Privacy Policy

Hiyo (the “Service”) is operated by DIDI Co., Ltd. (“we,” “us,” or “Company”). This Privacy Policy explains how we collect, use, store, and protect personal information when you use our mobile service. We comply with applicable laws in the Republic of Korea, including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. Because the Service is available to users outside Korea, we provide this notice in English for clarity.

1. Personal data we collect
2. Purposes of processing
3. How we collect data
4. Retention and deletion
5. Sharing, processors, and international transfers
6. Generative AI features
7. Cookies and analytics
8. Your rights
9. Security
10. Children and teens
11. Contact and supervisory authorities
12. Changes to this policy
13. Apple standard EULA
Effective date

1. Personal data we collect

We collect the minimum personal information necessary to operate the Service.

Account: username (ID), country, language, email address, password (stored in a secured form), date of birth where applicable
Transactions: purchase and cancellation records where applicable
Authentication: user tokens where used for login or push notifications
AI character chat (where available): text messages you send, character and scene context (e.g. character name, persona, scene description), limited chat history, and summary memory used to generate replies
Service usage: access logs, IP address, device and OS information, app version, cookies, content you interact with, and records of misuse or abuse

We do not ask you to submit special categories of sensitive data. Please avoid entering government ID numbers or unnecessary sensitive information in free-text fields.

For users under 14, we may need information about a parent or legal guardian where required by law.

2. Purposes of processing

Creating and managing accounts; authentication; age eligibility
Providing, maintaining, and improving the Service, including AI-powered chat and recommendations
Customer support, notices, and handling complaints or disputes
Detecting and preventing fraud, abuse, and violations of our terms
Analytics and product improvement (including aggregated or de-identified data where appropriate)
Marketing or promotional communications only where permitted and with appropriate consent
Compliance with legal obligations

3. How we collect data

We collect information when you register, use the Service, contact support, or when information is generated automatically (e.g. logs). If you sign in through a third-party provider, we may receive identifiers allowed by that provider within the scope you authorize.

Device permissions (camera, photos, location, etc.) are used only when you grant them and only for the features disclosed to you.

4. Retention and deletion

We retain personal data only as long as necessary for the purposes above, unless a longer period is required by law (e.g. commercial and tax records, communications metadata under Korean law).

After account deletion, we may retain certain minimal records for a limited period to prevent fraud or repeat abuse, as permitted by law.
If an inactive-account deletion policy applies, we will notify you according to our operational rules.

When retention ends, we delete or anonymize data using methods that are difficult to restore.

5. Sharing, processors, and international transfers

We do not sell your personal data. We disclose personal data to third parties only with your consent where required, or when permitted by law (e.g. lawful requests from competent authorities).

5.1 Processors (including AI)

To operate the Service, we entrust processing to the following categories of providers. Generative AI features use OpenAI and Google services (including Gemini and related APIs) to generate responses from text and context you provide.

Provider	Role	Retention (processor)
OpenAI, LLC	Generative AI responses (e.g. character chat, suggested replies); processing of text and conversation context	As required to provide the API service and under OpenAI’s policies and settings
Google LLC (Gemini and related generative AI)	Generative AI responses; processing of text and conversation context	As required to provide the API service and under Google’s policies and settings
KT Alpha Co., Ltd. (Giftishow Biz API)	MMS dispatch and related customer support (recipient phone number)	Until the processing purpose for that message is completed

5.2 International transfers

OpenAI and Google may process data on servers located outside your country, including in the United States and other regions where they operate. Transfers occur when you use AI features, typically over encrypted network connections. The categories of data transferred are limited to what is needed to generate responses (e.g. conversation input, context, and related logs).

If you do not wish your data to be processed through these providers, AI-dependent features may be unavailable. You may contact us using the details in Section 11.

Note: If we use additional cloud or analytics vendors, we may describe them in the app settings or a supplementary list where practicable.

6. Generative AI features

Intended use: features such as character-style chat and suggested lines, intended for adult users where age restrictions apply.
Inputs and outputs: your messages and AI-generated replies may be stored and processed as needed to run the Service, ensure safety, and meet legal obligations.
Training: we do not use your conversations to train our own general-purpose public models. However, OpenAI, Google, and other processors may process data under their API terms (for example for abuse prevention or service operation). Please review their privacy notices for details.
Harmful or incorrect outputs: report concerns via customer support or the contacts in Section 11.

7. Cookies and analytics

We may use cookies, device identifiers, and tools such as Google Analytics, including features like Google Signals or User-ID where enabled, to understand usage and improve the Service. You can limit cookies through your browser or device settings; some features may not work fully if you do.

8. Your rights

Depending on applicable law, you may request access, correction, deletion, restriction of processing, or withdrawal of consent. You may also delete your account in-app where available. We will respond in line with Korean law and our operational capacity. Some requests may limit certain features.

9. Security

We implement technical and organizational measures (access controls, encryption where appropriate, staff training). No method of transmission over the internet is completely secure; please protect your credentials.

10. Children and teens

If you are under 14 (or the minimum age required in your region), a parent or guardian may need to consent as required by law. We apply youth-protection measures consistent with our Youth Protection Policy and Korean regulations where applicable.

11. Contact and supervisory authorities

Privacy inquiries

Personal Information Protection Manager
Department / Title: Head of New Business Division
Email: cddchingudeul@gmail.com

Personal Information Protection Officer
Department / Title: Service Development Team Leader
Email: cddchingudeul@gmail.com

Youth Protection Manager
Location-based service provider registration (Korea, No. 752)
Email: cddchingudeul@gmail.com

Korean supervisory and reporting bodies (for users who wish to file complaints in Korea):

Personal Information Infringement Report Center: privacy.kisa.or.kr / 118 (from Korea)
Personal Information Dispute Mediation Committee: kopico.go.kr / 1833-6972
Supreme Prosecutors’ Office Cybercrime Investigation: spo.go.kr / 1301
National Police Agency Cyber Bureau: ecrm.police.go.kr / 182 (from Korea)

12. Changes to this policy

We may update this Privacy Policy to reflect legal, technical, or business changes. We will post the revised policy in the Service with a new effective date. Material changes may be announced more prominently as required by law.

13. Apple standard EULA

For apps distributed through Apple’s App Store, Apple’s standard End User License Agreement may also apply: https://www.apple.com/legal/internet-services/itunes/dev/stdeula/

Effective date

This Privacy Policy is effective as of April 30, 2026.

Previous notice date: February 12, 2022. Prior implementation dates may apply to earlier versions.

Summary of latest update: Added generative AI (OpenAI and Google Gemini), international transfer disclosures, and restructured sections for international users.