Privacy Policy

Newey AI (the “Company”) takes the privacy of its users seriously and complies with applicable laws, including the Personal Information Protection Act. This policy explains what information the Company processes, why, and how.

Effective date: July 10, 2026

1. Overview

This policy applies to Newey AI (newey.ai, the “Service”), the real-time interpretation caption service provided by the Company. The Company collects only the minimum personal data necessary to provide the Service, and does not use the information it collects for any purpose other than those disclosed.

The Service is currently offered as a free beta and does not collect payment information. The Company does not use advertising tools, and its visit and usage analytics tools (Google Analytics, PostHog) operate only where the user has consented (see Section 8).

2. Processing of audio & caption data

Your audio is not stored on or routed through the Company's servers

Your audio is sent directly from your browser to the speech recognition processor, Soniox Inc. (United States). The Company's servers merely issue a temporary authentication key; they do not receive, store, or route your audio data. The real-time transcription and translation stream (live captions) likewise does not pass through the Company's servers. However, where you choose to save an ended session, its summary, transcript, and translation text are retained in your account (see Sections 3 and 5). Private sessions and sessions you do not save are not stored on the servers.

However, if you turn on the Audience sharing feature yourself (off by default), that session's caption text is (1) displayed in real time to audience members (third parties) who hold the share link, and (2) temporarily routed through the Company's servers to deliver it. The servers only relay it from memory without storing the caption text, and it is immediately discarded when you turn sharing off or the session ends. You can turn sharing on and off at any time during a session.

Your display settings are kept only in your browser's storage (localStorage) and never leave your device. Your glossary is stored in your browser as well, and a copy is also mirrored to your account so the browser extension and your other devices can read it — this account copy is stored like other account data (not end-to-end encrypted), is replaced whenever you save, and is deleted together with your account. Session caption records, where you choose to save them, are retained in your account and can be accessed from multiple devices (Sections 3 and 5), with an encrypted copy also kept in the browser for immediate display. Private sessions and sessions you do not save are not retained on the servers.

In addition, portions of the transcript text may be sent to the LLM API of Anthropic PBC (United States) in two cases: (1) only where you have activated the Smart Context (AI suggestions) feature yourself — this feature is disabled by default — and (2) where a session record is saved to your account, a short excerpt of the transcript is sent once to generate an automatic session title. In both cases the text is transmitted transiently for that processing only and is not stored by the Company's servers. Only where the Company has configured a fallback provider instead of Anthropic, the Google Gemini API may be used for the same processing.

3. Personal data we process

The items the Company collects and processes on its servers are as follows.

Personal data we process
CategoryItemsCollection method
Account informationEmail address, name, profile pictureProvided by Google when you sign in with your Google account (OAuth)
Session metadataCaption session start and end times, selected languages, usage time (seconds)Generated automatically in the course of using the Service
Usage recordsPer-account ledger of caption usage time (monthly and daily aggregates)Generated automatically in the course of using the Service
Saved session records (optional)Summary, transcript, and translation text of ended sessions you choose to save, and session titlesOnly where you choose to save a session — private and unsaved sessions are excluded
Glossary (optional)Terms and background context you add to your glossaryMirrored to your account when you save it, so the browser extension and your other devices can read it — stored like other account data (not end-to-end encrypted), replaced on every save, and deleted together with your account
Access logsIP address, browser information (User-Agent)Collected automatically while managing your login session — destroyed together with the session information when the session expires or you log out
Passkey information (optional)Public key, credential identifier, device typeOnly where you register passkey sign-in yourself — passwords and biometric data are not stored
Behavioral information (optional)Cookie and browser-storage identifiers, pages visited and usage history, and, when you are logged in, linkage to an internal user identifier (a pseudonymized ID — not your email or name)Google Analytics and PostHog — only where you consent to analytics tracking (Section 8)

The Company does not collect original audio, payment information, or unique identifiers such as resident registration numbers. Transcription and translation text is not stored on the servers during real-time processing; it is processed only for session records you choose to save (the table above) and for the conditional AI suggestion and Audience sharing features described in Section 2.

4. Purposes of processing

  • Identifying users and maintaining login state (account information, session cookies)
  • Managing free usage limits and preventing abuse (session metadata, usage records)
  • Operating the Service, responding to incidents, and improving quality (statistical use of session metadata)
  • Improving the Service through visit and usage analytics (behavioral information — only where consented)
  • Fulfilling legal obligations and responding to disputes

5. Retention & use periods

  1. When a user requests deletion of their account or the service agreement is terminated, the Company destroys the personal data it has collected without delay. You can request account deletion at newey.ai@gmail.com (an in-service self-service deletion feature is in preparation).
  2. However, information that the Company is required to retain under applicable law is kept for the period prescribed by that law (for example, communication log records for 3 months under the Protection of Communications Secrets Act, and records of contracts and withdrawal of subscription for 5 years under the Act on Consumer Protection in Electronic Commerce, etc. — applicable if the Service becomes paid).
  3. Data stored only in your browser (display settings and the local cache of session records) is not held by the Company and can be deleted by you directly in your browser. The glossary's account copy (Section 3) is replaced whenever you save and is destroyed together with your account.
  4. Session records you choose to save are retained in your account, and you can delete them individually or all at once, or export them, within the Service. When you delete your account, the saved session records are also destroyed together without delay.

6. Processing entrustment & third-party disclosure

To provide the Service, the Company entrusts the processing of personal data as follows. The Company manages and supervises its processors through contracts and other means so that they do not process personal data for any purpose beyond their assigned tasks.

Processing entrustment overview
ProcessorEntrusted taskItems processedNotes
Soniox Inc. (United States)Real-time speech recognition and translationAudio data (sent directly from the browser, not routed through the Company's servers)Processed per session on a temporary-key basis
Google LLC (United States)OAuth account authenticationEmail, name, profile pictureWhen you sign in with your Google account
Railway Corp. (United States)Server and database hostingAll server-collected items in Section 3Hosting infrastructure
Anthropic PBC (United States) — LLM API (Claude)Generating AI context suggestions and automatic session titlesPortions of transcript textContext suggestions only where you turn on the Smart Context feature (disabled by default); session titles only for session records saved to your account
Google LLC (United States) — Gemini APIFallback provider for the same AI featuresPortions of transcript textOnly where the Company has configured Gemini as a fallback instead of Anthropic
Google LLC (United States) — Google AnalyticsVisit analyticsCookie identifiers, pages visited and usage historyOnly where you consent to analytics cookies (Section 8)
PostHog Inc. (United States) — EU (Germany) regionProduct usage analyticsBrowser-storage identifiers, pages visited and usage history, internal user identifier (pseudonymized ID)Only where you consent to analytics tracking (Section 8) — data is stored on EU (Frankfurt) servers

Apart from the entrustment described above, the Company does not provide personal data to third parties and does not sell personal data. Lawful requests from investigative or other authorities based on applicable law are an exception.

7. Cross-border transfer of personal data

To provide the Service, personal data is transferred abroad as set out below. If you do not wish for your personal data to be transferred abroad, you may stop using the Service and request account deletion; however, in that case the Service cannot be provided.

Cross-border transfer overview
RecipientCountryItems transferredPurpose & method of transferRetention period
Soniox Inc.United StatesAudio dataReal-time speech recognition and translation — sent directly from the browser over the network during a sessionUntil the purpose of session processing is fulfilled
Google LLCUnited StatesEmail, name, profile pictureAccount authentication (OAuth) — transmitted over the network at sign-inIn accordance with Google account policy
Railway Corp.United StatesAccount information, session metadata, usage records, saved session records (summary, transcript, translation text — where you choose to save them)Server and database hosting — stored persistently during the operation of the ServiceUntil account deletion
Anthropic PBC (LLM API, Claude)United StatesPortions of transcript text (only when the AI features in Section 2 are used)Generating AI context suggestions and automatic session titles — transmitted over the network when the features are usedUntil the purpose of processing is fulfilled
Google LLC (Gemini API)United StatesPortions of transcript text (only under fallback configuration)Fallback provider for the same AI features — used only where the Company has configured Gemini instead of AnthropicUntil the purpose of processing is fulfilled
Google LLC (Google Analytics)United StatesCookie identifiers, pages visited and usage history (only with analytics-cookie consent)Visit analytics — transmitted over the network during use of the ServiceUp to 14 months after collection (Google Analytics retention setting)
PostHog Inc. (PostHog)Germany (EU Frankfurt region)Browser-storage identifiers, pages visited and usage history, pseudonymized user identifier (only with analytics-tracking consent)Product usage analytics — transmitted over the network during use of the ServiceUp to 1 year after collection (PostHog retention policy)

8. Cookies

The Company distinguishes between strictly necessary cookies required to provide the Service (such as login) and optional (analytics) cookies used only with your consent. The Company does not use cookies for advertising or personalized tracking purposes.

Cookies in use
CookieCategoryPurposeDuration
better-auth.session_token (prefixed with __Secure- over HTTPS)NecessaryMaintaining your login session7 days (automatically extended with use)
Temporary authentication cookies such as better-auth.stateNecessaryPreventing forged requests (CSRF) during the Google sign-in processFor the duration of the sign-in process (a few minutes)
newey:localeFunctionalRemembering your selected display language (Korean/English)1 year
_ga, _ga_* (Google Analytics)Analytics (optional)Distinguishing visitors and visit/usage statisticsUp to 2 years — set only with consent
ph_* (PostHog — localStorage, not a cookie)Analytics (optional)Distinguishing visitors and product usage statistics — no cookie is setStored only with consent; collection stops when consent is withdrawn
  1. Necessary and functional cookies are used without separate consent to the extent needed to provide the Service; if you block them in your browser settings, some features such as login will be unavailable.
  2. Analytics cookies are set only if you accept them in the consent banner shown on your first visit. If you decline or make no choice, analytics cookies are not set. Even in that case, under Google Consent Mode a cookieless, non-identifying aggregate signal may be sent; this signal is not used to identify individual users.
  3. Your consent choice is stored only in your browser (localStorage), and you can change (withdraw) it at any time below.

분석 쿠키 동의 관리

현재 상태: 확인 중…

거부로 변경하면 이후 방문 통계 수집이 즉시 중단됩니다. 이미 저장된 쿠키는 브라우저 설정에서 삭제할 수 있습니다.

9. Your rights and how to exercise them

  1. You may request access to, correction of, deletion of, or suspension of processing of your personal data at any time. To exercise these rights, contact newey.ai@gmail.com, and the Company will act without delay (and no later than within the statutory deadline) and inform you of the outcome.
  2. Users residing in the European Economic Area (EEA) or the UK (GDPR / UK GDPR): In addition to the rights above, you have the right of access (Art. 15), the right to erasure (Art. 17), the right to data portability (Art. 20), and the right to object to processing (Art. 21), and you have the right to lodge a complaint with the supervisory authority in your place of residence. The legal bases on which the Company processes personal data are performance of a contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f), preventing abuse).
  3. Users residing in California, USA (CCPA / CPRA): The Company does not sell personal information or share it for targeted advertising purposes. You may request disclosure of the categories collected, as well as deletion and correction, and you will not be discriminated against for exercising your rights.
  4. You may exercise your rights through a legal representative or an authorized agent. In that case, the Company may request documentation confirming the lawful representation.

10. Children's privacy

The Service is not directed at children under the age of 14 (or, in regions where the GDPR applies, under the applicable statutory age in that region), and the Company does not knowingly collect children's personal data. If it is confirmed that a child's information has been collected, it will be destroyed without delay.

11. Security measures

  • Encryption in transit: All of the Service's communications (including audio transmission) are encrypted with TLS.
  • Data minimization by design: Real-time audio and the live transcription stream are designed not to be stored on the servers, reducing the risk of exposure; only the session records you choose to save are retained in your account.
  • Encryption at rest: The local cache of the glossary and session caption records stored on your device is encrypted with AES-256-GCM. The encryption key is kept in the browser's secure storage in a non-exportable (non-extractable) form and is not transmitted externally. Saved session records are stored on managed database infrastructure, scoped so that no other user can access them; with opt-in end-to-end encryption enabled, the server stores ciphertext only.
  • Access control: Secret values, such as database connection credentials, are managed only in the server environment and are not exposed to the client.
  • Session security: HttpOnly and Secure attributes are applied to authentication cookies, and the origin of API requests is verified.

12. Data Protection Officer

For inquiries, complaints, or remedies concerning the processing of personal data, please contact the channel below. The Company will respond and act without delay.

  • Data Protection Officer: newey.ai@gmail.com
  • Other reporting and counseling on privacy infringement: Personal Information Infringement Report Center (privacy.kisa.or.kr, dial 118 without an area code), Personal Information Dispute Mediation Committee (kopico.go.kr, 1833-6972)

13. Changes to this policy

If the contents of this policy are added to, deleted, or amended, the Company will give notice through in-service announcements starting 7 days before the effective date. However, where there is a material change affecting user rights — such as the addition of collected items or third-party disclosure — the Company will give notice 30 days before the effective date and, where necessary, obtain consent again.

  • Notice date: July 10, 2026
  • Effective date: July 10, 2026
  • Revised July 10, 2026: Following the introduction of a visit analytics tool (Google Analytics, consent-based), Sections 1, 3, 4, 6, 7, and 8 were revised, and the access logs and passkey items were specified.
  • Revised July 11, 2026: Following the introduction of the Audience sharing feature (real-time display of captions to third parties and temporary routing through the servers; off by default, user opt-in), Sections 2 and 3 were revised.
  • Revised July 11, 2026: Following the introduction of the feature that retains the summary, transcript, and translation text of ended sessions you choose to save in your account (cross-device sync, access by you, and deletion/export), Sections 2, 3, 5, 7, and 11 were revised. Real-time audio and caption streams remain unstored.
  • Revised July 11, 2026: Following the parallel introduction of the product usage analytics tool PostHog (consent-based, no cookies, EU-region storage), Sections 1, 3, 6, 7, and 8 were revised.
  • Revised July 12, 2026: The AI processor for the Smart Context (AI suggestions) feature was corrected to Anthropic PBC (LLM API; the Google Gemini API applies only under fallback configuration), and automatic session-title generation for saved session records was specified as using the same processor. Sections 2, 6, and 7 were revised.
  • Revised July 12, 2026: Sections 2, 3, 5, and 11 were corrected to describe the glossary accurately — a copy is mirrored to your account so the browser extension and your other devices can read it (stored like other account data, not end-to-end encrypted, replaced on each save, and deleted with your account) — and to describe the storage of saved session records accurately (stored on managed database infrastructure, scoped to your account; with opt-in end-to-end encryption, the server stores ciphertext only).

For matters relating to the terms of use of the Service, please see the Terms of Service.