Privacy Policy
Effective Date: May 14, 2026 Last Updated: May 14, 2026
This Privacy Policy describes how Ipsum AI LLC (a limited liability company registered in California, USA, hereinafter "we", "us", or "the Company") collects, uses, stores, shares, and deletes your personal information when you use the website and related services operated under the brand "Career Hacker Alex" at careerhackeralex.com (the "Service").
We design our practices to comply with applicable data protection laws including, where relevant, the Republic of Korea's Personal Information Protection Act (PIPA), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA).
1. Information We Collect
1.1 Account and Authentication
- Required: email address, password (stored as a salted hash), or Google OAuth profile information (name, email, profile picture).
- Optional: display name, profile image, short bio.
1.2 Information Collected Automatically During Service Use
We automatically collect and log the following information for service delivery, quality improvement, security, fraud prevention, and analytics:
- Access and activity logs:
- Page views (URL, time on page, click events)
- Login/logout history
- Lecture progress (chapter, slide, playback position, completion status)
- Search queries and click-through events
- AI and knowledge base queries:
- Queries and responses involving the "Second Brain" / memory graph
- Prompts and outputs for AI-powered features (e.g., "Ask", recommendation, chat)
- Timestamps, session identifiers, response quality feedback (thumbs up/down)
- Community activity:
- Posts, comments, reactions, reports
- Device and network information:
- IP address (including derived approximate location), user agent, OS, browser type and version, screen resolution, language preference
- Device identifiers (cookie IDs, anonymous user IDs)
- Referral and campaign data:
- Referrer URL, UTM parameters
1.3 Payment Information (when paid services are offered)
- Payments will be processed via third-party payment processors (such as Stripe, PortOne, or Toss Payments). We do not directly store sensitive cardholder data.
- The information we retain related to a transaction is limited to: payment timestamp, amount, product name, payment method type (card/transfer/etc.), and transaction ID.
1.4 Marketing and Communications
- Email opt-in status, push notification opt-in status, timestamp of marketing consent.
1.5 Cookies and Similar Technologies
- Essential cookies:
cha_session(authentication session, required to keep you signed in) - Analytics cookies: anonymized usage statistics (e.g., Google Analytics) — used only with consent
- Functional cookies: language preference, dark mode, and other user preferences
2. How We Collect Information
We collect personal information in the following ways:
- Directly from you: when you register, edit your profile, post in the community, or input queries into AI features.
- Automatically: through cookies, log files, and analytics tools during your use of the Service.
- From third-party identity providers: when you sign in with Google OAuth or similar providers, we receive the profile fields you have consented to share.
- From payment processors: when you complete a purchase, we receive transaction results.
3. Purposes of Use
We use collected personal information only for the following purposes:
| Purpose | Categories Processed | Legal Basis |
|---|---|---|
| Member authentication and account management | Email, password, OAuth ID | Performance of a contract |
| Delivery of lectures and content | Progress data, viewing history | Performance of a contract |
| AI and memory feature response generation | Query inputs, session ID | Performance of a contract |
| Service improvement and analytics | Activity logs, device info | Legitimate interests, consent |
| Fraud prevention and security incident response | IP, device identifiers, activity logs | Legitimate interests |
| Payment and refund processing | Payment information | Performance of a contract, legal obligation |
| Marketing and informational notifications | Email, consent records | Consent |
| Compliance with legal obligations | Transaction records, identifiers | Legal obligation |
4. Retention Periods
| Category | Retention Period | Basis |
|---|---|---|
| Member account information | Until account deletion (retained for 30 days post-deletion for dispute resolution, then erased) | Fraud prevention, post-termination disputes |
| Access and activity logs | 3 years | Korean Communications Privacy Act enforcement decree, security |
| AI / memory query logs | 3 years, or immediately on member withdrawal upon explicit request | Service improvement, safety review |
| Payment and transaction records | 5 years | Korean Act on the Consumer Protection in Electronic Commerce |
| Consumer complaint and dispute resolution records | 3 years | Korean Act on the Consumer Protection in Electronic Commerce |
| Records on display/advertising | 6 months | Korean Act on the Consumer Protection in Electronic Commerce |
| Marketing consent records | Until consent is withdrawn |
When you request account deletion, we will destroy your personal information either immediately or within 30 days, with the exception of records we are legally required to retain for the periods listed above.
5. Sharing with Third Parties
We share personal information with third parties only with your consent or where required by law. We do not currently share personal information with third parties on a regular basis. If we begin sharing data with new third parties, we will obtain your separate consent in advance.
6. Service Providers (Processors)
We engage the following service providers to process personal information on our behalf, strictly within the scope of the assigned services:
| Processor | Service | Country of Processing | Retention |
|---|---|---|---|
| Google LLC (Firebase Authentication, Firestore, Cloud Storage) | Member authentication, session management, user data storage | Multi-region (incl. United States) | Until account deletion |
| Vercel Inc. | Hosting, CDN, serverless function execution, access logs | Multi-region (incl. United States) | 30 days (access logs) |
| Google LLC (Gemini API), OpenAI, Inc., Anthropic, PBC | AI feature processing (Q&A, content generation, etc.) | United States | Per provider policy |
| Resend, Inc. or equivalent email service | Transactional and marketing email delivery | United States | Deleted immediately after delivery |
| Stripe, Inc. / Toss Payments / PortOne, etc. (when introduced) | Payment processing and refunds | United States, Republic of Korea | 5 years per Korean e-commerce law |
We will update this list in this Privacy Policy when our processors change.
7. International Data Transfers
Because Ipsum AI LLC is based in the United States, your personal information may be transferred internationally as follows:
- Categories transferred: all categories described in Section 1
- Destination countries: primarily the United States, plus other regions operated by our processors (Google Cloud, Vercel, etc.)
- Method: encrypted transmission over the internet (TLS) and storage in cloud infrastructure
- Timing: on an ongoing basis as you use the Service
- Recipients: the processors listed in Section 6
- Purpose and retention: the same as in Sections 3 and 4 above
By using the Service, you agree to these transfers. To withdraw this consent, you may delete your account.
8. Your Rights
8.1 Korean Residents (PIPA)
At any time, you may exercise the following rights:
- Right of access: to view how your personal information is being processed
- Right to rectification / deletion: to correct inaccurate information or delete unnecessary information
- Right to suspension of processing: to request that specific processing activities stop
- Right to withdraw consent: for marketing, international transfer, and other consent-based processing (note: information essential for the Service can only be withdrawn by account deletion)
8.2 EU/EEA Residents (GDPR)
In addition to the above, you have:
- Right to data portability
- Right to object to automated decision-making
- Right to lodge a complaint with a supervisory authority
8.3 California Residents (CCPA/CPRA)
- Right to know: the categories and purposes of personal information we collect
- Right to delete
- Right to opt-out of the sale or sharing of personal information: we do not sell your personal information
- Right to non-discrimination
To exercise your rights, contact us using the information in Section 12. After verifying your identity, we will respond within 10 days (PIPA) or 30 days (GDPR/CCPA).
9. Children's Personal Information
We do not knowingly collect personal information from children under 14 (Korea) or under 13 (United States, per COPPA). Members must meet these minimum age thresholds to register.
If we learn that a child below these thresholds has registered, we will promptly delete all related personal information. Parents and legal guardians may contact us at the address in Section 12 to request deletion of a child's data.
10. Security Measures
We implement the following technical and organizational measures to protect personal information:
- Encryption: TLS 1.2+ in transit; sensitive fields (password hashes, session tokens) encrypted at rest
- Access control: least-privilege access to systems holding personal information, multi-factor authentication (MFA), periodic access reviews
- Audit logging: access logs to personal information are retained and reviewed for anomalies
- Privacy training: regular training for employees and processor staff
- Physical security: reliance on the data-center security controls of our cloud infrastructure providers (Google Cloud, Vercel)
Notwithstanding these measures, no internet transmission or electronic storage method is 100% secure. We continually work to apply commercially reasonable safeguards.
11. Cookies and Tracking Technologies
11.1 Cookies We Use
- Essential:
cha_session(HttpOnly + Secure authentication cookie) - Preferences: language, dark mode, and similar user settings
- Analytics: anonymized page-view statistics (only with consent)
11.2 Cookie Controls
You can block or delete cookies through your browser settings. Blocking essential cookies will prevent login and disable certain features.
11.3 Do Not Track
We honor browser "Do Not Track" signals. When enabled, we do not use analytics cookies.
12. Privacy Officer and Contact
The following contact serves as our Privacy Officer for all data protection matters:
- Operator: Ipsum AI LLC (California, USA)
- Service: Career Hacker Alex (커리어해커 알렉스)
- Privacy Officer: Alex Ahn (Owner)
- Email: careerhackeralex@gmail.com
You may direct any inquiries, rights requests, complaints, or remediation requests related to this Privacy Policy to the email above. We will respond within a reasonable time after receipt.
12.1 External Mediation Bodies (Korean Users)
- Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
- Personal Information Breach Report Center: 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office Cyber Investigation: 1301 (www.spo.go.kr)
- National Police Agency Cyber Bureau: 182 (ecrm.police.go.kr)
13. Changes to This Policy
We may amend this Privacy Policy from time to time in response to changes in law, government policy, or service updates.
- Minor changes: posted on this page and effective 7 days after posting
- Material changes (new collection categories, new purposes, new third-party sharing): we will provide at least 30 days' advance notice on this page and via email to the address on your account, and request re-consent where required
Contact: careerhackeralex@gmail.com Ipsum AI LLC · California, USA