Contents
1. Introduction
Hannune (한누네, "we", "us", or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you visit app.hannune.ai or subscribe to our Entity Resolution API.
We comply with the Personal Information Protection Act of the Republic of Korea (PIPA, 개인정보 보호법), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA) as applicable.
2. Information we collect
2.1 Information you provide
- Account information: Name, email address, company name, and password when you register for the ER API or join the waitlist.
- Payment information: Billing address, tax identifiers (e.g., VAT ID). Payment card details are collected and processed directly by Paddle and are never stored on our systems.
- Communications: Messages you send to us via email, contact forms, or chat.
2.2 Customer data submitted to the API
When you use the ER API, you submit records (e.g., names, email addresses, company names) for the purpose of deduplication and entity resolution. This data may contain personal information of your customers, employees, or other data subjects.
2.3 Automatically collected information
- Usage data: API request counts, endpoints accessed, response times, error rates.
- Device and log data: IP address, browser type, operating system, timestamps, referring URLs.
- Cookies and similar technologies: See section 11.
3. How we use information
We use the information we collect to:
- Provide, operate, and maintain our services
- Process payments and send billing notifications
- Respond to inquiries and provide customer support
- Send service announcements, security alerts, and administrative messages
- Monitor and analyze usage to improve service quality
- Detect, investigate, and prevent fraud, abuse, and security incidents
- Comply with legal obligations and enforce our Terms
- With your consent, send marketing communications (you may opt out at any time)
4. Legal basis for processing (GDPR)
For users in the European Economic Area, our lawful bases under Article 6 of the GDPR are:
- Contract: Processing necessary to provide services you have requested.
- Legitimate interests: Improving our services, securing our systems, and communicating with customers.
- Legal obligation: Compliance with tax, accounting, and other statutory requirements.
- Consent: Where you have given explicit consent, such as for marketing emails.
5. How we share information
We do not sell personal information. We share information only as follows:
- Service providers: Third-party sub-processors that help us operate the services (see section 6).
- Legal requirements: When required by law, court order, or to protect rights, property, or safety.
- Business transfers: In the event of a merger, acquisition, or sale of assets, subject to the successor honoring this policy.
- With your consent: For any other purpose disclosed to you at the time of collection.
6. Sub-processors
We engage the following third parties to process data on our behalf:
| Sub-processor | Purpose | Location |
|---|---|---|
| Paddle.com | Payment processing, Merchant of Record, tax compliance | United Kingdom, USA |
| Google Cloud Platform | Application hosting, demo infrastructure | Asia-Pacific (asia-northeast3, Seoul) |
| Supabase | Authentication, account database | Asia-Pacific |
| Anthropic, OpenAI | LLM providers for disambiguation layer (Pro and Business tiers only; opt-out available) | United States |
| Resend | Transactional email delivery | United States, EU |
| Plausible Analytics | Privacy-preserving website analytics (no cookies, no personal data) | European Union |
An updated list of current sub-processors is available upon request at contact@hannune.ai. Enterprise clients may request a signed Data Processing Addendum (DPA) — email contact@hannune.ai with subject "DPA request".
7. Data retention
- Account data: Retained while your account is active and for 3 years after closure for tax and legal compliance, then deleted or anonymized.
- API customer data (ER API): Processed in memory; debugging logs are encrypted and auto-deleted within 24 hours.
- Billing records: Retained for 7 years as required by Korean tax law (국세기본법).
- Marketing contact data: Retained until you unsubscribe.
8. Security
We implement appropriate technical and organizational measures to protect personal data, including TLS 1.3 encryption for data in transit, encryption at rest for stored data, access controls, audit logging, and regular security reviews.
No system is 100% secure. If we become aware of a personal data breach affecting you, we will notify you and applicable regulators without undue delay as required by law.
9. Your rights
Depending on your jurisdiction, you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data. To exercise your rights, email contact@hannune.ai with subject "Privacy request". We will respond within 30 days.
9.1 California residents (CCPA)
California residents have additional rights including the right to know what personal information is collected, the right to delete, and the right to non-discrimination for exercising these rights. We do not sell personal information.
10. International data transfers
Hannune is based in the Republic of Korea. Some of our sub-processors are located outside Korea. Where we transfer personal data outside the EEA or the UK, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards.
11. Cookies
Our website uses minimal cookies: essential cookies required for authentication and account functionality. We use Plausible Analytics, which does not use cookies or collect personal data. We do not use advertising cookies or third-party tracking.
12. Children's privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us and we will delete it promptly.
13. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified via email to registered users and posted on this page with a new "Last updated" date.
14. Contact us
For questions, requests, or complaints about this policy or how we handle your data:
Hannune (한누네)
Privacy & general inquiries: contact@hannune.ai
Location: Seoul, Republic of Korea
Personal Information Protection Officer (개인정보 보호책임자)
Name: TaeHo Kim (김태호)
Email: contact@hannune.ai
For residents of the Republic of Korea, you may also contact the Personal Information Protection Commission (개인정보보호위원회) at privacy.go.kr.