Privacy Policy
Effective date: 2026-06-20
1. General
HAZE PARK (the "Company") complies with the Personal Information Protection Act of Korea and related laws in operating ATLAS (the "Service"), and processes personal information under this policy.
2. Items Collected, Purposes, and Retention
| Items | Method | Purpose | Retention |
|---|---|---|---|
| Email address, authentication identifier | At sign-up (via the contracted authentication provider, Clerk) | Member identification, login, account management, required notices | Until account deletion (or the statutory retention period where applicable) |
| User content (manuscripts, images, book settings) | Created/uploaded by the user during use | Providing the Service: writing, typesetting, preview, PDF generation | Until account deletion or deletion request |
The Company collects no personal information beyond the above, and does not collect personal information of children under 14 (who may not register).
3. Processing Delegation and Overseas Transfer
The Company delegates processing as follows; the processors are located abroad, so personal information is transferred overseas. Users may refuse the transfer, in which case the Service cannot be provided.
| Processor | Country | Items | Timing/Method | Purpose | Retention | Contact |
|---|---|---|---|---|---|---|
| Clerk, Inc. | USA | Email, authentication identifier, session data | Network transfer at sign-up/login | Authentication and session management | Until account deletion | privacy@clerk.com |
| Vercel Inc. | USA | Network request data during use | Network transfer on access | Web hosting | Until the hosting purpose is fulfilled | privacy@vercel.com |
| Railway Corp. | USA | User-content processing requests | Network transfer on typesetting/PDF requests | Typesetting API hosting | Until the purpose is fulfilled | team@railway.com |
| Neon, Inc. | USA | Account identifier, user content | Persistent storage during use | Database hosting | Until account deletion | privacy@neon.tech |
4. Provision to Third Parties
The Company does not provide personal information to third parties, except upon lawful requests grounded in statute.
5. Cookies and Browser Storage
The Service uses the following first-party cookies and browser storage, solely to provide functionality. No third-party advertising or tracking cookies are used.
| Type | Item | Purpose | How to clear |
|---|---|---|---|
| Cookies | Clerk session cookies | Keeping you signed in | Clear browser cookies or sign out |
| localStorage | Language preference (atlas.lang), dashboard working-state and legacy-migration keys, telemetry sampling cohort (atlas-idb-telemetry-cohort) | Language persistence, editing continuity, consistent anonymous sampling | Clear site data in your browser |
| sessionStorage | Session nonce (atlas-idb-session-nonce) | Distinguishing same-browser sessions (anonymous; never transmitted) | Cleared automatically when the tab closes |
| IndexedDB | Typesetting artifact byte cache (atlas-artifact-byte-cache / atlas-artifact-bytes) | Preview performance (local cache of typesetting output, keyed by derived hashes) | Entries for an account are removed automatically on sign-out/account switch; or clear site data |
You may refuse or clear this storage in your browser settings; doing so may limit sign-in persistence, language settings, or preview performance.
6. Service Quality Telemetry
The Company operates first-party telemetry to measure preview-cache quality. Only anonymous daily aggregates keyed by date, cache mode, schema version, and sampling rate are retained, with the following technical guarantees:
- Identifying and content fields — userId, projectId, manuscriptId, IP address, User-Agent, locale, manuscript text/content, content hashes (SHAs, drawUsedShas, artifactSha256), cache key hashes (cacheKeyHash), and session nonces (nonce, browserSessionNonce, writtenSessionNonce) — are rejected at BOTH collection seams (web proxy and API validator).
- Raw events are never stored or logged; only daily aggregate rows (UTC day, cache mode, schema version, sampling rate) remain on the server.
- No third-party analytics tools are used.
7. Your Rights and How to Exercise Them
You may at any time request access, correction, deletion, suspension of processing, or withdrawal of consent (account deletion) by contacting support@atlasbind.com. The Company acts without delay within the statutory period. Self-service account deletion is in preparation; until then requests are handled through the contact above. Rights may also be exercised through a legal representative.
8. Destruction of Personal Information
When personal information becomes unnecessary (retention expiry, purpose fulfilled), the Company destroys it without delay: electronic files are permanently deleted irrecoverably; information subject to statutory retention is stored separately and destroyed after the period ends.
9. Security Measures
- Encryption in transit (HTTPS/TLS) and access control
- Authentication/authorization checks restricting access to one's own data
- Database integrity constraints and least-privilege access
- Verification of processors' security certifications (e.g. SOC 2) and contractual safeguards
10. Privacy Officer
- Name
- 박광은 (Matt Park)
- Role/Department
- 대표
- Contact
- support@atlasbind.com
You may direct any privacy inquiries, complaints, or remedy requests arising from use of the Service to the privacy officer.
11. Remedies for Infringement
For reports or counseling regarding privacy infringement, you may contact:
- Personal Information Dispute Mediation Committee: 1833-6972, kopico.go.kr
- Privacy Infringement Report Center (KISA): 118, privacy.kisa.or.kr
- Supreme Prosecutors' Office Cyber Investigation: 1301, spo.go.kr
- National Police Agency Cyber Bureau: 182, ecrm.police.go.kr
12. Notification of Changes
Additions, deletions, or amendments to this policy are announced in the Service at least 7 days before the effective date (30 days for material changes unfavorable to users).
This policy takes effect on 2026-06-20.