CoMente (the “Company”) establishes and publishes this Privacy Policy (the “Policy”) to protect users’ personal information and promptly handle related complaints in accordance with the Personal Information Protection Act and other applicable laws. This Policy applies to the Summet website, desktop applications, mobile applications, and related services provided by the Company.
Article 1 (Personal Information Processed)
The Company may process the following personal information.
1. Sign-up and account management
The Company may process the following information for sign-up, login, identity verification, and account management.
- Required items: email address, password or authentication information, user identifier, login history
- Optional items: name, profile image
2. Information generated or processed while using the Service
The Company may process the following information while providing the Summet service.
- Meeting recording audio files
- Text conversion records
- Documents, images, and attachments uploaded by users
- Memos, prompts, and Q&A content written by users
- AI summaries, meeting minutes, memos, Q&A, PDF/PPT files, and other generated outputs
- Service settings, synchronization information, push tokens, and device identifiers
- Access date and time, service usage records, click logs, and error logs
- IP address, device information, browser information, and operating-system information
- Input values used when AI Features run, such as transcript text, memo content, prompts, and portions of uploaded documents
- When users use Gmail integration, connected email account information, email subjects, sender and recipient information, email bodies, attachments, thread information, labels, and related metadata
- When users use Google Workspace integration, schedule information, document information, file information, Drive metadata, contact information, and other work data within the scope consented to by the user
- When users use Location-Based Features, current location information, location permission information, coordinates, searched place information, address information, and map usage records
3. Payment and subscription use
The Company may process the following information for Paid Services, subscriptions, recurring payments, and refunds.
- Payment Channel information
- Payment approval and cancellation history
- Subscription status and payment history
- For website payments, payment-processor customer identifiers, PayPal account identifiers, transaction identifiers, or Toss Payments transaction information
- For Apple App Store in-app payments, transaction identifiers, product identifiers, receipt verification information, subscription status, and payment or refund status information
- For Google Play in-app payments, order numbers, purchase tokens, product identifiers, subscription status, and payment or refund status information
- Payment-related verification information necessary for customer support or dispute handling
As a rule, the Company does not directly store sensitive payment information such as full credit card numbers, card passwords, or CVC/CVV values. Such information may be processed by the relevant payment provider or App Market.
4. Customer support and inquiries
- Inquirer email address
- Inquiry content
- Consultation and handling history
- Attached materials
Article 2 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes.
- Sign-up, login, identity verification, and account management
- Providing service features such as meeting recording, speech transcription, summaries, Q&A, translation, meeting minutes, and document generation
- Storing user settings, synchronization, push notifications, and app operation
- Customer support, inquiry response, and notices
- Providing Paid Services, payment processing, purchase verification, subscription status confirmation, refunds, accounting and settlement, and preventing duplicate, fraudulent, or erroneous payments
- Service improvement, feature development, quality enhancement, security, and incident response
- Compliance with legal obligations, dispute handling, and prevention of unauthorized use
- Providing email summaries, schedule integrations, document and file integrations, and productivity features through integrations with Gmail, Google Workspace, and other external work tools
- Providing map display, place search, meeting-place confirmation, route guidance integrations, and other Location-Based Features using current or entered location information
Article 3 (Data Processing Method within the Service)
- The Company may use Firebase for member authentication, user identification, settings synchronization, push notifications, and app operation support.
- The Company may use external cloud infrastructure such as Amazon Web Services (AWS) for server operation, storage, backup, network, security, incident response, and performance optimization.
- When users use AI summaries, Q&A, translation, meeting minutes, document generation, or similar features, the Company may process transcript text, memo content, prompts, portions of uploaded files, Q&A inputs, and related data.
- The Company may use external AI service providers such as OpenAI (GPT), Anthropic (Claude), and Google (Gemini) to perform AI Features requested by users, and relevant data may be transmitted to and processed by such providers within the necessary scope.
- The Company handles personal information within the minimum scope necessary for processing purposes, and minimal technical logs may be temporarily generated for service operation, security, and incident response.
- If users do not use external AI Features, transmission to external AI service providers may not occur, but processing through external infrastructure such as Firebase or AWS may still occur for basic service provision, including authentication, storage, synchronization, security, and server operation.
- When users use Gmail integration, the Company may process Gmail-related data within the scope necessary for email summaries, meeting integration, task organization, draft replies, search, or other functions requested by the user.
- When users use Google Workspace integration, the Company may integrate schedules, documents, files, contacts, or other work data to provide work assistance, meeting preparation, record organization, search, recommendation, and document generation.
- When users use Location-Based Features, the Company may provide place confirmation, map display, meeting-place guidance, route guidance integrations, and other additional features based on the user’s current location or directly entered location.
- The Company may use external map service providers such as Google Maps Platform and Naver Maps to provide Location-Based Features, and location or place-related information may be transmitted to such providers within the necessary scope.
- The Company activates Gmail, Google Workspace, or Location-Based Features only within the scope explicitly selected or consented to by users, and processes related information only within the minimum scope necessary to perform those features.
- The Company may process transaction identifiers, order information, receipt verification information, or subscription status information provided by each Payment Channel to provide Paid Services, confirm payment status, verify purchases, confirm auto-renewal, reflect refund or cancellation status, and prevent duplicate or fraudulent payments.
Article 4 (Retention and Use Period)
As a rule, the Company destroys personal information without delay once the purpose of processing has been achieved. However, certain information may be retained for the periods below when required by applicable laws or service operation.
- Member information: until membership withdrawal
- Payment and transaction records: until the retention period required by applicable laws
- Customer inquiry and consultation records: five years after handling is completed
- Records for prevention of unauthorized use and security response: until the purpose is achieved
- Service operation logs and analytics data: retained within the scope of operational purposes and then deleted or de-identified
Article 5 (Destruction Procedure and Method)
- When personal information becomes unnecessary due to expiration of the retention period or achievement of the processing purpose, the Company destroys such personal information without delay.
- As a rule, the Company processes and stores personal information in electronic form, and electronically stored personal information is deleted using secure methods so that it cannot be restored or reproduced. If personal information is exceptionally recorded on paper documents, it is destroyed by shredding, incineration, or similar methods.
Article 6 (Provision of Personal Information to Third Parties)
As a rule, the Company does not provide users’ personal information to external parties. Exceptions apply in the following cases.
- Where the user has given prior consent
- Where a special provision of law exists or provision is unavoidable to comply with a legal obligation
- Where an investigative agency or other public authority requests information through lawful procedures under applicable laws
- Where related data is transmitted to an external AI service provider within the scope necessary to perform an AI Feature requested by the user
Article 7 (Entrustment of Processing and Use of External Services)
The Company may use external service providers or entrust related tasks to provide the Service smoothly.
- Firebase: member authentication, data storage, push notifications, app operation support
- Amazon Web Services (AWS): server operation, data storage, backup, network and infrastructure management
- OpenAI: GPT-based AI Feature processing
- Anthropic: Claude-based AI Feature processing
- Google (Gemini): AI Feature processing and related service operation support
- Google Workspace / Gmail: email integration, schedule integration, document and file integration, work productivity features
- Google Maps Platform: map display, place search, coordinate processing, Location-Based Features
- Naver Maps: domestic map display, place search, location confirmation, route guidance integration, and Location-Based Features
- PayPal: website payments and recurring payment processing
- Toss Payments: website payments and recurring payment processing
- Apple App Store: iOS in-app payments, subscription management, payment status provision, and related procedures
- Google Play: Android in-app payments, subscription management, payment status provision, and related procedures
- Other providers notified through service screens, the website, or separate policies: email sending, log analysis, customer support, and similar tasks
The Company performs management and supervision obligations for processors or external service providers in accordance with applicable laws.
Article 8 (Overseas Transfer of Personal Information)
During service provision, some personal information or related data may be processed through providers or infrastructure located overseas.
1. Overseas transfer related to infrastructure and authentication
- Recipient: Firebase, Amazon Web Services (AWS)
- Destination country: United States and other countries where the providers operate
- Transferred items: account information, user identifiers, service usage records, device information, stored data, and information necessary for service operation
- Purpose: member authentication, data storage, synchronization, push notifications, server operation, backup, security, and incident response
- Timing and method: transmitted from time to time through information and communications networks during sign-up, login, or service use
- Retention and use period: until the processing purpose is achieved or for the period required by applicable laws and provider policies
2. Overseas transfer related to AI Features
- Recipient: OpenAI, Anthropic, Google
- Destination country: United States and other actual processing countries
- Transferred items: transcript text, memo content, prompts, Q&A inputs, portions of uploaded files, and information entered or submitted by the user to perform AI Features
- Purpose: performing requested features such as AI summaries, Q&A, translation, meeting minutes, and document generation
- Timing and method: transmitted from time to time through information and communications networks when the user runs the relevant feature
- Retention and use period: until the processing purpose is achieved or for the period under each provider’s policies and applicable laws
3. Processing related to website payments
- Recipient: PayPal, Toss Payments, and other payment providers
- Destination country: Republic of Korea, United States, and other actual processing countries of each payment provider
- Transferred items: payment-related identifiers, transaction information, payment status information, PayPal account identifiers, transaction identifiers, or other information necessary for payment processing
- Purpose: payment processing, recurring payment management, payment approval and cancellation, and refund processing
- Timing and method: transmitted from time to time through information and communications networks when payment or refund is requested
- Retention and use period: until the processing purpose is achieved or for the period required by applicable laws and each payment provider’s policies
4. Processing related to Apple App Store in-app payments
- Recipient: Apple
- Destination country: United States and other actual data-processing countries of Apple
- Transferred items: transaction identifiers, product identifiers, receipt verification information, subscription status, payment or refund status information
- Purpose: in-app payment processing, purchase verification, subscription management, and reflecting refund or cancellation status
- Timing and method: transmitted from time to time through information and communications networks when the user purchases, renews, cancels, or requests a refund for a Paid Service in the iOS application
- Retention and use period: until the processing purpose is achieved or for the period required by applicable laws and Apple policies
5. Processing related to Google Play in-app payments
- Recipient: Google
- Destination country: United States and other actual data-processing countries of Google
- Transferred items: order number, purchase token, product identifier, subscription status, payment or refund status information
- Purpose: in-app payment processing, purchase verification, subscription management, and reflecting refund or cancellation status
- Timing and method: transmitted from time to time through information and communications networks when the user purchases, renews, cancels, or requests a refund for a Paid Service in the Android application
- Retention and use period: until the processing purpose is achieved or for the period required by applicable laws and Google policies
6. Overseas transfer related to Google Workspace / Gmail integration
- Recipient: Google
- Destination country: United States and other actual data-processing countries of Google
- Transferred items: email account information, email subjects, sender and recipient information, bodies, attachments, schedule information, document information, file information, contact information, and related metadata within the scope consented to by the user
- Purpose: email integration, schedule integration, document and file integration, search, summaries, draft writing, and work productivity features
- Timing and method: transmitted from time to time through information and communications networks when the user activates or uses Google Workspace or Gmail integration
- Retention and use period: until the processing purpose is achieved or for the period required by applicable laws and provider policies
7. Overseas transfer related to map and Location-Based Features
- Recipient: Google Maps Platform
- Destination country: United States and other actual data-processing countries of Google
- Transferred items: location information, coordinates, searched place information, address information, and device or network-based location-related information
- Purpose: map display, place search, meeting-place confirmation, route guidance integration, and other Location-Based Features
- Timing and method: transmitted from time to time through information and communications networks when the user uses map or Location-Based Features
- Retention and use period: until the processing purpose is achieved or for the period required by applicable laws and provider policies
8. Matters related to domestic map service use
- Recipient: Naver Maps
- Processed items: location information, searched place information, address information, coordinates, and other information necessary for Location-Based Features
- Purpose: domestic map display, place search, route guidance integration, and other Location-Based Features
- Processing method: processed from time to time when the user uses the relevant feature
Where required by applicable laws, the Company separately notifies or obtains consent for overseas transfers.
Article 9 (User Rights and How to Exercise Them)
Users may exercise the following rights against the Company at any time.
- Request access to personal information
- Request correction if there is an error
- Request deletion
- Request suspension of processing
- Withdraw consent
Users may exercise these rights through service settings, customer support, or the contact below, and the Company will take action without delay in accordance with applicable laws.
Article 10 (Measures to Secure Personal Information)
The Company takes the following measures to secure personal information.
- Minimization of access rights to personal information
- Access control and authentication procedures
- Security measures such as encryption during transmission
- Log monitoring and abnormal-activity detection
- Security updates and vulnerability response
- Management and supervision of processors and external service providers
Article 11 (Personal Information Processing Related to AI Features)
- The Company may process input data and generated outputs within the scope necessary to provide AI Features requested by users.
- The Company may use AI service providers such as OpenAI (GPT), Anthropic (Claude), and Google (Gemini), and relevant data may be transmitted to such providers within the scope necessary to perform the feature.
- If the Company intends to use user data for independent AI training or improvement beyond service provision purposes, it will provide separate notice or obtain consent in accordance with applicable laws.
- Users may change consent status or make inquiries through app settings, service screens, or customer support.
- The Company accesses and processes Gmail or Google Workspace information only within the scope explicitly integrated or authorized by the user, and does not use such information for independent advertising or promotion purposes beyond the purpose of providing the feature.
- The Company may process location information through the operating system’s location permission consent procedure when necessary to provide Location-Based Features, and users may change or withdraw location permission at any time through device settings.
Article 11-2 (Limited Use of Google User Data โ Google API Services User Data Policy)
Summet’s use and transfer to any other app of information received from Google APIs (including Gmail, Google Drive, Google Docs, Google Sheets, Google Slides, and Google Calendar) will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
- The Company uses Google user data only to provide and improve user-facing features that the user explicitly requests (such as email summaries and reply drafts, calendar integration, Drive file search and integration, and assistance with creating or editing Docs, Sheets, and Slides).
- The Company does not use Google user data for advertising and does not sell Google user data to third parties.
- The Company does not allow humans to read Google user data, except: (a) with the user’s explicit consent; (b) for security purposes (such as investigating abuse); (c) to comply with applicable law; or (d) for internal operations where the data has been aggregated and anonymized so that it cannot identify any individual.
- The Company processes Google user data only transiently and to the minimum extent necessary to provide the requested feature, and does not retain data that is no longer needed.
- The Company does not retain or transfer AI/ML models trained on Google user data, and does not use such data for general model training.
Article 12 (Privacy Officer and Contact)
The Company may designate a privacy officer or responsible department as follows to oversee personal information processing and handle user complaints and remedies related to personal information processing.
ยท Privacy Officer: Summet Operations Team
ยท Email: help@comente.io
Article 13 (Changes to this Policy)
This Policy may be amended due to changes in laws, services, or internal policies. If there are material changes, the Company will notify users in advance or afterward through service screens, the website, or other appropriate methods.