TFLab mark
TFLab
ENKO

Privacy Policy

Effective Date:April 1, 2026

1. Scope and Purpose

This Privacy Policy applies to our unified authentication account ("TFLab Integrated Account"), the TFLab website, landing pages, connected services (including TF-Aegis and IAPS), and related communications operated by TFLab Inc.
The public website can generally be browsed without creating an account, but the TFLab Integrated Account is required to access connected products, customer areas, beta programs, waitlists, and centralized payment points.
If TFLab launches a separate product, application, or paid subscription, additional product-specific privacy notices may apply alongside this policy.

2. Personal Information We Collect

Depending on how you interact with our website and single-sign-on (SSO) systems, we may collect the following categories of personal information:
  • Contact information you provide voluntarily, such as your name, email address, company, and message contents when you contact us.
  • Account and authentication data, such as email address, unique auth identifiers, provider type, and basic profile information, when registering for a TFLab Integrated Account exclusively via Google or Apple social login.
  • Purchase, payment, order, refund, entitlement, and subscription-related data when using the TFLab Integrated Account alongside our Centralized Payment System (Integrated Authentication & Payment System or IAPS).
  • Technical and usage data such as IP address, browser type, device information, referring URL, access time, and basic server logs.
  • Preference data required to operate the website, such as your selected language or locale setting.
  • Marketing preference information, including consent status and consent time, if you separately opt in to promotional communications.

3. How We Use Personal Information

To operate, maintain, secure, and improve the website, TFLab Integrated Account, and related Connected Services.
To authenticate users, provide seamless single-sign-on (SSO) across our ecosystem, and verify digital entitlements.
To process transactions, manage subscriptions, reconcile billing status, and handle refunds centrally through the Integrated Authentication & Payment System.
To respond to inquiries, business requests, partnership discussions, and support messages.
To deliver updates, launch announcements, newsletters, or marketing messages where you have separately consented.
To detect fraud, prevent unauthorized access, and protect our services, rights, and users.
To comply with applicable laws, accounting obligations, and lawful government requests.

4. Retention Period

We retain personal information only for as long as reasonably necessary for the purposes described above, unless a longer retention period is required by law.
Inquiry records may be retained for up to 3 years from the last relevant communication for support, relationship management, and business record purposes.
Technical logs, operational records, and preference data may be retained for limited security, maintenance, and troubleshooting periods.
Where a transaction or payment occurs in the future, records required under e-commerce, tax, or accounting laws may be retained for the legally required period.
Marketing consent records may be kept until you withdraw consent or for the period reasonably necessary to demonstrate that consent was obtained.
If you request account deletion, we will delete, anonymize, or de-identify personal information when no longer needed, except where we are required or permitted to retain specific records for legal compliance, billing, fraud prevention, or dispute handling.

5. Cookies and Similar Technologies

We may use cookies or similar technologies that are necessary to operate the website, maintain authentication, keep the service secure, and remember basic preferences.
As of the effective date, the website is not intended to rely on behavioral advertising cookies. If this changes, we will update this policy and request consent where required by your jurisdiction.

6. International Data Transfers

As our operations and infrastructure are global, your personal information may be transferred to, stored, and processed in countries other than your country of residence (including the United States and the Republic of Korea), where data protection laws may differ.
If you do not wish your personal information to be transferred internationally, your use of services that rely on authentication or billing may be limited.
Processors & Data Transfers:
  • Supabase: Used for global authentication (SSO) and backend databases.
  • Lemon Squeezy: Used as our Merchant of Record for secure payment and subscription processing (primarily US-based).
  • Vercel: Used for edge-network website hosting.
By using our Connected Services, you acknowledge that your personal information will be transferred internationally. When we transfer your data from the European Economic Area (EEA) or the UK to destinations lacking an adequacy decision, we rely on legally provided mechanisms such as the Standard Contractual Clauses (SCCs) or equivalent safeguards to ensure your data remains protected to the standards required by the GDPR/UK GDPR.

7. Disclosure to Third Parties

We do not sell your personal information.
As of the effective date, TFLab does not sell personal information or share it for cross-context behavioral advertising as defined under applicable U.S. state privacy laws (such as the CCPA).
To provide a seamless authentication and checkout experience, your account status and basic profile information are shared internally among our Connected Services (e.g., TF-Aegis, IAPS). We also disclose personal information to trusted third-party processors acting on our behalf, subject to binding contractual safeguards.
We may also disclose information if required by law, court order, or if necessary to protect our legal rights, our users, or the safety of our systems.

8. Your Privacy Rights

Subject to your local jurisdiction's applicable laws (e.g., GDPR, UK GDPR, CCPA/CPRA, and Korean PIPA), you may have the right to request:
  • Access, Correction, and Deletion: To review, correct inaccuracies, or delete the personal information we hold about you.
  • Restriction or Objection: To object to specific types of processing.
  • Data Portability: To receive your personal data in a structured, commonly used format or have it transmitted directly to another data controller.
  • Automated Decision-Making: The right not to be subject to a decision based solely on automated processing (including AI algorithms or profiling) which produces legal or similarly significant effects concerning you, and the right to request an explanation or human intervention.
You may also withdraw consent for marketing communications at any time. Requests can be submitted to contact@tflab.io.
At this time, some Connected Services, including early Focuno experiences, may not yet provide an in-product self-service account deletion workflow. Until that functionality is available, you may submit deletion or account-closure requests to contact@tflab.io, and we may take reasonable steps to verify your identity before acting on the request.
If you reside in the EEA, UK, or another jurisdiction with similar privacy frameworks, you have the right to lodge a complaint with your local data protection supervisory authority.

9. Security and Children's Privacy

We take reasonable technical and organizational measures (such as encrypted communications and access controls) to help protect personal information against unauthorized access, disclosure, alteration, or destruction.
When personal information is no longer needed and there is no legal requirement to keep it, we delete or securely anonymize it.
Our services are not directed to children under the applicable age of digital consent (e.g., under 13 in the United States, or under 16 in certain EEA countries).
If we learn that we collected such information from a child without valid parental authorization, we will take immediate steps to delete it.

10. Privacy Officer and Contact

Data Protection / Privacy Officer: Taehyun Park
  • Company: TFLab Inc.
  • Email: contact@tflab.io
  • Address: 396-21, Toseong-ro, Hyangnam-eup, Hwaseong-si, Gyeonggi-do, Republic of Korea
Requests regarding access, correction, deletion, restriction, consent withdrawal, or exercising your privacy rights can be submitted directly through the email above.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or emerging legal requirements. When we do, we will post the updated version on this page with a revised effective date.
For any privacy-related questions or if you need assistance, please contact us at contact@tflab.io.