DeepQuest Privacy Policy
Company Name: DeepQuest
Representative: Hyunwoo Jung
Data Protection Officer (DPO): Hyunwoo Jung
Contact: official@deepquest.app
Effective Date: October 1, 2025
DeepQuest ("Company," "we," "us," or "our") is committed to protecting your personal information in accordance with the Personal Information Protection Act (PIPA) of Korea and applicable international privacy laws, including the GDPR and CCPA. This Privacy Policy explains how we collect, use, store, and protect your personal data.
1. Information We Collect
We collect personal information to provide and improve our services.
1.1 Required Information
| Information | Purpose | Collection Method |
|---|---|---|
| Email Address | User identification, service notifications, customer support | Social login |
| Name (Nickname) | User identification within the service | Social login |
| Social Login Identifier | Account linking and authentication | Social login (Google, GitHub) |
1.2 Optional Information
| Information | Purpose | Collection Method |
|---|---|---|
| Profile Image | Profile display within the service | Social login or direct upload |
1.3 Automatically Collected Information
| Information | Purpose |
|---|---|
| IP Address | Security and fraud prevention |
| Access Time | Service usage record management |
| Service Usage Records | Service improvement and analytics |
| Device Information (Browser type, OS) | Service optimization |
| Cookies | User preference retention, service improvement |
1.4 User-Provided Content
| Information | Purpose |
|---|---|
| Resume Content | AI analysis and interview question generation |
| Job Description (JD) | Customized interview question generation |
| Interview Responses | AI feedback provision |
Important: Resumes, job descriptions, and interview responses are used solely for providing services to you and are NOT used for AI model training.
2. How We Use Your Information
We use collected personal information for the following purposes:
2.1 Account Management
- Identity verification for membership services
- Membership registration confirmation
- Member status maintenance and management
- Prevention of fraudulent use
- Various notifications and announcements
2.2 Service Provision
- AI-based resume/portfolio analysis
- Customized interview question generation
- AI interview feedback
- Interview record storage and management
- Point charging and usage history management
2.3 Service Improvement and Analytics
- New service development and existing service improvement
- Service usage statistical analysis
- User experience enhancement
2.4 Customer Support
- Responding to user inquiries
- Complaint handling and dispute resolution
- Delivery of announcements
3. Data Retention
3.1 General Principle
We destroy personal information without delay once the purpose of collection and use has been achieved.
3.2 Retention Periods
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Account Information | Until account deletion | User consent |
| Interview Records | Until account deletion (or upon user deletion request) | User consent |
| Service Usage Records | 3 years | Protection of Communications Secrets Act |
| Payment and Refund Records | 5 years | Electronic Commerce Act |
3.3 Legal Retention Requirements
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Records of contracts or withdrawal of offers | 5 years | Electronic Commerce Act |
| Records of payment and supply of goods | 5 years | Electronic Commerce Act |
| Records of consumer complaints or disputes | 3 years | Electronic Commerce Act |
| Website access records | 3 months | Protection of Communications Secrets Act |
4. Third-Party Data Sharing
We do not share your personal information with third parties except in the following cases:
4.1 With Your Prior Consent
4.2 For Service Provision
| Recipient | Purpose | Data Shared | Retention Period |
|---|---|---|---|
| Clerk (Authentication) | User authentication and login | Email, name, social login identifier | Until account deletion |
| Sentry (Error Tracking) | Service error analysis and improvement | User ID (anonymized) | 90 days |
| PostHog (Analytics) | Service usage analytics | Email, name, service usage events | 2 years |
| AI Processing Server (LangGraph) | AI analysis service | Resume, JD, interview responses (anonymized) | Deleted immediately after processing |
4.3 As Required by Law
- When required by law or upon lawful request by investigative authorities
5. Data Processing (Third-Party Processors)
We engage the following third-party processors to provide our services:
| Processor | Processing Activities | Retention Period |
|---|---|---|
| Clerk Inc. | User authentication services | Until contract termination |
| Supabase Inc. | Database hosting | Until contract termination |
| Vercel Inc. | Web service hosting | Until contract termination |
| OpenAI / Anthropic / Google | AI analysis processing | Deleted immediately after processing |
We ensure that appropriate contractual measures are in place to protect your personal information when shared with these processors.
6. Your Rights
6.1 Rights You May Exercise
You (or your legal representative) may exercise the following rights at any time:
- Right to Access: View personal information we hold about you
- Right to Rectification: Request correction of inaccurate information
- Right to Erasure: Request deletion of your personal information (except where retention is required by law)
- Right to Restriction: Request suspension of processing of your personal information
6.2 How to Exercise Your Rights
- Directly through the settings page within the service
- By contacting customer support at official@deepquest.app
- Identity verification procedures apply before processing requests
- Requests will be processed without delay, and results will be communicated to you
6.3 Exercising Rights Through a Representative
You may designate a representative to exercise your rights in accordance with applicable privacy laws.
7. Data Destruction
7.1 Destruction Procedure
We destroy personal information without delay when the retention period expires or the processing purpose has been achieved.
7.2 Destruction Methods
| Storage Type | Destruction Method |
|---|---|
| Electronic files | Permanent deletion using methods that prevent recovery |
| Paper documents | Shredding or incineration |
7.3 Account Deletion Processing
- Account deletion requests are processed immediately
- Personal information and interview records are destroyed upon deletion
- Information required to be retained by law is stored for the designated period and then destroyed
8. Security Measures
We implement the following measures to ensure the security of your personal information:
8.1 Administrative Measures
- Minimization and training of personnel handling personal information
- Establishment and implementation of internal management plans
8.2 Technical Measures
- Encryption of personal information (SSL/TLS during transmission, encryption at rest)
- Security systems against hacking
- Access control and access management
8.3 Physical Measures
- Data center access control (compliance with cloud service provider security policies)
9. Cookies
9.1 Definition and Purpose of Cookies
Cookies are small text files stored on your browser by websites. We use cookies for:
- Maintaining user authentication status
- Saving user preferences
- Service usage analysis
9.2 How to Refuse Cookies
You can refuse cookie storage through your browser settings. However, refusing cookies may limit your use of certain services.
Browser Settings:
- Chrome: Settings → Privacy and Security → Cookies and other site data
- Safari: Preferences → Privacy → Cookies and website data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
10. Data Protection Officer
We have designated a Data Protection Officer responsible for personal information processing:
| Role | Details |
|---|---|
| Data Protection Officer | Hyunwoo Jung |
| Position | CEO |
| Contact | official@deepquest.app |
You may contact our DPO regarding any personal information-related inquiries, complaints, or requests for remedy. We will respond to your inquiries promptly.
11. Rights Violation Remedies
If you experience harm due to personal information violations, you may seek dispute resolution or consultation from the following organizations:
| Organization | Contact | Website |
|---|---|---|
| Personal Information Infringement Report Center | (Korea) 118 | privacy.kisa.or.kr |
| Personal Information Dispute Mediation Committee | (Korea) 1833-6972 | www.kopico.go.kr |
| Supreme Prosecutors' Office Cyber Investigation Division | (Korea) 1301 | www.spo.go.kr |
| National Police Agency Cyber Bureau | (Korea) 182 | cyberbureau.police.go.kr |
12. For EU/EEA Users (GDPR)
If you are located in the European Union or European Economic Area, the following additional provisions apply:
12.1 Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Contractual Necessity: Processing necessary to provide you with our services
- Legitimate Interests: Processing for service improvement and security purposes
- Consent: Processing based on your explicit consent (e.g., marketing communications)
- Legal Obligation: Processing required to comply with applicable laws
12.2 Additional Rights Under GDPR
In addition to the rights listed in Section 6, EU/EEA users have:
- Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Lodge a Complaint: File a complaint with a supervisory authority in your country of residence
12.3 International Data Transfers
Your data may be transferred to and processed in countries outside the EU/EEA, including the Republic of Korea and the United States. We ensure appropriate safeguards through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Compliance with data protection requirements of our service providers (Vercel, Supabase, Clerk)
12.4 Data Storage Locations
| Service Provider | Location | Safeguards |
|---|---|---|
| Vercel | United States | SCCs, SOC 2 compliance |
| Supabase | United States | SCCs, SOC 2 compliance |
| Clerk | United States | SCCs, SOC 2 compliance |
13. For California Residents (CCPA/CPRA)
If you are a California resident, the following additional provisions apply under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
13.1 Categories of Personal Information Collected
| Category | Examples | Business Purpose |
|---|---|---|
| Identifiers | Name, email, IP address | Account management, service provision |
| Internet Activity | Browsing history, service interactions | Service improvement, analytics |
| Professional Information | Resume content, job descriptions | AI analysis services |
13.2 Your California Privacy Rights
- Right to Know: Request disclosure of personal information collected, used, or disclosed
- Right to Delete: Request deletion of your personal information
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale: We do NOT sell your personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
13.3 "Do Not Sell My Personal Information"
We do NOT sell your personal information. We do not exchange personal information for monetary or other valuable consideration.
13.4 Exercising Your Rights
California residents may exercise their rights by:
- Contacting us at official@deepquest.app
- Using the settings page within our service
We will respond to verified requests within 45 days.
14. For Other Jurisdictions
14.1 United Kingdom (UK GDPR)
UK residents have similar rights to those outlined in Section 12 (GDPR). For complaints, you may contact the Information Commissioner's Office (ICO) at ico.org.uk.
14.2 Brazil (LGPD)
Brazilian users have rights similar to GDPR under the Lei Geral de Proteção de Dados (LGPD), including access, correction, deletion, and data portability.
14.3 Other Countries
We respect privacy rights in all jurisdictions where we operate and will comply with applicable local privacy laws.
15. Children's Privacy
Our service is not intended for users under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at official@deepquest.app.
16. Changes to This Privacy Policy
- We may update this Privacy Policy to reflect changes in our practices or applicable laws. Changes will be announced through in-service notices at least 7 days before the effective date.
- For changes that adversely affect your rights, we will provide at least 30 days' notice and notify you individually via email.
Supplementary Provisions
- This Privacy Policy is effective as of October 1, 2025.
- This Privacy Policy supersedes all previous versions.
- In case of any discrepancy between the Korean and English versions, the Korean version shall prevail for users in Korea.
Governing Law
This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of Korea. However, we respect and comply with applicable privacy laws in all jurisdictions where we operate.