Privacy Policy
Pacemakers (the "Service")
1. Personal Information Collected
The Company collects the following personal information to provide the Service: a. Upon registration: Email address, nickname b. Upon calendar integration (with user consent): Calendar events, task lists, and timezone information from Google or Microsoft accounts c. Automatically generated during service use: OAuth authentication tokens (access tokens, refresh tokens), service usage records
2. Purpose of Collection and Use
• Member registration and management • Service provision and operation • Providing AI-powered schedule coaching services (analysis of calendar events and tasks) • Generating personalized coaching responses through AI analysis • Delivery of notices
3. Retention Period
• Until account termination • Immediately destroyed after termination (except when legally required to retain) • Calendar integration data (OAuth tokens, calendar/task information): Immediately deleted upon disconnection or account termination
4. Third-Party Disclosure
The Company does not disclose user personal information to third parties in principle. However, data may be processed in the following cases to provide the AI coaching service: • AI Analysis: Calendar event and task data may be transmitted to the AI service provider (Anthropic) API to generate coaching responses. Such data is used only for real-time processing and is not separately stored by the AI service provider. • Calendar Integration: Data is accessed only within the scope explicitly consented to by the user through Google and Microsoft OAuth authentication.
5. User Rights
• You may request access, correction, deletion, or suspension of processing of your personal information • Calendar Disconnection: You may disconnect calendar integration at any time through the service settings. Upon disconnection, all related data (OAuth tokens, calendar/task information) is immediately deleted. • For Google accounts, you may also directly revoke access permissions through Google Security Settings (https://myaccount.google.com/permissions). • For Microsoft accounts, you may also directly revoke access permissions through Microsoft Account Settings (https://account.live.com/consent/Manage). • Contact: help@holix.com
6. Privacy Officer
Officer: Taeyoung Park Contact: help@holix.com
7. Complaints
• Privacy Infringement Report Center: 118 (Korea) • Supreme Prosecutors' Office: 1301 (Korea) • National Police Agency: 182 (Korea)
8. Google API Services User Data Policy
This Service's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements. • Scope of Access: Read/write access to Google Calendar events and Google Tasks. • Data Use: Used solely for providing the AI-powered schedule coaching service. • Data Storage: OAuth authentication tokens are stored in a Google Cloud-based database protected by encryption in transit (TLS) and at rest. Calendar event data is retrieved in real-time during coaching analysis and is not separately stored. • Data Sharing: Transmitted to the AI service provider (Anthropic Claude) for generating coaching responses. Such data is used only for real-time processing and is not used to train or improve any AI model. Not shared with any other third parties. • No Sale of Data: The Company does not sell Google user data to third parties under any circumstances, and does not use or transfer it for any purpose other than providing or improving the Service (e.g., advertising). • Revoking Access: Users may revoke access at any time through the service settings or Google Security Settings.
9. Microsoft Graph API Data
When a Microsoft account is connected, this Service accesses data only within the scope explicitly consented to by the user through the Microsoft Graph API. • Scope of Access: Read/write access to Microsoft Outlook calendar events (Calendars.ReadWrite), read/write access to Microsoft To Do tasks (Tasks.ReadWrite), and issuance of a refresh token for offline access (offline_access). • Data Use: Used solely for providing the AI-powered schedule coaching service. • Data Storage: OAuth authentication tokens are stored in a Google Cloud-based database protected by encryption in transit (TLS) and at rest. Calendar event data is retrieved in real-time during coaching analysis and is not separately stored. • Data Sharing: Transmitted to the AI service provider (Anthropic Claude) for generating coaching responses. Such data is used only for real-time processing and is not used to train or improve any AI model. The Company does not sell Microsoft user data under any circumstances and does not share it with any other third parties. • Revoking Access: Users may revoke access at any time through the service settings or Microsoft Account Settings (https://account.live.com/consent/Manage).
10. Data Security and Protection Measures
The Company implements the following technical and administrative safeguards to securely protect sensitive user data such as calendar events and tasks: • Encryption in Transit: All data communication between the user's device, the Service's servers, the Google/Microsoft APIs, and the AI service provider is encrypted using TLS (HTTPS). • Encryption at Rest: Data that must be stored, such as OAuth authentication tokens, is stored on Google Cloud Platform infrastructure and is encrypted at rest in accordance with Google Cloud's default policy. • Data Minimization and Purpose Limitation: Data is accessed only to the minimum extent necessary to provide the Service and is not used for any purpose other than the stated coaching purpose. • Access Control: User data is accessible only by the authenticated user and by the internal systems required for coaching processing; unauthorized access is restricted. • Protection During AI Processing: Data transmitted to the AI service provider (Anthropic Claude) for generating coaching responses is used only for real-time processing, is not separately stored by the provider, and is not used to train or improve any AI model. • Minimized Retention and Deletion: Calendar and task data is retrieved and used in real-time during coaching analysis and is not separately stored; OAuth tokens are immediately deleted upon disconnection or account termination.
Effective Date: June 3, 2026 (Last Revised)