Privacy Policy

Privacy Policy

Effective Date: April 20, 2026
Last Updated: April 20, 2026

This Privacy Policy describes how touch a chord (“Company,” “we,” “us,” or “our”) collects, uses, discloses, stores, and otherwise processes personal information in connection with thxmyai and related websites, applications, products, paid features, AI-assisted features, public artifact pages, rankings, and related services (collectively, the “Services”).
This Privacy Policy is intended to help you understand what personal information we collect, how we use it, when we share it, and what choices and rights you may have.
Capitalized terms not defined in this Privacy Policy have the meanings given in our Terms of Service.

1. ABOUT

thxmyai is a digital service that allows users to create, store, manage, and optionally share digital artifacts that record their messages, views, or perspectives regarding artificial intelligence (“Artifacts”).
If you have questions about this Privacy Policy or our privacy practices, you may contact us at:

touch a chord
70, Bokji-ro, Busanjin-gu, Busan, Republic of Korea
support@thxmyai.com

2. SCOPE

This Privacy Policy applies to personal information we process in connection with the Services, including through our website, public artifact pages, rankings, search features, account systems, payment-related flows, and AI-assisted features.
This Privacy Policy does not apply to third-party websites, products, platforms, or services that are not operated by us, even if they are linked from or integrated with the Services.
Your use of third-party services may also be subject to those third parties' own privacy policies and terms.
The Services are designed for a global structure and may be accessed by users in Korea and other countries.

3. PERSONAL INFORMATION WE COLLECT

The personal information we collect depends on how you interact with the Services.

A. Information You Provide to Us

Account Information.
When you use the Services, we collect information you provide in connection with account access and management, including:
email address;
country code or country selection;
consent records relating to acceptance of our Terms and policies;
and information associated with magic-link authentication.

Artifact Information.
When you create or manage an Artifact, we may collect:
selected product tier;
nickname or display name, if provided;
message content, if provided;
public/private visibility settings;
ranking inclusion settings;
selected LLM or AI model option;
selected card design or presentation effects;
and other Artifact-related settings or preferences you choose to submit.

Communications Information.
If you contact us by email or otherwise communicate with us, we collect the information you choose to provide, such as your email address and the contents of your message.

B. Information Collected Automatically

When you use the Services, we may automatically collect certain information, such as:
session or token-related information;
login and access history, including timestamps such as last login time;
public artifact detail page view logs;
artifact view counts;
administrator action logs;
payment event logs and related raw event payloads received from payment providers;
country-related information derived from payment data, user selection, or other contextual indicators;
and other records reasonably necessary for service operation, fraud prevention, security, moderation, support, and legal compliance.

We may also use cookies, session technologies, or similar mechanisms for authentication, security, and service functionality.

C. Payment and Transaction Information

We do not directly collect or store full payment card information on our own servers.
Payments are handled by third-party payment providers, including Paddle.
We may receive and store transaction-related information such as:
order number;
payment status;
amount and currency;
provider payment reference;
provider event ID;
refund status;
and raw payment event payloads or transaction metadata reasonably necessary for billing, reconciliation, fraud prevention, support, and legal compliance.

D. AI-Related Inputs and Outputs

If you use our AI-assisted features, we may process:
your selected LLM or AI provider option;
your submitted text inputs, prompts, messages, and related configuration choices;
AI-generated responses;
AI-generated scores;
and related metadata necessary to provide the AI feature.

E. Information from Other Sources

We may receive information from third parties such as payment providers, email delivery providers, hosting providers, infrastructure providers, and AI service providers, where necessary to operate the Services, authenticate users, process payments, provide support, detect fraud, or provide AI-related outputs.

4. HOW WE USE YOUR INFORMATION

We use personal information for a variety of business and operational purposes, including to:

A. Provide and Operate the Services
We use personal information to:
create and manage accounts;
authenticate users through email magic links;
create, store, display, edit, and manage Artifacts;
provide public or private Artifact display according to user settings and service rules;
support search, rankings, statistics, and artifact management features; and
provide customer support and respond to inquiries.

B. Process Transactions and Paid Features
We use personal information to:
process purchases and paid Artifact tiers;
coordinate with Paddle and other payment-related providers;
detect, prevent, and investigate fraud, abuse, reversals, refunds, and chargebacks;
maintain transaction records and billing history; and
enforce purchase-related limitations, eligibility, and validity rules.

C. Provide AI-Assisted Features
We use personal information and submitted content to:
send relevant inputs to selected AI providers;
generate AI responses and scores;
store AI-generated results where applicable;
reflect selected LLM preferences;
and support related administrative, operational, and quality functions.
We do not use your submitted content for our own AI model training or quality-improvement training purposes unless we clearly state otherwise and obtain any consent required by applicable law.

D. Manage Visibility, Moderation, and Service Integrity
We use personal information and Artifact-related information to:
review and moderate submitted content;
approve, reject, hide, invalidate, or restrict Artifacts;
manage public visibility and ranking inclusion;
maintain administrative logs and moderation records;
enforce our Terms and policies;
and protect the integrity, safety, and reliability of the Services.

E. Security, Fraud Prevention, and Compliance
We use personal information to:
maintain account security;
prevent misuse, abuse, fraud, and unauthorized activity;
investigate suspicious behavior;
comply with legal, tax, accounting, consumer protection, and regulatory obligations; and
establish, exercise, or defend legal claims.

F. Analytics and Performance
We may use information about how the Services are accessed and used to:
understand feature usage;
measure traffic and service performance;
improve reliability and usability; and
maintain and improve our Services.

G. De-Identified and Aggregated Use
We may de-identify, anonymize, or aggregate information and use such information for analytics, operational insights, service improvement, and other lawful business purposes, provided such information is no longer reasonably linked to an identified individual.

5. LEGAL BASIS FOR PROCESSING

Where applicable data protection laws require a legal basis for processing, we may process personal information on one or more of the following bases:
Performance of a contract with you, including to provide the Services, authenticate your account, process transactions, and operate requested features;
Legitimate interests, including to secure and improve the Services, prevent fraud, moderate content, maintain operational records, and protect our business and users;
Compliance with legal obligations, including tax, accounting, consumer protection, dispute handling, and regulatory obligations;
and Consent, where required by applicable law, including where certain optional technologies or processing activities require consent.

6. HOW WE DISCLOSE YOUR INFORMATION

We may disclose personal information to the following categories of recipients:

A. Payment Providers
We may disclose personal information to payment processors, merchant-of-record providers, resellers, tax handlers, or billing providers, including Paddle, to process purchases, handle taxes, manage refunds, respond to disputes, and detect fraud.

B. Email and Communication Providers
We may disclose personal information to providers that help us send authentication and service emails, including Resend.

C. Hosting, Infrastructure, and Database Providers
We may disclose personal information to service providers that help host, store, secure, and deliver the Services, including providers such as Vercel, Render, PostgreSQL-related infrastructure, Redis, and related vendors.

D. AI Service Providers
If you use AI-assisted features, we may disclose relevant submitted inputs and related configuration data to AI service providers such as OpenAI, Anthropic, and Google, to generate AI responses, scores, or related outputs.

E. Analytics and Operational Providers
We may disclose certain usage or technical information to analytics or operational service providers, including Google Analytics, where used.

F. Legal, Safety, and Enforcement Disclosures
We may disclose personal information where reasonably necessary to:
comply with applicable law, court orders, legal process, or lawful government requests;
enforce our Terms, policies, and agreements;
protect our rights, users, systems, and business;
investigate fraud, abuse, chargebacks, security incidents, or other harmful activity; or
support dispute resolution or legal defense.

G. Business Transfers
If we are involved in a merger, acquisition, financing, reorganization, asset sale, or similar transaction, personal information may be disclosed or transferred as part of that process, subject to applicable law.

7. PUBLIC CONTENT AND VISIBILITY

The Services allow users to control whether certain Artifact-related information is public or private.
Depending on your settings and service status, the following information may become publicly visible:
Artifact number;
selected tier;
country;
creation date;
message content;
nickname;
selected target LLM;
global or country rank;
and view count.

Public display may depend not only on your settings, but also on factors such as payment completion, validity status, moderation review, approval status, and service eligibility rules.
If an Artifact or related content is private, hidden, invalidated, unapproved, or otherwise ineligible, it may be excluded from public hubs, search results, rankings, or direct-link access.
Because the Services include public pages and public hub functionality, information that is made public may be accessible to others and may potentially be indexed by search engines.

8. COOKIES AND SIMILAR TECHNOLOGIES

We may use cookies, session technologies, or similar tools for purposes such as:
authenticating users;
maintaining login sessions;
securing accounts and preventing abuse;
supporting core site functionality; and
measuring usage and performance.

We currently use Google Analytics for analytics purposes.
We do not currently use advertising cookies for targeted advertising or retargeting pixels for behavioral advertising, based on the information currently provided.
You may be able to control cookies through your browser settings.
Please note that disabling certain cookies or session technologies may affect service functionality, including login and account access.

9. INTERNATIONAL DATA TRANSFERS

Because we use global infrastructure and third-party providers, personal information may be transferred to, stored in, or processed in countries outside your country of residence, including countries that may have different data protection laws than your home jurisdiction.
These transfers may occur in connection with providers such as:
Vercel;
Render;
Paddle;
Resend;
OpenAI;
Anthropic; and
Google.

Where required by applicable law, we take reasonable steps to implement appropriate safeguards for international transfers.

10. DATA RETENTION

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain records, support moderation and administrative actions, comply with legal obligations, resolve disputes, prevent fraud, and enforce our agreements.
Our retention approach may include status changes, restriction, or anonymization rather than immediate physical deletion.
Examples include:
Account information: may be deleted or anonymized upon account deletion request, subject to legal and operational requirements.
Artifacts: may be anonymized and retained rather than fully deleted in some circumstances.
Payment and transaction records: may be retained for accounting, tax, fraud prevention, dispute handling, and compliance purposes.
Refund, invalidation, and payment status history: may be retained as status records.
Administrator logs and moderation history: may be retained for operational integrity, review history, safety, and legal compliance.
Public content: may remain available, be restricted, or be converted to private/inactive status depending on applicable policy and operational needs.

11. YOUR CHOICES AND PRIVACY RIGHTS

Depending on your location and applicable law, you may have the right to:
request access to personal information we hold about you;
request correction of inaccurate information;
request deletion of your personal information;
request account deletion;
request restriction of certain processing;
object to certain processing;
and request information about how your personal information is used or disclosed.

You may also be able to review and modify certain information directly through your account, including:
your Artifacts;
message content;
nickname;
public/private visibility settings; and
ranking inclusion settings.

Requests may be submitted through support@thxmyai.com.
Please note that some requests may be limited where retention is necessary for legal obligations, fraud prevention, dispute handling, security, recordkeeping, or other lawful operational purposes.
Because the Services may retain certain records in anonymized, de-identified, or status-based form, deletion may not always mean immediate or complete physical erasure of every associated record.

12. CHILDREN

The Services are not specifically directed to children.
However, based on the service design currently provided, minors may be permitted to use the Services.
If required by applicable law, minors should use the Services only with appropriate parental or guardian consent or supervision.
We do not intentionally collect sensitive personal information from children for profiling or advertising purposes through the Services.

13. SENSITIVE INFORMATION

We do not seek to collect sensitive personal information for a specific business purpose through the Services.
However, because the Services may include free-text inputs such as nicknames and message fields, users may choose to submit information that could be considered sensitive in some jurisdictions.
You should not submit sensitive personal information unless you are comfortable doing so and such submission is necessary for your intended use of the Services.
We reserve the right to moderate, restrict, hide, or remove content that violates our policies or creates legal, safety, or operational risk.

14. SECURITY

We take reasonable administrative, technical, and organizational steps to help protect personal information.
These measures may include, where applicable:
one-time magic link authentication;
token expiration controls;
hashed or otherwise protected token handling;
role-based access controls;
separation of user and administrator permissions;
administrator action logging; and
limiting our direct handling of payment card information by using third-party payment providers.

No system is completely secure, and we cannot guarantee absolute security.

15. THIRD-PARTY SERVICES

The Services may rely on or integrate with third-party services, including payment providers, email delivery providers, AI providers, analytics tools, and infrastructure vendors.
Those third parties may process personal information under their own privacy policies and terms.
We encourage you to review their policies where relevant.

16. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time.
If we do, we will revise the “Last Updated” date above.
If changes materially affect your rights or how we process personal information, we may provide additional notice where required by applicable law.
Your continued use of the Services after the effective date of an updated Privacy Policy means that the updated version will apply, to the extent permitted by law.

17. CONTACT US

If you have any questions, requests, or concerns regarding this Privacy Policy or our privacy practices, you may contact us at:

touch a chord
70, Bokji-ro, Busanjin-gu, Busan, Republic of Korea
support@thxmyai.com