Riel (operated at aicoreutility.com, the “Service”) is a personal AI assistant operated by an individual developer, Junhee Park (the “Operator”). This Privacy Policy explains what personal data the Service collects, why we collect it, and the rights you have under the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
1. Data we collect
When you sign in with Google, we receive and store:
- Your email address and display name (from Google OAuth)
- Your Google profile image URL (not the image itself)
When you use the Service, we additionally store:
- Conversation messages you send and AI responses returned to you
- Images you upload (encrypted at rest in Google Cloud Storage)
- Usage metadata: timestamps, token counts, billing-related counters
- Voluntary onboarding answers used to personalize responses
For anonymous visitors we record only:
- Page path, referrer, truncated IP address (last octet zeroed), and user-agent
2. Legal basis (GDPR Art. 6)
- Contract — to deliver the chat / voice / image features you request
- Legitimate interest — to keep the Service running, prevent abuse, and analyze aggregate traffic
- Consent — for optional cookies (advertising), withdrawable at any time
3. How your data is used
- Sending the necessary prompt and context to Google's Gemini API to generate responses
- Persisting your conversation so you can revisit it
- Tracking credit balance and applying usage limits
- Operational logs for debugging and abuse prevention (retained max 30 days)
We do not sell your personal data, use it for training third-party models, or profile you for marketing.
4. Third-party processors
The Service relies on the following sub-processors:
- Google LLC — OAuth, Gemini API, Cloud Storage, Cloud SQL (region: Seoul)
- Google AdSense — advertising on selected pages (anonymous cookies)
Each processor handles your data under its own privacy terms. Data may transit through servers outside your country (notably the United States) under Google's standard contractual clauses.
5. Cookies
- Essential — NextAuth session cookie (required to stay signed in)
- Analytics — server-side page-view counting (no client cookies)
- Advertising — Google AdSense (only on public article pages)
6. Data retention
- Account + conversations: kept until you request deletion
- Original uploaded images: deleted automatically after 7 days (compressed copies kept while account active)
- Server logs: 30 days
- Anonymous traffic logs: 90 days
7. Your rights
Under GDPR you may exercise the following rights at any time:
- Access — request a copy of your data
- Rectification — correct inaccurate data
- Erasure (“right to be forgotten”) — delete your account and all conversations
- Restriction — pause processing while a complaint is being resolved
- Portability — receive your data in a machine-readable format
- Objection — opt out of advertising cookies
- Withdraw consent — without affecting prior lawful processing
California residents may exercise equivalent rights under CCPA, including the right to know, the right to delete, and the right not to be discriminated against for exercising these rights.
To exercise any right, email junhee6721@gmail.com from the address registered to your account. We respond within 30 days.
8. Children
The Service is not directed to children under 16. If you become aware that a child has provided us with personal data, please contact us so we can delete it.
9. Security
Data is encrypted in transit (HTTPS) and at rest. Access to production systems is limited to the Operator. We are not certified to any specific security framework (e.g., SOC 2) — if your use case requires that, the Service may not be appropriate.
10. Changes
Material changes to this policy will be notified on this page with an updated “Last updated” date. Continued use after notification constitutes acceptance.
11. Contact
Operator: Junhee Park — junhee6721@gmail.com
EU residents may also lodge a complaint with their local supervisory authority if they believe their rights have been violated.