Onlyou AI
ENKO

Privacy Policy

Learn how Onlyou AI collects, uses, and protects your personal information in compliance with GDPR and CCPA.

Last Updated: February 24, 2026Effective Date: February 24, 2026

1. Introduction

Onlyou AI ('Company', 'we', 'our', or 'us') respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at onlyou-ai.com (the 'Service'). Please read this policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Data Controller

Onlyou AI is the data controller responsible for your personal data. You may contact us regarding any privacy matters using the information below.

Company: Onlyou AI

Email

Address: Seoul, South Korea

3. Information We Collect

We may collect the following categories of personal information:

  • Identity Data: name, username
  • Contact Data: email address
  • Usage Data: pages visited, features used, search queries, preferences, interaction history
  • Technical Data: IP address, browser type and version, device identifiers, operating system, referral URLs, time zone
  • Communications Data: messages sent via contact forms, feedback, and support requests
  • Cookie and Tracking Data: cookie identifiers, analytics data (see Section 11)

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases (Article 6, GDPR):

  • Performance of a Contract: to provide the Service you have requested
  • Consent: where you have given clear consent (e.g., newsletter subscription, non-essential cookies)
  • Legitimate Interests: to improve our Service, ensure security, and prevent fraud — where not overridden by your rights
  • Legal Obligation: to comply with applicable law

You may withdraw consent at any time where we rely on consent as the legal basis, without affecting the lawfulness of prior processing.

5. How We Use Your Information

We use your personal data for the following purposes:

  • To provide and maintain the Service (AI tool discovery, personalized recommendations)
  • To manage your user account and authenticate access
  • To analyze usage patterns and improve service quality and features
  • To respond to inquiries, send service-related notifications, and (with consent) newsletters
  • To detect, prevent, and address technical issues, fraud, and abuse
  • To comply with legal obligations and enforce our Terms of Service

6. Sharing Your Information

We do not sell your personal information. We may share your data only in the following circumstances:

Service Providers

  • Analytics providers (e.g., Google Analytics) — for service improvement
  • Cloud hosting and infrastructure providers — for service operation
  • Payment processors — if you make purchases through the Service
  • Law enforcement or government authorities — when required by law or to protect rights and safety

All third-party service providers are contractually required to protect your data and may only process it on our behalf and as instructed.

7. International Data Transfers

We are based in South Korea and our service providers may operate in other countries, including the United States and European Union. When we transfer personal data outside of your jurisdiction, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) for transfers from the EEA, or relying on applicable adequacy decisions under GDPR.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. When personal data is no longer needed, we securely delete or anonymize it.

  • Account data: retained for the duration of your account and deleted within 30 days of account deletion request
  • Usage and analytics logs: retained for up to 13 months
  • Data required for legal compliance: retained as required by applicable law (e.g., tax, financial records)

9. Your Rights (EEA / UK — GDPR)

If you are located in the EEA or United Kingdom, you have the following rights under the GDPR:

Right of Access: Request a copy of the personal data we hold about you (Art. 15)
Right to Rectification: Request correction of inaccurate or incomplete data (Art. 16)
Right to Erasure ('Right to be Forgotten'): Request deletion of your personal data (Art. 17)
Right to Restrict Processing: Request that we limit how we use your data (Art. 18)
Right to Data Portability: Receive your data in a structured, machine-readable format (Art. 20)
Right to Object: Object to processing based on legitimate interests or direct marketing (Art. 21)
Right to Withdraw Consent: Withdraw previously given consent at any time (Art. 7)
Right to Lodge a Complaint: File a complaint with your local supervisory authority (Art. 77)

To exercise any of these rights, contact us at kimjh022300@gmail.com. We will respond within 30 days.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA / CPRA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months
  • Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions
  • Right to Opt-Out of Sale: We do not sell your personal information to third parties. If this practice changes, you will have the right to opt-out
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To submit a verifiable consumer request, contact us at kimjh022300@gmail.com or use the contact form on our website. We will verify your identity before processing any request.

Do Not Sell or Share My Personal Information: We do not sell or share personal information with third parties for cross-context behavioral advertising.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze Service usage, and deliver personalized content. You can control cookie preferences through your browser settings or our cookie consent tool. Note that disabling certain cookies may affect Service functionality.

  • Essential Cookies: Required for the Service to function properly (cannot be disabled)
  • Analytics Cookies: Help us understand how the Service is used (e.g., Google Analytics — can be opted out)
  • Preference Cookies: Remember your settings and personalization preferences

12. Data Security

We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure — including encryption (TLS/HTTPS), strict access controls, and regular security assessments. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

13. Children's Privacy

Our Service is not directed to children under the age of 13 (or 16 in certain EEA jurisdictions). We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child under the applicable age, please contact us immediately and we will take prompt steps to delete such information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the 'Last Updated' date and — where required — notify you by email or by a prominent notice on our website. Your continued use of the Service after any changes constitutes acceptance of the revised policy.

Contact Us

For privacy-related inquiries, to exercise your rights, or for any data protection questions, please contact:

Email: kimjh022300@gmail.com

Address: Seoul, South Korea

Data Protection Contact: kimjh022300@gmail.com