Traw Privacy Policy

Providing Traw (the "Service"), Dropthebit (the "Company") considers the protection of the user's personal data very important and in order to comply with relevant laws, such as the "Act on Promotion of Information and Communications Network Utilization and Information Protection," and the "Personal Data Protection Act," the Privacy policy (hereinafter "the policy") is enacted and complied with.

This privacy policy can be revised due to changes in related laws and guidelines or changes in the company's internal operation policy. Having any inquiries regarding the current policy, you can provide feedback through the customer inquiry channel on our service's website or the company's website.

1. Items of personal data collected and purposes of use

  1. The company collects the following minimum amount of personal data in order to provide the service.
  1. The company aims to verify the user's willingness to sign up for a membership, verify identity, personal identification, limit the number of subscriptions, confirm the consent of the legal representative when collecting personal information for children under the age of 14, verify the legal representative's identity later, confirm the intention to withdraw from the membership, etc. When signing up for a membership, the company collects and processes your name, email address, and password.
  1. The company collects Client IDs for user analysis and service improvement purposes. Client IDs are anonymous IDs used to identify devices in which programs installed cannot be used for personal identification purposes.
  1. For the purpose of service consultation to provide better services, the company collects the minimum amount of personal data, such as e-mail address, to identify and reply to customer inquiries. Customers can also send error data that occurred during the use of the service to the company for a more accurate error diagnosis. This is not a mandatory collection and the company does not use the personal data for any purposes other than those specified below.
  1. To provide speech analytics service, the company collects audio information files only from those who wish to use the service. In this case, the audio file may contain unstructured personal data that can identify a specific individual. The company processes the information only for speech analytics and caption file creation purposes applied by the user. The information is deleted within 24 hours of completion of speech analytics and caption file creation.
  1. The company collects payment information (credit card information, personal identification information) only from those who wish to make a payment for the paid services. The collection and processing of payment information are carried out by the payment agency, and the company does not store any specific information about the user's payment method.
  1. In addition, during the user's use of the service or business processing, the company can collect automatically generated information such as use of service records, OS types and versions, connection logs, advertisement identification information, and terminal information, also, the company can use this formation for user analysis and service improvement purposes.

2. Methods of collection of personal data

The company collects personal data specified in Article 1 of this policy in the following ways to provide a smooth delivery of the service.

  • Collection upon members signing up and entering the data directly through the membership page in the mobile application or desktop program
  • Collection during installation and use of the service. Collection by generated information collection tools (including cookies).
  • Collection through voluntary provision by members during use, etc.

3. Retention and use period of personal data

  1. The company basically destroys the personal data of the users without delay after the purposes of use and collection are achieved. However, if preservation of the contents is necessary under the relevant laws, such as the "Protection of Communications Secrets Act," these will be preserved during that period. In this case, the company uses this information for preservation purposes only.
  1. Notwithstanding paragraph 1, if there is a need to preserve it in accordance with relevant laws such as the 「Communication Secret Protection Act」, it will be preserved for that period. In this case, the company uses the information it keeps for the purpose of storage only.
  1. personal data history processed to comply with the obligations provided in other laws can be kept for the period of time to prove its responsibility.

4. Consignment of personal data processing

In order to improve services, the company consigns the members' personal data to external businesses after obtaining the consent of the users in accordance with the relevant laws or after disclosing or notifying the relevant subject. The company enters into a consignment contract with a document containing the contents of each subparagraph of Article 26 (1) of the Personal Information Protection Act and supervises the consignee to ensure that personal information is processed safely. Current information regarding the consignee and their tasks are as follows.

Consignment of personal data processing

Google LLC

Account System, User analysis, Speech analysis, Caption Extraction, Caption Translation

Google LLC

Youtube API - Import video titles, Extract thumbnails, Embed Youtube videos

Amazon Web Services, Inc.

Personal Information processing system, Speech analysis, Caption extraction, Managing original video and project related files for sharing link creation and operation

Channel Corporation

Use of CS management system

Korea Portone Inc.



Text generation and summarization based on provided information

Traw does not provide personal information to overseas business operators. However, for the fulfillment of contracts related to the provision of information and communication services and user convenience, the company entrusts personal information processing tasks to overseas entities as follows:


Transfer purpose

Contact Information

Time and Method

Information retention and usage period

Google LLC (USA)

Use of account system, etc.

Transfer of personal information electronically at the time of collection

Until account withdrawal, service termination, or termination of the outsourcing contract

Amazon Web Services, Inc. (USA)

Use of personal information processing system, etc.

Transfer of personal information electronically at the time of collection

Until account withdrawal, service termination, or termination of the outsourcing contract

PayPal (USA)

Overseas payment

Transfer of personal information electronically at the time of collection

Until account withdrawal, service termination, or termination of the outsourcing contract

OpenAI (USA)

Text generation and summarization

Transfer of personal information electronically at the time of collection

Until account withdrawal, service termination, or termination of the outsourcing contract

  1. Personal information, generated installation information, non-personally identifiable information, and statistical information collected with the user's consent according to the use of the service is sent, processed, and stored by Google LLC's program like Google Cloud Platform and Firebase, Amazon Web Services, Inc.' s Amazon Web Services (AWS).
  1. Google Analytics (GA), used for service analysis and statistics, collects, analyzes, and stores personal data, generated installation information, personally unidentifiable information and statistical information collected with the user's consent.
  1. To respond to user inquiries, we explicitly collect and store the user's contact information (email address or phone number) through Channel Corp. This allows us to quickly notify users when an operator provides a response.
  1. To provide speech analysis and caption extraction feature, STT API provided by Google LLC, Amazon Web Services, Inc. is used.
  1. To provide payment functionality for paid services, we use the payment system provided by Korea PortOne, NHN KCP, Paymentwall, Paypal.
  1. To provide text generation functionality, we use the ChatGPT API provided by OpenAI.
  1. To provide embedded Youtube player for the requested video from users, we use Youtube API provided by Google LLC.

5. Provision of personal data to a third party

  1. The company uses the user's personal data within the scope as notified by Article 1 and does not use it beyond that scope or provide to other companies or organizations. However, exceptions are made in the following cases.
    1. In case the investigation agencies request the provision of personal data according to the procedure and method prescribed by the relevant law for investigation purposes
    1. In case it is provided to advertisers, business partners or research groups, in a form that an individual cannot be identified, for statistical purposes, academic research or market research
    1. In case there is a request in accordance with the provisions of other relevant laws
  1. Besides, in the event that personal data is required to be provided to a third party, it can be provided to the third party with the user's consent by notifying the purpose of collection and use, collected items, and retention period.

6. Process and method of destruction of personal data

The company basically destroys the information immediately after the purpose of collecting and using personal data is achieved. Specific destruction procedures and methods are as follows.

  1. Procedure of destruction

    Personal data collected by the company shall be preserved for the period specified in this Agreement and other related laws and destroyed after the purpose of the collection has been achieved. Such personal data will not be used for purposes other than the agreed retention purpose unless it is provided by law.

  1. Methods of destruction
    1. personal data printed on paper is shredded with a shredder or destroyed through incineration.
    1. personal data stored in electronic file format is deleted by a technical method that does not allow reproduction of the same.

7. Rights and obligations of the user

  1. A user (if younger than 14 years of then his or her legal representative) shall have the right to access or request a modification of his/her registered personal data at any time and may withdraw consent to the use of his/her personal data notifying to the company. However, the email address of the member entered at the time of registration cannot be modified.
  1. The user has a duty to protect the user's personal data and not to infringe that of others. Please be careful not to leak personal data, such as e-mail address, and not to infringe others personal data.
  1. The user shall always keep his/her personal data up to date and is also responsible for any problems caused by entering any incorrect information.

8. Protection of personal data for overseas users

The company's service is provided and operated in accordance with the Korean statutes and this personal data processing policy is based on the personal data processing policy written in Korean which is the original copy. This policy may be translated into English and Japanese, and if there is any contradiction between the translated version and the Korean version, the Korean version will take precedence. The company complies with the personal data protection regulations applicable to the user's jurisdiction and the laws of each country.

9. Operation of automatic collecting device for personal data and Rights of option

  1. The company operates cookies on the service website. Cookies identify your browser and are used to provide useful and convenient services, such as usage patterns analysis, to the user.
  1. The user has the right of option regarding the installation and use cookies. Through options settings in the web browser, the user can permit saving all cookies, each time verifies whether cookies are saved, or refuse the storage of all cookies. Refusal to the storage of cookies may restrict the use of some services.
  1. Google Analytics
    1. The Company aims to provide better service to its customers. Google, Inc. Improve and personalize services and products by analyzing and evaluating how customers use the company's services and understanding customer needs using Google Analytics (hereinafter referred to as "GA"), a web analytics service provided by (Google). To provide efficient services.
    1. GA analyzes the user's service usage method using'cookies', which are text files stored on mobile or desktop devices. The use of GA can be denied through the setting of the web browser or program.
    1. In order to analyze cookie information, Google transmits 'cookie' information without personal identification possibility to Google servers in the United States. For more information about Google's processing of information, please visit

10. Technical/Administrative protection measures for personal data

The company has prepared the following technical/Administrative measures to ensure that personal data is not lost, stolen, leaked, tampered with or damaged while processing it.

  1. Technical protection
    1. To prevent leakage or damage to the users' personal data by hacking or computer viruses, the company enables secure transmission of personal data on the network through encrypted communication.
    1. The firewall prevents unauthorized access from outside and all possible technical devices are installed to ensure systematic security.
    1. The company double stores the information of the members collected at the time of signing up in the database of AWS and Firebase.
  1. Administrative protection
    1. The company designates management of personal data only to those in charge, and through frequent education, the company always emphasizes compliance with the personal data protection policy.
    1. To immediately solve any problems detected, implementation of the policy and compliance of the person in charge is checked through the company's personal data protection organization.
    1. The company will not take responsibility for problems related to personal data caused by any mistakes of an individual or third parties without reasons attributable to the company.
  1. Chief Privacy Officer

    The company does its best to provide the best service by using personal data safely. However, the company is not liable for damage to information due to unexpected accidents caused by hacking or other basic risks in networking, despite the company has taken technical complementary measures, and does not take responsibilities for disputes caused by users and third-party postings.

    Information about the Chief Privacy Officer is as follows. We are rapidly and fully responding to inquiries regarding personal data.

Chief Privacy Officer

Name: Kyumin Shim

Company / Position: Dropthebit Inc. / CEO


If you need to report or consult for infringement of personal data, please contact the following organizations.

  • KISA ( without area code 118)
  • Internet Crime Investigation Center in the Supreme Prosecutors' Office ( without area code 1301)
  • Korean National Police Agency Cyber Bureau ( without area code 182)