Redbrick Enterprise AI (hereinafter referred to as the "Company") places great importance on the personal information of its service users and is committed to complying with relevant laws and regulations and managing such information securely. This Privacy Policy informs users about the purposes and methods by which personal information provided while using the service is processed, and the measures taken to protect personal information.
1. Purpose of Personal Information Processing
The Company processes the minimum necessary personal information for the following purposes:
Membership Registration and Management: Used to confirm service membership registration intent, identify/authenticate users, create and maintain accounts, and prevent fraudulent use. For example, basic information such as email addresses is collected.
Service Provision and Operation: We utilize personal information to provide core service functions such as document search, file summarization, and AI-generated responses, ensuring a seamless user experience. Documents and data uploaded or linked by users are stored in the corporate vector database and used to provide context-based responses, including understanding question intent and delivering accurate answers.
External Application Integration: Users can choose to integrate third-party apps like Google Drive, Gmail, and Slack to index data and provide search functionality. In such cases, we collect file names, body content, metadata, and other information within the scope permitted by the respective external service to utilize it as internal corporate knowledge assets. This data is used solely as context for queries from the specific user and their workspace members and is not disclosed for other purposes or to other users.
Customer Support and Inquiry Response: We use user contact information and inquiry details to respond to service usage inquiries or fault reports and to mediate disputes.
Service Improvement and Statistics: We analyze statistics such as service usage patterns and AI response accuracy to enhance product quality and develop new features (in this case, statistical information is anonymized or de-identified before use).
2. Items of Personal Information Collected and Retention Period
The company collects only the minimum personal information necessary for service provision and retains such information for the retention period specified at the time of collection or as required by relevant laws and regulations. The main items collected and their retention periods are as follows:
Membership Registration Information: Required - Email address. Optional - Name, Company name, Department/Position, Contact information, etc. This information is retained until account deletion (membership withdrawal) and is immediately destroyed upon withdrawal.
Social login information: Profile information (e.g., name, email) provided by external services such as Google when users log in using their accounts. This information is retained until the account is deleted.
Service usage data: Information generated during the use of service features, such as document search history, AI question and response content, and metadata of uploaded files. This data is stored temporarily solely for the purpose of providing the service. After achieving this purpose, it is anonymized for statistical use or retained for a specified period as required by law before being deleted. For example, critical logs may be retained for up to three years for security and audit purposes. However, sensitive information such as conversation content or file text is not permanently stored on company servers. It is processed only when necessary and deleted or anonymized after a specified period.
Payment Information: Card details and transaction records required for payment when using paid services. Although paid services are not currently active, upon introduction, we will process this information securely in accordance with relevant laws and regulations. Transaction records will be retained for up to five years in compliance with the Act on Consumer Protection in Electronic Commerce, etc.
The company generally destroys personal information without delay once the purpose for its collection has been achieved. However, if laws and regulations such as the Commercial Act require retention for a certain period, the information is stored for the period specified by such laws and regulations (e.g., 5 years for records related to contracts or withdrawal of subscription offers). In such cases, the retained personal information is used solely for the purposes stipulated by law.
3. Provision of Personal Information to Third Parties
The Company does not provide personal information to external parties without the user's prior consent as a general rule. Personal information is provided to third parties only within the scope permitted by law or with the user's consent, as follows:
When the user has provided separate consent: We provide necessary information to the relevant third party when the user has consented to the provision of personal information for linking specific services. For example, this occurs when a user agrees to the transfer of personal information while linking another service for collaboration purposes.
When required by law: We provide information only within the scope of applicable laws when there is a lawful request from investigative authorities or other legal obligations.
For corporate workspaces: Basic information (name, email, etc.) of users invited via a corporate account and usage data necessary for business purposes may be provided to the administrator of the relevant company (organization). This applies only when requested for monitoring or management purposes within the company regarding employees' service usage (e.g., conversation content, uploaded file lists, access logs, etc.), and users participating in the workspace are deemed to have consented to such provision. However, the company shares information only to the extent necessary to maintain business confidentiality as per its contract with the enterprise customer, and the enterprise is obligated to process such information in compliance with relevant laws and regulations.
4. Outsourcing of Personal Information Processing and Cross-Border Transfer
The Company may outsource certain operations to external specialized service providers to ensure smooth service delivery. Additionally, it may utilize overseas artificial intelligence model providers (such as API services) to implement AI functionalities. In such cases, the Company ensures the secure management of personal information through contracts with the outsourcing providers, in compliance with the Personal Information Protection Act and other relevant laws and regulations. The primary outsourcing and cross-border transfer targets are as follows:
Cloud Infrastructure Operations: Service servers are hosted by trusted cloud providers, and user data is stored in secure data centers both domestically and internationally. Example: Amazon Web Services (U.S., France, etc.) - Data storage and system operations.
Email Delivery Service: Email service providers may be used to send important notifications or verification emails to users. Example: SendGrid (USA) - Sending sign-up confirmation emails, etc.
AI Model Providers: We may utilize external AI engines (APIs) to generate AI responses for the service. While question content and related contextual information may be transmitted to these providers, the data is encrypted and protected during transmission. The company enters into Data Processing Agreements (DPAs) with these AI providers to ensure the confidentiality and security of user data, restricting its use solely for service provision purposes. Specifically, technical and contractual measures are implemented to prevent user data from being used for training AI models. (OpenAI explicitly states that data input via its API is not used for model training by default.)
Other outsourced services: In addition, there may be analytical tools for service functionality improvements, payment processors, and others. A full list of all outsourced service providers and detailed information is published on the Privacy Policy page of the official website. Should new outsourced service providers be added, prior notice will be provided and consent obtained.
Personal information entrusted for processing is limited to the minimum necessary for service provision. The company conducts regular management and supervision of entrusted entities to maintain the level of personal information protection. When transferring personal information overseas, the company informs users in advance of the destination country, date, information manager, contact details, etc., obtains consent, or complies with procedures stipulated by law.
5. User Rights and How to Exercise Them
Users have the following rights regarding their personal information:
Accessing and Correcting Information: Users may view or modify their personal information at any time through the profile or settings menu within the service. For information that cannot be directly modified within the system, users may contact the Personal Information Protection Officer to request corrections.
Withdrawal of Consent and Account Deletion: Users may withdraw their consent to the collection and use of personal information agreed to upon registration and have the right to request withdrawal from the service (account deletion). Upon withdrawal of consent or account deletion, all personal information will be destroyed without delay, except for information required to be retained by law. However, withdrawing consent or deleting your account may result in restrictions on service use.
Request to Cease Processing: Users have the right to request the cessation of processing of their personal information. However, there may be situations where such a request can be refused, such as when other laws or regulations mandate the processing of that personal information.
How to Exercise Rights: The above rights may be exercised by submitting a request in writing, via email, or through the customer service center. The company will take necessary measures without delay after verifying the identity of the requester. Rights may also be exercised through the user's legal representative or an authorized agent; in such cases, a designated power of attorney form must be submitted.
Limitations on Correction and Deletion: If other laws or regulations explicitly designate the personal information as subject to collection, the user's request for correction or deletion may be restricted. Additionally, certain information essential for service operation (e.g., account identifiers) may be non-modifiable.
6. Use of Automatic Personal Information Collection Devices (Cookies, etc.)
The company may use cookies to enhance user convenience and improve services. Cookies are small pieces of data sent by a website server to a user's browser. They are used to read information during subsequent visits to maintain settings or provide customized services.
Purpose of Cookie Use: Cookies are used to understand how users interact with the service they visit, including links clicked and popular search terms, to provide personalized information tailored to each individual. For example, cookies are utilized for maintaining logins and setting user language preferences. Cookies do not automatically contain personally identifiable information; they primarily store limited data such as device identifiers.
Cookie Refusal Settings: Users may refuse cookie storage or delete previously stored cookies through their browser settings. However, refusing cookie storage may cause inconvenience when using services requiring login or may restrict access to certain features.
7. Procedures and Methods for Disposing of Personal Information
The company promptly destroys personal information once the retention period has expired or the processing purpose has been fulfilled. The procedures and methods for destruction are as follows:
Destruction Procedure: When a user requests deletion of personal information through actions such as account termination, or when the purpose of collection and use has been fulfilled, the information is destroyed in accordance with internal policies and relevant laws and regulations. However, information subject to a mandatory retention period under law is transferred to a separate database, stored for the statutory period, and then destroyed. Information transferred to this separate database is not used or accessed for any purpose other than those permitted by law.
Destruction Method: Personal information in electronic file format shall be permanently deleted using methods that prevent recovery. Personal information printed on paper, such as printouts, shall be destroyed by shredding or incineration. Information stored in databases shall be deleted using methods that make technical recovery impossible.
8. Contact Information for the Personal Information Protection Officer and Responsible Personnel
The company has designated the following Personal Information Protection Officer to protect users' personal information and handle complaints and remedies related to personal information:
Chief Privacy Officer: Lee Kwang-yong (CPO)
Contact: redbrick.official@redbrick.io
9. Remedies for Personal Information Infringement
If you require assistance to seek redress for damages caused by personal information infringement, you may contact the following agencies (these agencies are separate from the company; you may contact them if you are dissatisfied with the company's own resolution of your personal information complaint or require additional assistance):
Personal Information Infringement Reporting Center (Operated by Korea Internet & Security Agency): 118 (no area code required) / privacy.kisa.or.kr
Personal Information Dispute Mediation Committee: 1833-6972 / www.kopico.go.kr
Supreme Prosecutors' Office Cyber Investigation Division: 1301 (no area code required) / www.spo.go.kr
National Police Agency Cyber Safety Bureau: 182 (no area code required) / cyberbureau.police.go.kr
For other personal information infringement consultations, you may contact relevant organizations such as the Korea Information Security Industry Association.
10. Changes to the Privacy Policy
This Privacy Policy may be amended in accordance with relevant laws and regulations or service changes. In the event of any changes to the policy, we will notify you in advance via reasonable means, such as website announcements, regarding the effective date and details of the amendments.
Announcement Date: October 13, 2025
Effective Date: October 13, 2025
Matters not specified in the above terms and conditions or this Privacy Policy shall be governed by relevant laws and regulations and general commercial practices. As a security-focused AI copilot service, the company pledges to prioritize the protection of user privacy and the confidentiality of corporate data above all else.
The latest Terms of Service and Privacy Policy are always available on the service homepage. For any inquiries, please contact our Customer Support Center at any time.