Privacy Policy

2025-01-13

by Archisketch

Privacy Policy

Effective Date: June 1, 2026

Last Updated Date: June 1, 2026

Archisketch Inc. (hereinafter referred to as the “Company,” “we,” “us,” or “our”) is committed to protecting the privacy and rights of data subjects in compliance with applicable global privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We safely manage personal information processed during the use of the Archisketch website, applications, and all associated services (hereinafter referred to as the “Service”).

Article 1. Purposes of Processing Personal Information

We process personal information for the following purposes. Data will not be used for any purposes other than those specified below, and if the purpose changes, we will take necessary measures, such as obtaining separate consent, in accordance with applicable laws:

  • User registration, identity verification, account management, and user identification.

  • Provision of spatial design, 2D/3D floor plan creation, rendering, project/content storage and management, and collaboration/sharing features.

  • Customer Relationship Management (CRM), quoting, construction/delivery scheduling, and customer support.

  • Provision of AI-based features (e.g., auto-furnishing, spatial layout recommendations, product recommendations) and improvement of service quality, search accuracy, and rendering quality.

  • Management of paid services, subscription plans, credits/points, commerce payments, refunds, tax invoicing, and transaction records.

  • Delivery of notices, handling of inquiries/complaints, dispute resolution, and compliance with legal obligations.

  • Ensuring service stability, access management, security, fraud prevention, fault analysis, and log management.

  • Provision of marketing information and newsletters (only when explicit consent is given).

  • Provision of AI Agent features, management of agent chat logs, quality control, troubleshooting, security, and feature improvements.

  • Statistical analysis and service usability improvements (processed in a de-identified/anonymous format whenever possible).

Article 2. Categories of Personal Information Collected and Methods of Collection

1. Account Registration and Usage

[Required]

  • Data Collected: Name, Email address, Password

  • Collection Method: Account registration and settings screen

[Social Login]

  • Data Collected: External account identifiers (Google, Kakao, Naver, etc.), Email, Name or Nickname, Profile information (scope depends on the external service provider's policy)

  • Collection Method: Upon linking a social login account

[Account Settings]

  • Data Collected: Profile picture, Name, Language settings, Security settings, and other user-input information

  • Collection Method: Account settings menu

[Automatically Collected Data]

  • Data Collected: IP address, Cookies, Browser information, Device information, Access timestamps, Access logs

  • Collection Method: Automatically generated during service use

2. Paid Services, Subscriptions, and Commerce

[Payments, Subscriptions, Credits, and Points]

  • Data Collected: Order number, payment approval number, payment method identifiers, partial credit card numbers, payment amount, payment currency, payment status, subscription plan details, credit/point recharge/usage/deduction/refund history, remaining balance.

  • Purpose: Payment processing, recurring billing, credit/point management, refunds, payment error resolution, settlement, accounting, and fraud prevention.

[Delivery and Commerce]

  • Data Collected: Purchaser's name, Recipient's name, Contact number, Shipping address, Order history, Shipping details

  • Purpose: Product delivery, exchanges/returns, customer inquiry handling

[Tax Processing]

  • Data Collected: Business registration number, Company name, Representative's name, Tax invoice/cash receipt issuance information

  • Purpose: Issuance of tax invoices/cash receipts and compliance with tax laws

3. Content and Project Information

[Content]

  • Data Collected/Processed: 2D/3D floor plans, modeling data, rendering images, texts, quotes, furniture lists, templates, notes

  • Note: Generated, uploaded, stored, and shared within the Service

[Project Information]

  • Data Collected/Processed: Project name, configuration details, product selection/placement history, AR placement data, edit/history logs, sharing settings, team/collaboration info

  • Note: To provide project storage, management, and collaboration features

[AI Feature Usage Data]

  • Data Collected/Processed: Auto-furnishing requests, product recommendation selections, user reactions to recommendations, service usage logs

  • Note: To provide AI-based features and improve current services

[Default Exclusions for AI Training]

  • Data Collected/Processed: Client names, phone numbers, emails, detailed addresses, unit numbers, original consultation notes, and raw 2D/3D/rendering data that can identify a specific household or location

  • Note: Raw data without the separate explicit consent of the End-Client is strictly excluded from AI training and model improvement datasets by default.

4. CRM (Customer Relationship Management) Feature Usage

(Note: For CRM data, the Enterprise Customer acts as the Data Controller, and Archisketch acts as the Data Processor).

[Required]

  • Items: End-Client's name, phone number, address, consultation title, status, assignee

  • Note: For CRM, quoting, and scheduling

[Optional]

  • Items: End-Client's email, agency code, budget, spatial dimensions, scheduled dates

  • Note: Provided by the End-Client or inputted by the User/Enterprise Customer

[Direct Input]

  • Items: Detailed client info, Consultation notes

  • Note: Only minimum necessary info should be entered. Inputting Sensitive PII or Unique Government Identifiers is strictly prohibited.

[Consent Management Info]

  • Items: End-Client consent status, timestamp, agreed items, consent text version, obtaining agent

  • Note: Logged when Users/Enterprise Customers manage consent history via the Service

5. Customer Support and Inquiries

[Customer Support]

  • Data Collected: Name, Email, Phone number, Inquiry details, consultation history, technical logs, attachments

  • Purpose: Processing inquiries, technical support, dispute resolution

6. AI Agent Feature Usage

[Agent Chat Logs]

  • Data Collected: Input messages (prompts), agent responses, tool execution records, session IDs, user_id, project/task context info, timestamps, error logs

  • Purpose: AI Agent provision, service operations, quality control, troubleshooting, security, customer support, and feature improvement

  • Note: Because prompts may contain personal data, Users must not input sensitive information, government IDs, or unnecessary personal data.

Article 3. Retention and Use Period

We promptly destroy personal information once the processing purpose is achieved, the retention period expires, or the data subject requests deletion. However, data required to be retained by law will be stored separately for the mandated period.

[Account Information]

  • Retention Period: Until account deletion (withdrawal)

  • Description: Account identification, login, user management

[Paid Services, Payments, Transaction Records]

  • Retention Period: 5 years

  • Description: Records of contracts, cancellations, payments, and supply of goods

[Customer Support, Complaints, Dispute Records]

  • Retention Period: 3 years

  • Description: Inquiries, refund requests, complaints, and dispute resolution

[Content and Project Info]

  • Retention Period: Within 30 days after account deletion or contract termination (Up to 90 days for data export/recovery support)

  • Description: Floor plans, 3D models, renderings, project configs

[CRM Data]

  • Retention Period: 1 year from the date of deletion request, contract termination, or purpose fulfillment

  • Description: End-Client info, consultation notes, quoting/scheduling info

[Access Logs]

  • Retention Period: 3 months

  • Description: Connection records, IPs, etc.

[Consent/Withdrawal/Opt-out History]

  • Retention Period: 3 years

  • Description: For dispute resolution regarding consent tracking

[Legally Mandated Records]

  • Retention Period: As specified by applicable laws

  • Description: E-commerce laws, communications privacy laws, etc.

[Agent Chat Logs]

  • Retention Period: 1 year from the date of collection

  • Description: Quality control, troubleshooting, AI feature improvement

Article 4. Provision to Third Parties (No Sale of Personal Info)

We do not sell or share personal information with third parties unless explicit consent is provided or as required by law.

  • If a User or Enterprise Customer uses the CRM feature to grant access to their employees, agencies, or contractors, the User/Enterprise Customer is solely responsible for obtaining the necessary consent and ensuring security measures.

  • [Legal/Government Requests]: Data requested under legal obligations will be retained and provided for the period designated by law.

  • Strict AI Data Policy: We strictly DO NOT sell, share, or provide raw CRM data, detailed addresses, or unredacted consultation notes to third-party AI training platforms, physical AI, or robotics training platforms without explicit, separate consent from the data subject.

Article 5. Sub-processors and Delegation of Processing

To provide smooth services, we engage trusted third-party service providers (Sub-processors) and enforce strict data processing agreements.

[AWS (Seoul Region)]

  • Task: Server operation, data storage, backup, security, AI inference infrastructure

  • Retention: Until contract termination or purpose fulfillment

[Stripe, Toss Payments, KG Inicis, Naver Pay, Kakao Pay]

  • Task: Payment gateway, recurring billing, refund processing

  • Retention: As per applicable laws and contract periods

[LG CNS]

  • Task: SMS, notification messages, authentication

  • Retention: Until dispatch purpose is fulfilled

[Stibee]

  • Task: Email marketing, notices (for opted-in users)

  • Retention: Until opt-out or contract termination

[Channel Corporation]

  • Task: Customer inquiry reception and processing

  • Retention: Until contract termination or purpose fulfillment

Article 6. Cross-Border Data Transfers

As a globally operating service, data may be transferred internationally. We utilize Standard Contractual Clauses (SCCs) or other legal transfer mechanisms to ensure GDPR/CCPA compliance.

[Stripe, Inc.]

  • Destination Country: United States

  • Data Transferred: Payment identifiers, partial card info, transaction details

  • Purpose: Payment processing

  • Method/Timing: Electronic transfer at the time of payment

  • Retention: Until purpose is fulfilled or required by law

(Note: Users may object to cross-border transfers; however, doing so may restrict access to payment or core service features).

Article 7. Data Processing for AI Features and Service Improvement

  • We analyze generated content and usage data to improve auto-furnishing, spatial recommendations, search accuracy, and overall service stability.

  • Privacy by Default: Unless the Enterprise Customer confirms they have secured explicit consent from their End-Clients for AI training, we categorically exclude direct identifiers (Names, Phones, Emails, Detailed Addresses, Raw Notes, highly specific 3D models) from AI training datasets.

  • AI training datasets are logically separated from raw CRM databases, and direct identifiers are masked, pseudonymized, or deleted.

  • If a User or End-Client opts out or withdraws consent for AI training, we will immediately exclude their data from future training pipelines, except where retention is legally required.

Article 8. Future Third-Party AI/Robotics Platforms

If we intend to use User Content or personal information beyond the currently disclosed service improvements (e.g., for Physical AI, robotics, selling datasets, or providing data to third-party AI platforms), we will enforce a strict opt-in policy and fulfill all legal notices and consent requirements prior to any such use.

Article 9. Enterprise Customers' CRM Consent Management (B2B/B2B2C)

  • Our CRM features act as a Data Processor. Enterprise Customers (Data Controllers) must obtain all legally required notices and consents from their End-Clients before inputting data into the Service.

  • We provide UI features to help Enterprise Customers log and manage these consents.

  • Data without confirmed consent is strictly restricted from our independent AI training or third-party provision.

  • If an End-Client directly exercises their privacy rights with us, we will coordinate with the respective Enterprise Customer to fulfill the request.

Article 10. Restriction on Sensitive and Unique Identifiers

We do not collect sensitive personal information or unique government identifiers.

🡪 WARNING: Users must NEVER input sensitive data into consultation notes, drawings, content, or AI Agent prompts. This includes Social Security Numbers, National IDs (e.g., Resident Registration Numbers), Passports, Driver’s Licenses, protected health information (PHI), religious/political views, or criminal records.

If such data is detected, we reserve the right to delete, mask, or de-identify it without prior notice.

Article 11. Pseudonymization and Aggregation

We may pseudonymize or anonymize personal information for statistical purposes, scientific research, or service improvement as permitted by law. Pseudonymized data is subject to strict technical safeguards, including the separation of additional info and a strict prohibition on re-identification.

Article 12. Data Destruction

  • Electronic files are securely and permanently deleted so they cannot be recovered.

  • Paper documents are shredded or incinerated.

  • Data required to be kept by law is moved to a separate, isolated database.

Article 13. Rights of Data Subjects (GDPR & CCPA Rights)

Data subjects have the right to request:

  • Access (Right to Know): What personal data we hold.

  • Rectification: Correction of inaccurate data.

  • Erasure (Right to be Forgotten): Deletion of personal data.

  • Restriction / Opt-Out: Stopping the processing or sale/sharing of data.

  • Data Portability: Receiving data in a structured, machine-readable format.

    Requests can be submitted via our Customer Center or DPO email. We will process requests promptly, subject to identity verification and legal exceptions.

Article 14. Security Measures

[Administrative] Internal privacy policies, employee training, access control management, and dedicated privacy teams.

[Technical] Access controls, one-way encryption of passwords, encryption of sensitive data in transit/at rest, security software, and vulnerability testing.

[Physical] Restricted access to server rooms and secure document storage.

[AI Data Security] Strict separation of AI training datasets from raw CRM data, restricted export controls, and default exclusion of unconsented raw client data from pipelines.

Article 15. Automated Decision-Making and AI Recommendations

Our AI features (auto-furnishing, product recommendations) are advisory tools. We do not use automated decision-making that produces legal or similarly significant effects concerning the User or End-Client solely based on automated processing. Users may choose to ignore AI recommendations and can contact support for clarifications.

Article 16. Cookies and Tracking Technologies

We use cookies to maintain sessions, analyze traffic, and provide personalized features. Users can control or block cookies via browser settings:

  • Chrome: Settings > Privacy and security > Cookies

  • Edge: Settings > Cookies and site permissions

  • Safari: Preferences > Privacy > Block all cookies

    (Note: Blocking essential cookies may disrupt login and core functionalities).

Article 17. Children's Privacy (COPPA/GDPR)

We do not knowingly collect personal information from children under the age of 14 (or the applicable age of digital consent, such as 13 in the US or 16 in the EU). Users must confirm they meet the age requirement upon registration. If we discover we have collected data from a minor without legal guardian consent, we will delete it immediately.

Article 18. Dispute Resolution and Remedies

Users may file complaints with their local Data Protection Authority (DPA). For South Korean jurisdictions, references include:

Article 19. Data Protection Officer (DPO) / Contact Us

[Data Protection Officer]

[Customer Support & Privacy Inquiries]

Article 20. Publication and Changes to the Privacy Policy

  • This policy is accessible from the Service's main screen.

  • Changes will be notified at least 7 days in advance. Material changes affecting user rights (e.g., changes in AI data usage, third-party sharing) will be notified 30 days in advance via email or in-app alerts.

  • Any changes requiring explicit consent under applicable law will not be applied until such consent is obtained.

Addendum 1. Sample Mandatory Consent Notice for End-Clients (CRM)

(Enterprise Customers may use this template to collect consent from their clients).

"To provide design consultations, quotes, and scheduling, we collect your personal data and entrust Archisketch Inc. with its processing to manage our CRM system. Your data will only be used for AI training/improvements if you grant separate optional consent.

  • Data Collected: Name, phone, email, address, budget, spatial dimensions, drawings.

  • Purpose: CRM management, quoting, scheduling.

  • Processor: Archisketch Inc. (System operations, security, data storage).

  • Retention: Until purpose fulfillment or deletion request.

  • Right to Refuse: You may refuse consent, but it may restrict our ability to provide consultation and quoting services."

Addendum 2. Sample Optional Consent for AI Feature Improvements

"I agree that my consultation and service usage data may be analyzed to improve auto-furnishing, spatial recommendations, and AI models. This is optional; refusing does not impact standard services.

  • Purpose: AI layout recommendations, rendering quality improvement, error analysis.

  • Data Used: Drawings, rendering images, spatial dimensions, budgets.

  • Strict Exclusions: Names, contacts, emails, exact addresses, and raw consultation notes are excluded.

  • Safeguards: De-identification, dataset separation, access control.

  • Retention: Until consent withdrawal."

Addendum 3. UI Warning for CRM Input Screens

"Before entering client data, ensure you have obtained legally required consent according to your internal compliance procedures. Enter only the minimum necessary information in the notes. DO NOT enter Social Security Numbers, National IDs, PHI, or data of minors. Unconsented raw data will never be used for Archisketch’s independent AI training or sold to third parties. Apply the same caution when prompting the AI Agent."

Supplementary Provision

These Terms shall be effective as of June 1, 2026.

A

Archisketch

share this post

Start the change with 3D interior technology.

Inquire about introduction