Zee Privacy Policy

Last updated: October 2025

주식회사 스크리블리 (Skribbli Co., Ltd.) ("Zee", "we", "us", or "our") respects your privacy and is committed to protecting your personal information. This Policy explains how we collect, use, disclose, store, and protect information when you use Zee's web or mobile application and related services (the "App" or the "Services"). By using the Services, you agree to this Privacy Policy and our Terms and Conditions.

We operate in Korea, Australia, and the United States. Depending on where you live, specific rights and rules may apply (see "Your Rights by Region").

1. Who is responsible for your data?

Controller/Entity: Skribbli Co., Ltd. (주식회사 스크리블리)
Registered Country: Republic of Korea
Contact: privacy@tryzee.io

When we use trusted vendors (e.g., cloud hosting, payments), they act as processors/service providers under our instructions.

2. What we collect

We collect two types of data depending on your interaction:

a) Non-Personal Data (aggregated/does not identify you)

Device info, browser type, general location (city/region), language
App usage analytics (pages viewed, features used, session lengths, timestamps)
Cookies, SDKs, local storage, pixel tags, web beacons

Use: analytics, security/fraud prevention, product performance, research. We may use and share aggregated insights without restriction.

b) Personal Information (can identify you)

Account & contact: name, email, password (hashed), age range, country/region, preferred language
Subscription & payments: plan, status, purchase history (processed by Stripe/Apple/Google/Toss; we don't store full card details)
Learning activity: prompts, messages, transcripts, lesson artifacts, assignments, feedback, progress, AI Tutor interactions, voice samples you choose to provide
Support & comms: inquiries, tickets, survey responses, marketing preferences
Technical: IP address, device IDs, OS, app version, crash logs
Consent & safety: content flags, preference toggles (e.g., marketing, training opt-out), parental/guardian consent records where applicable

3. How we use information & legal bases

We process data to:

1. Provide the Services

Create/maintain your account, deliver lessons, personalize AI Tutors, enable features.

Legal bases: Contract performance; Legitimate interests (run and improve core services).

2. Improve and secure the App

Debugging, analytics, fraud/abuse prevention, safety filtering, quality assurance, model evaluation.

Legal bases: Legitimate interests; in some regions, consent (for certain cookies/SDKs).

3. Personalize learning

Adapt content and tutor persona based on level, behavior, preferences.

Legal bases: Legitimate interests; consent where required.

4. Customer support & communications

Respond to requests, send service notices (e.g., changes, outages, security alerts).

Legal bases: Contract performance; Legitimate interests; Legal obligations.

5. Subscriptions & billing

Process payments, manage renewals, handle taxes and receipts.

Legal bases: Contract performance; Legal obligations.

6. Marketing (optional)

Newsletters, promotions, surveys, referral programs.

Legal bases: Consent (GDPR-like regimes) or Legitimate interests (with opt-out).

You can unsubscribe any time via the email footer or account settings.

7. Model improvement (you control this)

We may use anonymized or de-identified conversation data to improve AI models and safety systems.

Your choice: You can opt out of model improvement at any time in Settings � Privacy � "Don't use my content to improve models." Opting out does not affect core functionality.

4. Cookies, pixels, and SDKs

We use cookies/SDKs for:

Authentication and session management
Preferences (language, UI choices)
Performance and analytics (e.g., Crash/usage metrics)
Advertising attribution/measurement (where permitted)

You can control cookies via your browser/app settings. Disabling some cookies may impact functionality. For details, see our Cookie Policy (link on your site).

5. Information sharing & disclosure

We do not sell personal information.

We may share information with:

Service providers/processors: cloud hosting, analytics, payments, voice-to-text/TTS, content moderation, email delivery. They may only use data to provide services to Zee under contract.
Affiliates: entities under common control (only as necessary and under this Policy).
Legal & safety: to comply with law, enforce Terms, protect users and our rights, investigate abuse/fraud/security threats.
Business transfers: merger, acquisition, financing, or asset sale (your data remains protected and you'll be notified of material changes).
With your consent: e.g., when you connect a third-party app or explicitly request sharing.

Cross-border transfers:

Your data may be processed in countries outside your own (including Korea, Australia, the US, and others).
We use appropriate safeguards (e.g., Standard Contractual Clauses (SCCs) for EU/UK data; APP 8 requirements in Australia; PIPA cross-border consent/notice in Korea).
Where local law requires, we will obtain your explicit consent before transferring data overseas.

6. Children & students

Zee is designed for K-12 learners but accounts must be created by a parent/guardian or school where required by law.
Under 13 (US/COPPA) or below local digital consent age: we require verifiable parental consent or a school contract acting as the parent's agent.
Parents/guardians can review, delete, or withdraw consent for a child's data by contacting privacy@tryzee.io.
We do not serve behaviorally targeted ads to children's accounts and we limit data collection to what is reasonably necessary to provide the Service.

7. Data retention

We retain personal information only as long as necessary for the purposes described above, to comply with legal obligations, resolve disputes, and enforce agreements.

Typical retention:

Account data: until account deletion or as required by tax/contract law
Learning artifacts & logs: configurable; you can delete specific items or your account
Backups: retained for a limited period (e.g., 3090 days) then securely purged
Anonymized statistics may be retained longer

You can request deletion at any time (see Rights below).

8. Data security

We employ administrative, technical, and physical safeguards, including:

Encryption in transit and at rest where appropriate
Access controls, least-privilege permissions, MFA for staff
Network monitoring, audit logging, and vulnerability management
Vendor due diligence and DPAs

No system is 100% secure; if we detect a breach impacting your data, we will notify you and regulators as required by law (e.g., PIPA, OAIC Notifiable Data Breaches scheme, US state laws).

9. Your rights by region

Your rights depend on your location. We will honor requests applicable to your jurisdiction and, where reasonable, extend similar controls globally.

A) Republic of Korea (PIPA)

Access, correction, deletion, processing suspension
Notice/consent for cross-border transfers
Right to withdraw consent; right to file a complaint with PIPC
Contact: privacy@tryzee.io

B) Australia (Privacy Act 1988 & APPs)

Access and correction
Complaint to Zee and (if unresolved) to the Office of the Australian Information Commissioner (OAIC)
APP 7 marketing opt-out; APP 8 cross-border requirements

C) United States (including California CCPA/CPRA)

Right to know categories/specific pieces we collected
Right to delete certain personal information
Right to correct inaccurate data
Right to opt out of "sale" or "sharing" for cross-context behavioral advertising (we don't sell; if any "sharing" qualifies under CPRA, you may opt out via "Do Not Sell or Share My Personal Information" link in the App footer)
Right to limit use of sensitive personal information where applicable
Non-discrimination for exercising your rights

D) How to exercise your rights

Email privacy@tryzee.io with your request (access/copy, correction, deletion, portability, marketing opt-out, model-improvement opt-out).

We may need to verify your identity (and parental authority for minors).

We will respond within the timeframes required by law.

10. Payments

Payments are processed by third-party processors (e.g., Stripe, Apple App Store, Google Play, Toss Payments).

Their privacy terms apply to payment data they process. We receive limited details (e.g., name, email, purchase history) to provide receipts, prevent fraud, and manage subscriptions.

11. Third-party sites & integrations

The App may link to third-party sites or allow optional integrations (e.g., calendars, LMS, communication apps).

Your use of those services is governed by their privacy policies. We are not responsible for their practices.

12. AI model training & your controls

We do not use private data to build publicly available models.
We may use de-identified/aggregated interactions to improve Zee's models and safety systems.
You can opt out of training/improvement at any time in Settings � Privacy (or by emailing privacy@tryzee.io).
Opting out will not degrade core functionality, but certain personalization features may be less accurate.

13. International data transfers

If we transfer your information internationally, we use safeguards such as:

SCCs approved by the European Commission (or UK IDTA as applicable)
Contractual commitments under APP 8 in Australia
PIPA-compliant consent/notice for Korea
Additional technical and organizational measures, as appropriate

14. Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new "Last updated" date, and, where required, notify you in-app or by email. Continued use of the Services constitutes acceptance of the updated Policy.

15. Contact & complaints

Primary contact:

privacy@tryzee.io
Skribbli Co., Ltd. (주식회사 스크리블리), Seoul, Republic of Korea

Regional contacts/regulators:

Korea (PIPC): You may lodge a complaint with the Personal Information Protection Commission.
Australia (OAIC): You may lodge a complaint with the Office of the Australian Information Commissioner.
US: You may contact your state Attorney General; for children's privacy concerns, the FTC.