Arteev Labs

Privacy Policy

Effective Date: June 12, 2026

Arteev Labs Inc. ("Arteev Labs," "we," "us," or "our") values user privacy and is committed to handling personal information in compliance with the Personal Information Protection Act of the Republic of Korea (개인정보 보호법) and other applicable privacy and consumer protection laws.

This Privacy Policy ("Policy") explains how we collect, use, disclose, transfer, retain, delete, and protect personal information in connection with the Arteev mobile application (the "App"), the website at arteev.co (the "Website"), and any related services we provide (collectively, the "Service").

This Policy is supplemented by our Consumer Health Data Privacy Policy for residents of Washington, Nevada, Connecticut, and other jurisdictions with consumer health-data privacy laws. If the Consumer Health Data Privacy Policy conflicts with this Policy regarding Consumer Health Data, the Consumer Health Data Privacy Policy controls.

If we update this Policy, we will post the updated version in the App and on the Website. For material changes, we will provide notice at least 30 days before the changes take effect, unless a shorter period is required for legal, security, or operational reasons and permitted by law.

Our Data Promise

Arteev makes the following commitments regarding your data.

  1. We do not sell your data. We do not sell, license, or provide for advertising purposes your personal information, voice data, voice transcripts, Health Data, Consumer Health Data, Cards, Weekly Pattern Reports, Morning Forecasts, or insights derived from such data to third parties.

  2. We do not use your data for unrelated purposes. We use your data only to provide, operate, maintain, secure, support, and improve the Arteev Service; comply with law; enforce our terms; and protect users, the public, and the Service.

  3. We do not use your personal information for AI model training without express consent. We do not use your personal information, User Content, voice transcripts, Health Data, Consumer Health Data, Cards, Weekly Pattern Reports, or Morning Forecasts to train or fine-tune AI models unless you have separately and expressly consented.

  4. Limited exceptions. This promise does not prevent:

    • processing by service providers acting on our behalf and subject to appropriate contractual restrictions;
    • deidentified, aggregated, pseudonymized, or statistical analysis for Service improvement;
    • processing required by applicable law, court order, regulatory request, or lawful investigative request;
    • processing necessary to prevent fraud, abuse, security incidents, or imminent danger to life or safety;
    • transfer or processing in connection with a merger, acquisition, financing, reorganization, sale of assets, or business transfer, provided that the successor remains bound by protections no less protective than this Policy unless users are notified and given choices required by law.

If we ever wish to materially narrow this promise or expand how we use your personal information, we will obtain prior express consent where required by law.

1. General Principles

We process personal information according to the following principles:

  1. Minimum collection. We collect only personal information reasonably necessary for disclosed Service purposes.
  2. Purpose limitation. We use personal information only for disclosed purposes or purposes compatible with those purposes, unless we obtain additional consent or another legal basis applies.
  3. User control. We provide ways to access, correct, delete, restrict, or withdraw consent regarding personal information, subject to applicable law and identity verification.
  4. Transparency. We disclose our processing activities in a clear and accessible manner.
  5. Security. We apply administrative, technical, and organizational safeguards appropriate to the sensitivity of the information.

Terms used in this Policy have the meanings given under applicable privacy law, including the Personal Information Protection Act of the Republic of Korea, unless otherwise defined here.

2. Information We Collect

The categories of personal information we collect depend on which features you use.

A. Account and login information

B. Voice input and transcription data

C. User-entered and generated content

D. Health Data, only with explicit permission

"Health Data" means health, fitness, sleep, activity, heart-rate, heart-rate variability, or similar data that you authorize the Service to access through Apple HealthKit, Google Health Connect, or other supported sources.

If you grant permission through Apple HealthKit, Google Health Connect, or another supported permission flow, we may collect only the Health Data categories you authorize, such as steps, sleep, heart rate, heart rate variability, activity, workout, movement, or other selected data types.

We do not collect Health Data categories you have not authorized. You may revoke HealthKit or Health Connect permission through your device settings.

E. Consumer Health Data

"Consumer Health Data" is broader than HealthKit or Health Connect data. It means personal information that is linked or reasonably linkable to a user and that identifies or could reasonably be used to infer the user's past, present, or future physical or mental health status.

Consumer Health Data may include:

Consumer Health Data is handled under this Policy and our Consumer Health Data Privacy Policy.

F. Paid service and subscription information

G. Automatically collected technical and usage data

H. Customer support and communications

I. Sensitive information users voluntarily include

We do not intentionally request sensitive personal information such as race, religion, political opinion, union membership, sex life, criminal history, genetic information, reproductive health information, or similar categories, except for Health Data that you expressly authorize. However, because Arteev allows free-form voice and text input, you may voluntarily include sensitive information in User Content. If you do, we process it only as User Content or Consumer Health Data for the purposes described in this Policy and the Consumer Health Data Privacy Policy. You should avoid submitting sensitive information that is unnecessary for your use of the Service.

3. Information We Do Not Collect or Use

Subject to the qualifications in this Policy, we do not:

  1. sell personal information, Health Data, Consumer Health Data, voice data, transcripts, Cards, reports, forecasts, or derived insights;
  2. provide personal information or Consumer Health Data to third-party advertising networks;
  3. collect advertising tracking identifiers such as IDFA or AAID for advertising purposes;
  4. use Health Data or Consumer Health Data for advertising, targeted advertising, cross-context behavioral advertising, marketing, use-based data mining, insurance underwriting, employment eligibility, credit eligibility, healthcare eligibility, or unrelated profiling;
  5. use HealthKit, Health Connect, or similar health-permission data for advertising, marketing, or use-based data mining;
  6. use personal information or User Content to train or fine-tune AI models unless you separately and expressly consent;
  7. create voiceprints or biometric identifiers from your voice;
  8. knowingly collect personal information from children under 14, or from children under 13 for United States purposes.

4. How We Use Information

We process personal information for the following purposes:

  1. Service provision

    • account creation, login, authentication, and account management;
    • voice transcription and transcript display;
    • generation, storage, display, and retrieval of Cards;
    • generation and delivery of Weekly Pattern Reports and Morning Forecasts;
    • analysis of authorized Health Data and Consumer Health Data for wellness pattern intelligence;
    • push notifications and Service-related messages.

  2. Paid service operation

    • subscription verification, entitlement management, renewal status, billing support, refund status, and subscription-related notices.

  3. Customer support

    • responding to inquiries, troubleshooting, resolving disputes, and providing user guidance.

  4. Security, fraud prevention, and abuse prevention

    • detecting abnormal usage, account abuse, automated access, security incidents, fraud, unauthorized access, and violations of our Terms.

  5. Service improvement

    • debugging, crash diagnostics, performance optimization, quality improvement, feature evaluation, and deidentified or aggregated statistical analysis.

  6. Legal compliance and rights protection

    • complying with legal obligations, retaining legally required records, responding to lawful requests, enforcing our Terms, protecting legal rights, and preventing imminent harm.

We do not use personal information for purposes incompatible with this Policy unless we obtain additional consent or another legal basis applies.

5. Service Providers and Third-Party Processing

We use service providers to operate the Service. These providers process personal information only for the purposes we specify and subject to contractual restrictions.

Provider Role / Purpose Information Processed Location / Region
Anthropic, PBC AI generation for Cards, Weekly Pattern Reports, Morning Forecasts, and related outputs Voice transcripts, summaries, selected contextual data needed to generate outputs United States or other regions specified by provider terms/order form
OpenAI, L.L.C. Voice transcription and related AI processing Voice audio for transcription, transcript text, and related technical metadata United States or other regions specified by provider terms/order form
Supabase Inc. Database hosting, authentication, Edge Functions, storage, and backend infrastructure Account information, User Content, Consumer Health Data, Service usage data, consent records, subscription metadata Republic of Korea region where configured, or other configured region
RevenueCat, Inc. Subscription entitlement and purchase-status management Purchase identifiers, entitlement status, subscription metadata United States or other provider regions
Apple Inc. App Store purchases, Apple login, APNS push delivery, operating-system permission frameworks such as HealthKit Apple login identifiers, payment metadata, push tokens; HealthKit data only to the extent Apple processes it under Apple-controlled systems United States and other Apple regions
Google LLC Google login, Google Play billing, Firebase Cloud Messaging, Android / Health Connect platform services Google login identifiers, payment metadata, push tokens; Health Connect data only to the extent Google processes it under Google-controlled systems United States and other Google regions
Kakao Corp. Kakao social login Kakao account identifier, profile nickname if provided, email if provided Republic of Korea
Sentry, Inc. Error and crash diagnostics Error logs, diagnostics, technical metadata, and limited user identifiers where necessary for debugging United States or other provider regions
Amplitude, Inc. Product analytics — feature usage, conversion, and retention measurement, where analytics is enabled with consent Pseudonymous user and device identifiers and in-app event metadata; no voice transcripts, Health Data, Consumer Health Data, or free-text content intentionally shared United States or other provider regions
Expo / related push-notification infrastructure App build, update, and push-notification infrastructure where used Push tokens, notification delivery metadata, technical metadata United States or other provider regions

We will update this Policy before materially changing service providers or adding a provider that processes materially different categories of personal information.

Other than service providers acting on our behalf, we disclose personal information only:

  1. with your prior consent;
  2. as required by law, court order, regulatory request, or lawful investigative request;
  3. where necessary to protect life, safety, security, legal rights, or prevent fraud or abuse;
  4. in deidentified, aggregated, pseudonymized, or anonymized form where no individual is reasonably identifiable, subject to applicable law;
  5. in connection with a corporate transaction as described in this Policy.

6. Cross-Border Data Transfer

To provide the Service, we may transfer personal information internationally. Details are summarized below.

Recipient Country / Region Items Transferred Timing and Method Purpose and Retention
Anthropic, PBC United States or provider-designated region Voice transcripts, summaries, contextual data needed for output generation Real-time encrypted transmission during Service use AI generation; retained according to applicable API/DPA/order-form terms; not used for model training unless separately consented
OpenAI, L.L.C. United States or provider-designated region Voice audio, transcript text, technical metadata Real-time encrypted transmission during transcription or AI processing Transcription/AI processing; retained according to applicable API/DPA/order-form terms; not used for model training unless separately consented
Supabase Inc. Republic of Korea or configured hosting region Account information, User Content, Consumer Health Data, Service data, consent records, subscription metadata Encrypted transmission and storage during Service operation Backend hosting and authentication; retained under this Policy
RevenueCat, Inc. United States or provider-designated region Subscription metadata and purchase identifiers Encrypted transmission during subscription events Subscription entitlement management; retained under provider terms and our retention schedule
Apple Inc. United States and other Apple regions Apple login data, App Store payment metadata, push notification tokens Encrypted transmission during login, purchase, or push events Login, payment, and push services; retained under Apple policies
Google LLC United States and other Google regions Google login data, Google Play payment metadata, push notification tokens Encrypted transmission during login, purchase, or push events Login, payment, and push services; retained under Google policies
Sentry, Inc. United States or provider-designated region Error logs and diagnostics Encrypted transmission upon error events Error diagnostics; retained according to configured retention period, generally up to 90 days unless otherwise configured
Amplitude, Inc. United States or provider-designated region Pseudonymous user/device identifiers and in-app event metadata; no voice transcripts, Health Data, Consumer Health Data, or free-text content intentionally shared Encrypted transmission during app use where analytics is enabled with consent Product analytics; retained according to provider terms and our configured retention period
Expo / related push infrastructure United States or provider-designated region Push tokens and technical metadata Encrypted transmission during build/update/push operations Push and app infrastructure; retained according to provider terms and configuration

For users in the Republic of Korea, we obtain consent for cross-border transfers where required under Articles 28-8 and 28-9 of the Personal Information Protection Act or rely on another lawful basis permitted by law. We inform users of the right to refuse consent and the consequences of refusal, which may include inability to use certain features.

For users in other launch markets, international transfers are conducted using appropriate legal mechanisms where required, such as adequacy decisions, standard contractual clauses, transfer-risk assessments, comparable-protection assessments, consent, contractual necessity, or other lawful transfer bases available under applicable law.

7. Health Data, Consumer Health Data, and Sensitive Data Handling

Health Data and Consumer Health Data are sensitive. We apply heightened protections to them.

  1. Separate permission. We access Health Data only after you grant permission through Apple HealthKit, Google Health Connect, or another explicit permission flow.
  2. Granular access. We request only the Health Data categories needed for the relevant feature and only within the permission scope you authorize.
  3. Broader Consumer Health Data coverage. Consumer Health Data may include user-entered wellness logs and derived or inferred wellness insights, not only platform-authorized HealthKit or Health Connect data.
  4. Purpose limitation. We use Health Data and Consumer Health Data only to provide wellness pattern intelligence features, such as Cards, Weekly Pattern Reports, Morning Forecasts, and related user-facing insights; operate, secure, support, and improve the Service; comply with law; enforce our Terms; and protect users, the public, and the Service.
  5. No advertising or data mining. We do not use Health Data or Consumer Health Data for advertising, targeted advertising, cross-context behavioral advertising, marketing, use-based data mining, insurance underwriting, employment eligibility, credit eligibility, healthcare eligibility, or sale to third parties.
  6. No medical use. We do not use Health Data or Consumer Health Data to provide diagnosis, treatment, monitoring, medical advice, clinical interpretation, or emergency response.
  7. Revocation. You may revoke HealthKit / Health Connect permissions through your device settings. After revocation, we stop collecting new Health Data from that source. You may request deletion of previously collected Health Data or Consumer Health Data as described in Section 9 and our Consumer Health Data Privacy Policy.
  8. No intentional inaccurate writing. We do not intentionally write false or inaccurate data to HealthKit, Health Connect, or similar health services.
  9. Feature dependency. If a feature requires Health Data or Consumer Health Data to function and you decline or revoke access, that feature may be unavailable or less accurate, but other available Service features may remain usable.
  10. Supplemental United States notice. For residents of Washington, Nevada, Connecticut, and other jurisdictions with consumer health-data privacy laws, our Consumer Health Data Privacy Policy supplements this Policy with respect to Consumer Health Data and controls in case of conflict.

8. Data Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted by law.

Information Item Retention Period Basis
Voice recording files stored by Arteev Deleted after transcription is completed or after failure handling, generally within a short technical processing period Company policy / minimization
On-device live transcript display Not intentionally stored by Arteev unless submitted or saved Company policy / minimization
Voice transcript text 30 days from collection unless saved as part of a Card, summary, report, support request, legal hold, or user-selected retained content Company policy / Service operation
Rolling summaries While account is active, unless deleted earlier by user request or Service design Service operation
Cards, Weekly Pattern Reports, Morning Forecasts While account is active, unless deleted earlier by user request or Service design Service operation
Health Data While account is active and permission remains valid, unless deleted earlier by user request or Service design Service operation / consent
Consumer Health Data derived from User Content or generated outputs While account is active, unless deleted earlier by user request, Service design, or legal requirement Service operation / consent / user request
Account identifiers and login records During account life; then 30-day deletion grace period after account deletion request unless legally retained Account operation / security
Subscription and transaction records As required by applicable tax, accounting, consumer protection, and e-commerce laws, generally up to 5 years where Korean law requires Legal obligation
Fraud, abuse, and security records Generally up to 1 year from detection, unless longer retention is necessary for legal claims, security, or regulatory compliance Fraud prevention / legal protection
Error and crash logs Generally up to 90 days unless shorter or longer retention is configured for security or legal reasons Diagnostics / security
Customer inquiry records Generally up to 3 years from inquiry resolution, or as required by applicable consumer protection law Customer support / legal obligation
Consent records and policy acceptance records During account life and as long as necessary to demonstrate compliance Legal compliance

Service providers may retain data according to their applicable terms, DPAs, order forms, and technical configurations. We use contractual and technical measures to restrict service-provider use to authorized purposes.

9. Your Rights

Subject to applicable law and identity verification, you may request to:

  1. access personal information we hold about you;
  2. correct inaccurate personal information;
  3. delete personal information;
  4. suspend or restrict processing;
  5. withdraw consent;
  6. receive a copy of eligible personal information in a machine-readable format where applicable;
  7. object to certain processing where applicable law provides such right;
  8. exercise Consumer Health Data rights described in our Consumer Health Data Privacy Policy, where applicable.

You may exercise these rights through:

For children under 14, these rights may be exercised by a legal guardian where applicable. For United States purposes, the Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, or from a child under 14 where our 14+ policy applies, we will delete the account and associated personal information unless a different action is legally required.

If we cannot process a request, we will explain the reason and provide information about objection or appeal procedures where required by law.

Users in the United States, the United Kingdom, Australia, New Zealand, Singapore, Hong Kong, or other jurisdictions may have additional privacy rights under local law. Such rights may be exercised through the contact methods in this Policy. We will not discriminate against you for exercising any privacy right. If we decline a request, you may appeal by replying to our response where applicable. If your appeal is unsuccessful and applicable United States state law provides that right, you may contact the Attorney General of your state. Residents of Washington, Nevada, Connecticut, and other jurisdictions with consumer health-data privacy laws should also see our Consumer Health Data Privacy Policy, which governs Consumer Health Data and controls in case of conflict.

10. Data Destruction

When the retention period expires, the processing purpose is fulfilled, or you request deletion, we delete, destroy, or deidentify personal information according to the following procedures.

A. Destruction procedures

  1. When you request account deletion, we suspend or close account access and begin the deletion process.
  2. We may maintain a 30-day grace period during which you may cancel the deletion request and restore the account.
  3. After the grace period, we delete or deidentify personal information from production systems unless retention is required or permitted by law.
  4. Data in backups is deleted, overwritten, or rendered inaccessible according to backup retention cycles, generally up to 90 days unless a longer period is required for security, legal, or disaster-recovery reasons. Consumer Health Data deletion from archived or backup systems is handled as described in our Consumer Health Data Privacy Policy where applicable.
  5. Legally retained records, such as payment and transaction records, are stored separately or access-restricted and destroyed after the legally required retention period ends.

B. Destruction methods

C. Account deletion method

Account deletion is available in the App at Profile > Delete Account. If you cannot access the App or your account, you may contact hello@arteev.co, and we may require reasonable identity verification before processing deletion.

11. Security Measures

We apply administrative, technical, and organizational safeguards appropriate to the nature and sensitivity of personal information.

A. Administrative measures

B. Technical measures

C. Physical and infrastructure measures

D. Incident response

If a personal information breach or security incident occurs, we will notify affected users and report to relevant authorities without delay and in accordance with applicable laws, including Article 34 of the Personal Information Protection Act of the Republic of Korea and, for United States users, the FTC Health Breach Notification Rule and applicable state breach notification laws where applicable.

No method of transmission or storage is completely secure. We cannot guarantee absolute security.

12. Cookies and Automatic Collection

The Website may use cookies or similar technologies.

  1. Essential cookies. We may use cookies necessary for login, security, session management, language settings, or Service operation.
  2. Analytics or non-essential cookies. We will use non-essential analytics or marketing cookies only where disclosed and, where required, consented to.
  3. No advertising tracking. We do not use cookies for cross-site advertising tracking.
  4. Managing cookies. You may refuse or delete cookies through browser settings. Refusing essential cookies may limit Website functionality.
  5. Mobile App. The App does not use browser cookies, but may use mobile identifiers, secure storage, tokens, or similar technical mechanisms necessary for login, security, preferences, and notifications.
  6. Do Not Track and opt-out preference signals. Because we do not track users across third-party websites or apps over time, do not sell or share personal information for cross-context behavioral advertising, and do not serve targeted advertising, our Service does not respond differently to browser "Do Not Track" signals — all users already receive the same no-tracking treatment. If we ever engage in activity for which a universal opt-out preference signal such as Global Privacy Control applies under law, we will honor such signals as required.

13. Push Notifications

We may send push notifications for Service-related purposes, such as report readiness, reminders, account notices, security notices, subscription notices, and important Service announcements.

  1. Push notifications are sent only after you grant operating-system permission.
  2. You may revoke permission through device settings at any time.
  3. We avoid including sensitive Health Data, Consumer Health Data, or detailed personal insights in push notification content where reasonably practicable.
  4. Push notification delivery may rely on Apple Push Notification service, Firebase Cloud Messaging, Expo, or similar providers.

14. Children's Privacy

The Service is intended for users aged 14 or older.

For United States purposes, the Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. We do not knowingly collect personal information from children under 14 under our Service eligibility policy.

If we determine that an account belongs to a child under 13 for United States purposes, or under 14 under our Service eligibility policy, we will delete the account and associated personal information unless a different action is legally required.

For minors who are 14 or older but are still legal minors, parental or guardian consent may be required for Paid Services or certain processing activities under applicable law.

If a higher minimum age applies under local law or platform policy, the higher age applies.

15. Data Protection Officer

We have designated the following Data Protection Officer (개인정보보호책임자) to protect personal information and handle privacy-related complaints and requests.

You may contact the Data Protection Officer with questions, complaints, requests, or concerns regarding personal information processing. We will respond without undue delay and within the period required by applicable law.

16. Changes to This Policy

We may update this Policy from time to time. When updated, we will provide notice through one or more of the following methods:

  1. in-app notice or pop-up;
  2. posting on the Website at arteev.co/privacy-en;
  3. email notice to the registered email address;
  4. other reasonable method permitted by law.

For material changes that are unfavorable to users or materially affect personal information processing, we will provide at least 30 days' prior notice and obtain consent where required by law.

If you do not agree to an updated Policy, you may stop using the Service and request account deletion. Previous versions of this Policy will be made available in a policy archive where practicable.

17. Company Information and Contact

For questions, complaints, or requests regarding this Policy or personal information processing, please contact us:

Appendix. How to File a Complaint

You may apply for dispute resolution or counseling with the following authorities.

Republic of Korea

United States

Other launch markets

Arteev Labs Inc.
Republic of Korea
arteev.co

Effective Date: June 12, 2026

© Arteev Labs Inc. All rights reserved.