LeeonIPL Corp. (the "Company") establishes and discloses this Privacy Policy in accordance with applicable laws to protect the personal information of users of the FindIP service (the "Service") and to handle related concerns promptly and smoothly.
1. Categories of Personal Information Collected
The Company collects the following personal information to provide the Service.
- Required: email address, password
- Optional: name
- Automatically collected: IP address, cookies, service usage records (API call counts and aggregate metadata). The content of search queries themselves is not stored.
- At payment (paid subscribers): card brand, last 4 digits, expiry month/year (the full card number, CVC, and card password are entered and transmitted directly through the Paddle.com Market Limited ("Paddle") checkout and are not stored on Company servers)
- When registering business information (optional): business name, business registration number, representative name, business address, industry/category, tax invoice email address
2. Purpose of Collection and Use
- Member registration and management: identity verification, prevention of fraudulent use
- Service delivery: API key issuance, usage management, customer support
- Payment processing, settlement, and automatic recurring charges
- Payment-related notifications such as failures and renewals (cannot be opted out of under applicable law)
- Service improvement and statistical analysis
- Delivery of announcements and service-related notices
3. Retention and Use Period
Personal information is destroyed immediately upon account withdrawal. However, the following items are retained pursuant to applicable laws.
- Records on contracts or withdrawal of subscription: 5 years (applicable law)
- Records on payment and supply of goods: 5 years (applicable law)
- Electronic tax invoice records: 5 years (applicable accounting and tax law)
- Business information (name, registration number, etc.): 5 years after the end of the transaction
- Records on consumer complaints or dispute resolution: 3 years
- Access logs: 3 months
4. Provision to Third Parties
The Company does not, in principle, provide users' personal information to outside parties. The following are exceptions.
- When the user has given prior consent
- When required by law, or when an investigative agency requests it for the purpose of an investigation in accordance with the procedures and methods prescribed by law
5. Outsourcing of Personal Information Processing
The Company outsources the processing of personal information as follows to improve the Service.
- Payment and seller of record (Merchant of Record): depending on the buyer's region, one of Paddle.com Inc. (United States) / Paddle.com (Canada) Ltd. (Canada) / Paddle.com Market Limited (all other regions) handles global card payments, recurring billing, tax (VAT/sales tax) reporting, and refunds on behalf of the Company (collectively, "Paddle").
- Receipts: the invoice issued by Paddle at the time of payment serves in place of a receipt.
- Email delivery: Resend — transactional emails such as payment notifications and renewal alerts
- Authentication: Google Firebase Auth — member authentication
- Data storage: Google Firestore — storage of member, subscription, and payment information
- Hosting: Google Cloud Platform / Firebase App Hosting — service operation
- Operational alerts: Telegram — Enterprise inquiry intake and payment-anomaly alerts (internal operator channel)
Recipients may not use personal information for any purpose other than the entrusted task, and the Company periodically reviews their compliance with personal-information protection measures.
6. International Transfer of Personal Information
The Company transfers personal information internationally to operate the Service as follows. Users have the right not to consent to such transfers, but withholding consent may restrict the use of core service features such as payment, login, and email notifications.
| Transferee (Contact) | Country | Items Transferred | Purpose | Retention |
|---|---|---|---|---|
| Paddle (by region of residence: Paddle.com Inc. (United States) / Paddle.com (Canada) Ltd. (Canada) / Paddle.com Market Limited (all other regions)) (privacy@paddle.com) | United States · Canada · United Kingdom | email, payment method (card brand, last 4 digits, expiry), billing country, IP | Global card payments, recurring billing, tax reporting, refund processing (Merchant of Record) | 7 years after end of transaction (Paddle retention policy) |
| Resend, Inc. (security@resend.com) | USA | email, name, send metadata | Transactional email delivery | Send logs up to 30 days |
| Google LLC (Firebase Auth) (support-kr@google.com) | USA | email, password hash, UID, auth tokens, login IP | Member authentication and session management | Until account withdrawal |
| Google LLC (Firestore) (support-kr@google.com) | USA | member, subscription, payment, usage metadata | Storage of member/subscription/payment data | Until account withdrawal (excluding statutorily retained items) |
| Google LLC (Cloud Platform / Firebase App Hosting) (support-kr@google.com) | USA | access IP, request logs, cookies, user agent | Service hosting, operation, traffic monitoring | Access logs 3 months |
Time and method of transfer: Data is transmitted in real time over an encrypted HTTPS (TLS) channel when the user uses the corresponding feature (registration, login, payment, email delivery).
Safeguards: The Company has executed Standard Contractual Clauses (SCCs) or Data Processing Agreements (DPAs) with each processor and applies in-transit encryption (TLS), access controls, and access-log monitoring.
7. Rights of Users
- Users may at any time access or correct their personal information.
- Users may withdraw consent to the collection and use of personal information by withdrawing their account.
- Inquiries regarding personal information may be directed to our privacy contact (see §10).
8. Rights of Users in the EEA / United Kingdom (GDPR)
If you reside in the European Economic Area or the United Kingdom, you have the following rights with respect to your personal data under the General Data Protection Regulation:
- Right of access — to confirm whether the Company processes your data and to obtain a copy
- Right to rectification — to correct inaccurate or incomplete data
- Right to erasure ("right to be forgotten") — to request deletion in cases provided by law
- Right to restriction of processing — to limit how your data is used in specific circumstances
- Right to data portability — to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller
- Right to object — to object to processing based on legitimate interests, including profiling
- Right to withdraw consent — at any time, without affecting the lawfulness of processing prior to withdrawal
- Right to lodge a complaint with a supervisory authority
To exercise any of these rights, contact our privacy contact (see §10). The Company will respond within one (1) month, extendable by two further months for complex requests.
9. Rights of Users in California (CCPA / CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
- Right to know what personal information the Company collects, uses, discloses, and sells
- Right to delete personal information the Company has collected, subject to legal exceptions
- Right to correct inaccurate personal information
- Right to opt out of sale or sharing — the Company does not sell or share personal information for cross-context behavioral advertising. There is therefore nothing to opt out of, but you may submit such a request and we will confirm.
- Right to limit use of sensitive personal information
- Right to non-discrimination for exercising any of these rights
To exercise these rights, contact our privacy contact (see §10).
10. Privacy Contact
For any questions or requests regarding the processing of your personal data, please contact:
- Email: contact@findip.ai
11. Destruction of Personal Information
- Personal information whose retention period has expired or whose processing purpose has been achieved is destroyed without delay.
- Information in electronic-file form is permanently deleted in a manner that cannot be recovered.
12. Use of Cookies
The Company uses cookies for authentication-session management. Users may refuse cookie storage through their browser settings, although doing so may restrict service usage.
This Privacy Policy takes effect on May 9, 2026.
(Revision history: first effective on July 8, 2025 · payment-related items added on April 13, 2026 · Telegram operational-alert outsourcing added on April 25, 2026 · payment processor changed and international-transfer items added following the introduction of Paddle payment processing on May 9, 2026)