Privacy Policy
Last updated: June 23, 2026
haru (hereinafter the "Operator") publishes this Privacy Policy to protect members' personal information and to comply with applicable laws (the Personal Information Protection Act, the Network Act, etc.). This service is a voice-chat-based cross-language matching service and outsources some processing — such as voice synthesis, automatic translation, and content moderation — to overseas processors, as described in Article 3 below.
1. Items of Personal Information Collected and Purpose of Use
The Operator collects and uses the following personal information to the extent necessary for member identification and authentication, matching, chat, and safe operation of the service.
- Account and profile information: email or social login identifier, password, date of birth, gender, nationality, language, profile photo, self-introduction
- Voice data (biometric information): the member's voice and synthesized results, such as voice clone, voice intro, and voice messages
- Content: messages the member creates or sends, and their translations
- Information generated during use: usage records, device and access information, notification tokens, error diagnostics, and records needed for the safety and operation of the service
Collected information is used only within the scope of the collection purpose. Date of birth is used to verify that the member is 18 or older and for the matching age criteria.
2. Processing of Voice Data
The member's voice data processed by the Operator constitutes biometric (sensitive) information; the Operator classifies it as sensitive information under applicable laws and processes it with the member's consent. Members may decline consent to the processing of voice data, but in that case the core features of this service (voice intro, voice messages, etc.) cannot be used.
The voice used to train a voice clone is not separately retained by the Operator once the processing needed for synthesis is complete. Synthesized audio files are retained only for the period necessary to provide the service and are destroyed when the member changes the relevant content or deletes their account. Audio files are stored in a protected form that prevents unauthorized external access.
3. Outsourcing of Processing and Cross-Border Transfer
For the provision, operation, and safety of the service, the Operator outsources the processing of members' personal information to the following overseas processors. All processors are located in the United States, and the necessary information is transferred in encrypted form at the time the member uses the relevant feature.
| Processor | Purpose | Country |
|---|---|---|
| ElevenLabs, Inc. (policy) | Voice clone creation and voice synthesis | USA |
| OpenAI, Inc. (policy) | Content moderation | USA |
| Microsoft Corporation (policy) | AI conversion of profile photos | USA |
| Google LLC (policy) | Automatic translation | USA |
| Supabase, Inc. (policy) | Database, authentication, file storage, realtime | USA |
| Expo (650 Industries, Inc.) (policy) | Push notification delivery | USA |
| Functional Software, Inc. (Sentry) (policy) | Error and fault diagnostics | USA |
| Apple Inc. / Google LLC (Apple · Google) | Push message transmission | USA |
The information transferred to each processor is limited to the text, audio, images, notification tokens, and the like necessary to fulfill the above purposes, and is processed in accordance with each processor's privacy policy. Members have the right to decline the above cross-border transfer and may request refusal via the contact in Article 7 below. However, because this processing is essential to core features (authentication, voice synthesis, translation, data storage, notifications), refusing may restrict use of the service.
This outsourcing and cross-border transfer is conducted under the Network Act and the Personal Information Protection Act, and members consent to the above at sign-up and at voice registration.
4. Retention and Destruction of Personal Information
The Operator destroys personal information without delay once the purpose of collection has been achieved or the member deletes their account. Some information, such as synthesized audio files, is retained only for the period necessary to provide the service and is then destroyed. However, information that must be retained for dispute resolution, cooperation with investigations, prevention of repeat abuse, or other purposes required by applicable law or legitimate operations is stored separately from other information for the relevant period and then destroyed.
5. Rights of the Data Subject and How to Exercise Them
Members may at any time request access to, correction of, deletion of, or suspension of the processing of their personal information. Access and correction are available in the in-app profile, deletion through in-app account deletion, and other requests, refusal of cross-border transfer, and appeals regarding suspended accounts may be submitted via the contact in Article 7 below.
6. Security Measures
The Operator takes reasonable technical and administrative measures to protect personal information, including encryption of communication channels, access control, secure storage of passwords, and restricted access to operational records.
In the event of a personal data breach, the Operator will, in accordance with applicable law, notify affected members of the incident and its response measures without undue delay, and report to the relevant authorities where required.
7. Personal Information Protection Officer and Contact
- Personal Information Protection Officer — Sejin Lim
- Inquiries / appeals — haru.official.app@gmail.com
Members may use the above contact for inquiries about personal information processing, refusal of cross-border transfer, appeals regarding suspended accounts, data deletion requests, and the like.
8. Changes to This Privacy Policy
This Privacy Policy may be revised in accordance with changes in laws or the service. In the event of a revision, members will be notified before the effective date.