OnTheFandom Privacy Policy

Effective Date: June 12, 2026

This Privacy Policy describes how Taeja Co., Ltd. ("Taeja," "we," "us," or "our"), a company incorporated in the Republic of Korea, collects, uses, discloses, and protects your personal information when you use the OnTheFandom mobile application and related services (the "Service").

OnTheFandom lets you have real-time voice conversations with AI-powered virtual characters. Because conversations — including your voice — are at the heart of the Service, we want to be especially clear about how that data is handled.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Service.

Contact (Data Controller): Taeja Co., Ltd. 1518, West Wing, 322 Teheran-ro, Gangnam-gu, Seoul, Republic of Korea Email: admin@aitaeja.com

1. Information We Collect

1.1 Information You Provide

  • Account Information. When you sign in with Apple or Google, we receive your email address and, where provided, your name, through Firebase Authentication. We do not receive or store your Apple or Google password.
  • Profile Information. Your nickname, profile image, and favorite character, if you set them.
  • Conversation Data. When you talk with an AI character, we collect and store:
    • your voice audio during calls;
    • transcripts of what you said (generated by speech-to-text);
    • the AI character's responses (text and audio);
    • automatically generated conversation summaries and memory records that allow the character to remember your past conversations.
  • Consent Records. Your agreement choices (age confirmation, terms, privacy, marketing notifications, and AI-training data use) and when you made or changed them.
  • Customer Support. Information you provide when you contact us.

1.2 Information Collected Automatically

  • Device Information. Device model, operating system and version, app version, language/locale, and time zone.
  • Identifiers. An internal user ID, device identifiers, and push notification tokens.
  • Usage Data. Features used, screens viewed, call duration and frequency, and similar interaction data (collected via Firebase Analytics).
  • Diagnostics. Crash logs and performance data (collected via Firebase Crashlytics).

1.3 Information from Other Sources

  • Sign-In Providers. Apple and Google provide us with basic account information when you use their sign-in services, as described above.

We do not knowingly collect government identifiers, precise location, financial information, health information, or contact lists.

2. Voice Data

Voice is central to the Service, so we handle it as follows:

  • Recording. Your microphone is active only during a voice call that you start. Audio captured during a call is streamed to our servers to power the conversation.
  • Processing. Your audio is (a) transcribed to text by a speech-to-text provider, (b) analyzed for emotional tone so the character can respond appropriately, and (c) used to generate the character's spoken reply.
  • Storage. Call audio and transcripts are stored on our servers (hosted on Amazon Web Services) as part of your conversation history.
  • No voice identification. We do not use your voice to identify you, create a voiceprint, or perform any biometric identification.
  • Deletion. Your conversation data, including voice recordings, is deleted when you delete your account (see Section 9).

3. How We Use Your Information

We use your information to:

  1. Provide the Service — operate real-time voice conversations, generate character responses, and maintain your account;
  2. Personalize your experience — enable characters to remember your previous conversations and preferences so the relationship deepens over time;
  3. Improve and train our AI — as described in Section 4 below;
  4. Ensure safety — detect, prevent, and respond to abuse, harmful content, fraud, security incidents, and violations of our Terms of Service;
  5. Analyze and improve the Service — understand how the Service is used and fix bugs and crashes;
  6. Communicate with you — send service notifications (such as push notifications you have enabled) and respond to your inquiries;
  7. Comply with law — meet our legal obligations and enforce our legal rights.

We do not use your information for third-party advertising, and we do not sell your personal information.

4. Use of Conversations to Improve and Train AI

We use your conversation data — including voice audio, voice transcripts, and related interaction data — to research, develop, train, evaluate, and improve the AI models and systems that power the Service, unless you turn off the "AI 학습을 위한 데이터 활용" (Data Use for AI Training) setting in the app. This setting is on by default. These purposes include:

  • the conversational and character models that generate responses;
  • speech recognition, speech synthesis, and emotion-understanding systems;
  • memory and retrieval systems that allow characters to remember conversations; and
  • safety systems that detect and prevent harmful or inappropriate content.

When we use conversation data for these purposes, we apply the following safeguards:

  • De-identification. Where feasible, we remove or pseudonymize direct identifiers (such as your name and email address) before conversation data is used for AI improvement.
  • Internal use only. This data is used to improve Taeja's own models and systems. We do not provide your conversations to third parties for them to train their own AI models.
  • Never for advertising. We will never use or disclose the content of your conversations for marketing or advertising purposes.
  • Access controls. Access to conversation data is restricted to personnel and systems that need it for the purposes described in this Policy.

Regardless of this setting, we may use conversation data in de-identified or aggregated form to improve the safety and quality of the Service, and as necessary to operate the safety systems described in Section 3.

Your choice. You can turn the use of your conversations for AI training on or off at any time in the app (MY → AI 학습을 위한 데이터 활용), or by contacting us at admin@aitaeja.com. Turning it off stops your data from being included in future training; it does not affect data processing that is necessary to provide the Service itself (for example, transcribing your voice so the character can respond). If you delete your account, your conversation data is deleted as described in Section 7 and is not used for any future AI training. Please note that AI models trained before your opt-out or deletion are not retrained: they do not store your conversations, but improvements already learned cannot be reversed.

5. How We Disclose Information

We do not sell or rent your personal information. We disclose it only as follows:

5.1 Service Providers (Processors)

We share data with service providers that process it on our behalf, under contracts that restrict their use of your data to providing services to us. These include:

Provider Purpose Data Involved
OpenAI (USA) Generating AI character responses; conversation memory and summarization Conversation text/transcripts, conversation context
Soniox (USA) Speech-to-text transcription Voice audio during calls
ElevenLabs (USA) Text-to-speech (the character's voice) Character response text
Hume AI (USA) Emotional tone analysis Voice audio during calls
Google / Firebase (USA) Authentication, push notifications, analytics, crash reporting Account info, identifiers, usage and diagnostic data
Amazon Web Services (cloud hosting) Server infrastructure and data storage All Service data

These providers act as our processors. We do not allow them to use your personal data to train their own AI models or for any purpose other than providing services to us, and we maintain our contracts and account settings with these providers accordingly.

5.2 Legal and Safety

We may disclose information if we believe in good faith that it is reasonably necessary to (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our Terms of Service; (c) detect or prevent fraud, abuse, or security issues; or (d) protect the rights, property, or safety of Taeja, our users, or the public.

5.3 Business Transfers

If Taeja is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or in the use of your personal information.

6. Legal Bases for Processing (EEA, UK, and Similar Jurisdictions)

Where the GDPR or similar laws apply, we process your personal data on the following legal bases:

  • Performance of a contract — providing the Service you request, including operating voice conversations and account management (Section 3, items 1, 2, and 6);
  • Legitimate interests — improving and training our AI systems (Section 4 — subject to the in-app opt-out and your right to object), ensuring safety and security, and analyzing Service usage, balanced against your rights;
  • Consent — for optional processing such as marketing notifications, and, where required by law, for the transmission of your personal data to the third-party AI providers identified in Section 5.1; you may withdraw consent at any time;
  • Legal obligation — where processing is necessary to comply with applicable law.

7. Data Retention

  • Account information is retained while your account is active.
  • Conversation data (messages, voice recordings, transcripts, summaries, memory records) is retained while your account is active so that characters can remember your conversations.
  • Account deletion. When you delete your account, we delete or de-identify your personal information, including conversation data and voice recordings, within 30 days, except where retention is required by applicable law (for example, Korean e-commerce and communications record-keeping requirements) or to resolve disputes or enforce our agreements. Residual copies in encrypted backups are purged on a rolling basis within 90 days.
  • Diagnostics and analytics data is retained for the period configured in Firebase (typically up to 14 months for analytics).

8. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you;
  • Correct inaccurate personal information;
  • Delete your personal information;
  • Receive a portable copy of your personal information;
  • Object to or restrict certain processing, including processing based on legitimate interests (such as AI training — see the opt-out in Section 4);
  • Withdraw consent at any time, without affecting prior processing;
  • Complain to your local data protection authority.

To exercise any of these rights, contact us at admin@aitaeja.com. We will verify your request and respond within the timeframe required by applicable law. We will not discriminate against you for exercising your rights.

In-app controls:

  • AI training — turn the use of your conversations for AI training on or off (MY → AI 학습을 위한 데이터 활용; see Section 4);
  • Marketing notifications — turn on or off in the app (MY → 마케팅 알림);
  • Push notifications — can also be disabled in your device settings at any time.

9. Account and Data Deletion

You can delete your account directly in the app: MY → 탈퇴하기 (Delete Account). You may also request deletion by emailing admin@aitaeja.com. Deletion follows the schedule in Section 7.

10. Security

We use administrative, technical, and physical safeguards designed to protect your information, including encryption in transit (TLS), server-side encryption provided by our cloud infrastructure providers, and access controls. No system is perfectly secure; if we become aware of a data breach affecting your personal information, we will notify you and the relevant authorities as required by applicable law.

11. International Data Transfers

Taeja is located in the Republic of Korea, and our service providers (Section 5.1) process data in the United States and other countries. This means your personal information may be transferred to, stored, and processed in countries other than your own, which may have different data protection laws.

Where required, we use appropriate safeguards for such transfers, including the European Commission's Standard Contractual Clauses for transfers of EEA/UK personal data, and equivalent mechanisms under other laws.

For users in the Republic of Korea: in accordance with the Personal Information Protection Act (PIPA), the overseas transfer of your personal information is described above — recipients (Section 5.1 table), countries, items transferred, purposes, and retention periods (Section 7). If we publish a Korean-language 개인정보 처리방침, it will contain the statutory disclosure in full and will prevail for users in Korea.

12. Children's Privacy

The Service is not directed to children under 14 (or under 16 in the European Economic Area and the United Kingdom, or such higher minimum age as applies in your jurisdiction). We do not knowingly collect personal information from children below these ages. If you believe a child has provided us with personal information, please contact us at admin@aitaeja.com and we will delete it.

13. Regional Disclosures

13.1 California (CCPA/CPRA)

In the preceding 12 months, we have collected the categories of personal information described in Section 1 (identifiers; audio and other user content; internet activity/usage data; inferences for personalization) from the sources described there, for the purposes in Sections 3–4, and disclosed them to the service providers in Section 5.1.

We do not sell personal information, and we do not "share" personal information for cross-context behavioral advertising. We use audio recordings (which may be considered sensitive personal information) only to provide the Service and for the purposes described in this Policy, not to infer characteristics beyond what the Service requires. California residents have the rights to know, delete, correct, and non-discrimination described in Section 8, exercisable via admin@aitaeja.com.

13.2 Republic of Korea (PIPA)

Where we publish a Korean-language 개인정보 처리방침 (in the app or on our website), it is the authoritative version for users in Korea and includes the disclosures required by PIPA, including the designation of our Chief Privacy Officer (개인정보 보호책임자), the distinction between third-party provision and processing outsourcing (처리위탁), and destruction (파기) procedures.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes — in particular, changes to how we use conversation data for AI training — we will notify you through the app or by other reasonable means before the changes take effect. The "Effective Date" above indicates when this Policy was last revised.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information:

Taeja Co., Ltd. 1518, West Wing, 322 Teheran-ro, Gangnam-gu, Seoul, Republic of Korea Email: admin@aitaeja.com