Privacy Policy
Deveart ("the Company") values users' personal information and complies with the Personal Information Protection Act (PIPA) and other applicable laws. This Privacy Policy explains how personal information is collected, used, stored, and destroyed in the md-log service provided by the Company (including the web application, the mobile app, and the introductory (landing) site).
1. Personal Information We Collect
A. Account information (sign-up / login)
- Email address, password (stored using one-way encryption), and display name
B. Information generated and stored while using the service
- Documents (Markdown) that a user creates or uploads, handwritten annotations (ink strokes, images, etc.), and their version history
- External-integration information such as Personal Access Tokens (PAT)
- Device and session information: device identifier, session token (stored as a hash), and access date/time
C. Information collected automatically (service operation / security)
- Access logs, IP address, browser/device/operating-system information, and error logs
D. Visit analytics (Google Analytics) and information collected on the introductory (landing) site
- Visit analytics: Page views, in-app navigation paths, and events are collected through Google Analytics 4 (GA4) on the web application (service) and the introductory (landing) site. IP addresses are anonymized, and even for logged-in users, personally identifiable information such as name or email — and the body content of documents or annotations — is not transmitted to GA. GA is loaded only when the operator has configured a measurement ID.
- Contact form (landing site): name, email, (optional) company name, inquiry type, and inquiry content. The
contact_submit event generated when the contact form is submitted contains only the inquiry type (topic) and does not include identifying information such as name or email.
2. Purpose of Collecting and Using Personal Information
- Member identification and authentication, service provision, and content synchronization
- Storage, version management, and multi-device synchronization of documents and annotations
- Responding to customer inquiries and delivering notices
- Improving service quality, preventing misuse and abuse, and ensuring security (detecting fraudulent use and abnormal access)
- Improving the service through analysis of visit and usage statistics for the service and the introductory site
3. Retention and Use Period of Personal Information, and Its Destruction
- Member information: Destroyed without delay upon membership withdrawal. However, where retention is required under applicable laws, it is retained for the relevant period.
- Documents and annotations created by a user: Destroyed when the user deletes them or withdraws (owing to the immutable version structure, complete deletion may take some time).
- Access and security logs: Retained for the period prescribed by applicable laws and internal security policy, then destroyed.
- Inquiry information: May be retained for the period prescribed by applicable laws after the inquiry has been handled.
- Method of destruction: Electronic files are deleted in an unrecoverable manner, and any printed materials are shredded or incinerated.
4. Provision to Third Parties and Entrustment of Processing
As a rule, the Company does not provide users' personal information to external parties. In order to provide the service, the Company may entrust processing or use third-party services as follows.
| Entrustee / Service | Purpose of entrustment / use | Items processed |
|---|
| Google LLC (Google Analytics 4) | Analysis of visit and usage statistics for the service and the introductory site | Anonymized access information, page views, events |
| Vercel | Analysis of visit and usage statistics for the service and the introductory site | Anonymized access information, page views, events |
5. Rights of Users and Legal Representatives, and How to Exercise Them
- Users may at any time request to access, correct, or delete their personal information, or to suspend its processing.
- Such requests may be made through the in-service settings (account management) or via the contact below, and the Company will take the necessary measures without delay in accordance with applicable laws.
6. Cookies and Similar Technologies, and Visit Analytics
- The service uses cookies and local storage for purposes such as maintaining login status.
- The web application (service) and the introductory site use Google Analytics; users may refuse collection through their browser settings or Google's Analytics opt-out browser add-on.
7. Measures to Ensure the Security of Personal Information
- One-way encryption of passwords and encryption of data in transit (HTTPS)
- Access control over storage and application of the principle of least privilege; hash storage of sessions/tokens and reuse detection
- Operating-system-level protection of data stored on mobile devices, among others
8. Personal Information Protection Officer and Contact
9. Duty of Notice
- If any content of this Policy is added, deleted, or modified, the effective date and the details of the change will be announced in advance.
- Past versions are made available for viewing on the service and the introductory site.
Effective date: July 8, 2026