User Messaging Platform, or other ad consent procedures.
Users may change tracking or personalized ad choices through device settings, in-app ad privacy settings, or ad consent screens. If ad consent is refused or tracking permission is not granted, personalized ads may be restricted or ads may not be shown.
Ad banners are not shown to guests, and advertising identifiers are not used to request ads while in guest status.
7. Retention and Use Period
The Company retains personal information until the processing purpose is achieved, and may retain it for the following periods where required by law or necessary for dispute response, rights protection, security, and abuse prevention:
- Account information: deleted or anonymized within 30 days after account deletion is completed, except where legally required retention applies
- User Content: deleted or anonymized within 30 days after the user deletes it or account deletion is completed. Backups, caches, or residual shared-link data for public content may be deleted according to system cleanup cycles.
- Payment and transaction records: up to 5 years under electronic commerce and related laws
- Consumer complaint or dispute records: up to 3 years as required by law and dispute response needs
- Access logs and security logs: from 3 months to 1 year depending on communications secrecy laws and security needs
- Guest report events: up to 3 years from submission for report handling, duplicate report prevention, abuse prevention, and dispute response. If legal retention or an ongoing dispute applies, additional retention may be required.
- Guest local storage information: deleted when the user deletes the app, resets storage, clears cache, or uses a reset feature provided by the Company
- Analytics data: may be retained in aggregated or anonymized form and used for Service improvement in a non-identifiable state
8. Destruction Procedures and Methods
The Company destroys personal information without delay when the retention period expires or the processing purpose is achieved. Electronic files are deleted or anonymized in a way that makes recovery difficult, and paper documents, if any, are shredded or incinerated.
Backup data is deleted sequentially according to backup retention cycles and disaster recovery policies. Information that must be retained by law is stored separately from ordinary operational data and deleted or anonymized after the retention period expires.
9. User Rights
Users may request access, correction, deletion, suspension of processing, withdrawal of consent, data transfer, or account deletion under applicable law. Requests may be submitted through in-app settings or support@ludilogy.com.
The Company processes requests within the period required by law after identity verification. Some requests may be restricted where required for legal retention, protection of others' rights, security, dispute response, or Service operations.
Guest local storage information can be deleted by deleting the app, resetting storage, or using a reset feature provided by the Company. Because guest report events may not be linked to an account, deletion requests may require reasonably identifiable information such as report target, time, and reason.
10. Children and Minor Privacy
The Service is intended for users aged 14 or older in Korea and users aged 13 or older in other regions according to standards set by the Company. If applicable law or app marketplace policy requires a higher age threshold or guardian consent, that requirement applies first.
The Company does not knowingly collect personal information from users who do not meet the age requirement. If the Company learns that it has processed personal information of a user below the age requirement without legal representative consent, the Company deletes the relevant information or restricts Service use.
Legal representatives may request access, correction, deletion, or suspension of processing of a child's personal information.
11. International Transfers
The Company may transfer personal information overseas to cloud, authentication, analytics, advertising, payment, AI processing, or security providers to provide the Service. Information about transferred data, countries, purposes, retention periods, and contacts can be checked in the table in Section 5 and in each provider's privacy policy or service terms.
When transferring personal information overseas, the Company strives to apply safeguards required by applicable law, contractual safeguards, encryption, access control, and data minimization principles.
12. Security Measures
The Company applies the following measures to protect personal information:
- Encryption in transit (TLS/SSL)
- Secure authentication methods such as OAuth
- Access permission restrictions and service role-based access controls
- Encryption or hashing of important data
- HMAC hashing of guest report identifiers
- Security logs, error logs, and abnormal behavior monitoring
- Regular security checks and vulnerability response
13. Cookies, Local Storage, and Similar Technologies
The Company may use cookies, local storage, AsyncStorage, or similar technologies through websites, apps, and device storage. These technologies may be used for login state, language settings, legal document cache, age verification status, guest hidden lists, guest report identifiers, feed cache, error analysis, and Service quality improvement.
Users may delete or restrict cookies and local storage through browser or device settings. In that case, login state, age verification, guest hiding, language settings, or some features may be reset or may not function properly.
14. Changes to This Privacy Policy
The Company may change this Privacy Policy when laws, Service content, personal information processing methods, processors, international transfers, or security measures change.
Material changes will be notified by in-service notice, email, push notification, or other reasonable method before they take effect. Changes that are material or disadvantageous to users will be notified in advance in the period and manner required by applicable law.
15. Data Protection Officer and Contact
| Item | Details |
|---|---|
| Company | Ludilogy Inc. |
| Data Protection Officer | Hyunsang Jeon |
| support@ludilogy.com | |
| Address | 43 Changup-ro, Sujeong-gu, Seongnam-si, Gyeonggi-do, Republic of Korea, Business Bldg 1F Unit 222 |
| Privacy Policy | www.saywave.ai/privacy |
| Account Deletion Guide | www.saywave.ai/account-deletion |
For other privacy infringement reports or dispute mediation, users may contact competent organizations such as the Korean Privacy Infringement Report Center, Personal Information Dispute Mediation Committee, Supreme Prosecutors' Office Cyber Investigation Division, or National Police Agency Cyber Bureau.
Last updated: May 26, 2026
Version: 1.0.3
© 2026 Ludilogy Inc. All rights reserved.
43 Changup-ro, Sujeong-gu, Seongnam-si, Gyeonggi-do, Republic of Korea, Business Bldg 1F Unit 222
support@ludilogy.com