Privacy Policy

Last updated: 2026-05-09
Effective date: 2026-05-12

IRGO AI Feed (“IRGO”, “we”, “us”, or “our”) is operated by AnyNble Inc. This Privacy Policy explains how we collect, use, and protect information when you use our website (irfeed.dev), our MCP server (irfeed-mcp), and our API.

1. Information We Collect

1.1 Account information

When you sign up for the free tier, we collect:

• Email address
• Country (optional)
• Self-reported areas of interest (optional)

1.2 API usage telemetry

We collect anonymous, non-PII telemetry on every API and MCP tool call:

• Tool name (e.g., search_filings)
• Arguments (with PII automatically scrubbed — IPs, emails, phone numbers, API keys, RRN, and credit card numbers are replaced with placeholders before any storage)
• Result status (ok / empty / error)
• Latency in milliseconds
• MCP client identifier (e.g., “claude-desktop”, “cursor”, “cline”) when provided
• Country code (derived from IP, not the IP itself)
• 90-day retention; automatic deletion after

You can opt out of telemetry by setting IRFEED_TELEMETRY=off in the MCP server environment variables.

1.3 Web traffic

For irfeed.dev, we use standard server logs (timestamp, URL, user-agent, country code) to detect abuse and improve performance. We do NOT use cross-site tracking, advertising cookies, or device fingerprinting. We use one first-party cookie for your session if you are signed in.

2. What We Do NOT Collect

• We do NOT collect chat history or memory contents from your AI client
• We do NOT access personal files, browsing history, or saved passwords
• We do NOT collect biometric data, contacts, location (beyond country), or financial account numbers
• We do NOT sell or share data with advertisers
• We do NOT use AI training datasets for model improvement based on your queries

3. Data Sources We Connect

IRGO Feed serves publicly disclosed Korean public company IR (Investor Relations) data — quarterly earnings, IPO IR books, and corporate disclosures published by listed companies and reconciled with DART (Korea’s Financial Supervisory Service official disclosure system). We do NOT have access to non-public financial data.

4. Third-Party Services

We use the following sub-processors to operate the service:

• Supabase (database hosting, USA/Europe regions)
• Vercel / Railway (web hosting, USA/Europe regions)
• Anthropic Claude API (LLM extraction in our conversion pipeline — only filing PDFs are sent, no user data)
• Resend (transactional email — sign-up confirmations only)

Each sub-processor is bound by data processing agreements consistent with this policy.

5. Your Rights (GDPR / KISA / CCPA)

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your account and associated data (telemetry by session ID can be deleted on request via privacy@irfeed.dev)
• Port your data to another service in a machine-readable format
• Opt out of telemetry at any time (IRFEED_TELEMETRY=off)

To exercise any of these rights, contact privacy@irfeed.dev. We will respond within 30 days.

6. Children’s Privacy

IRGO Feed is not directed at children under 16. We do not knowingly collect data from children. If we learn that data of a child has been collected, we will delete it.

7. Security

• TLS in transit (HTTPS only)
• Row-Level Security (RLS) on all database tables
• API keys are read-only; abuse is throttled
• We do NOT store credit card information (handled by our payment processor)
• Vulnerability reports: security@irfeed.dev

8. Data Retention

• Account data: until account deletion, plus 30 days for backup recovery
• API telemetry: 90 days, then permanent deletion
• Server logs: 30 days
• Filing content (public): retained indefinitely (public domain reconstructed data)

9. International Transfers

Data may be transferred to and processed in the USA, Europe, or Korea. We rely on Standard Contractual Clauses (SCCs) for transfers from the EU/UK to other regions.

10. Changes to This Policy

We will post the updated policy at irfeed.dev/privacy and update the “Last updated” date. Material changes will be announced via email to active users.

11. Contact

• General privacy: privacy@irfeed.dev
• Security: security@irfeed.dev
• Data deletion: privacy@irfeed.dev (subject: “Data deletion request”)

한국어 요약

전문은 위 영문 본문 우선. 간단 요약:

1. 수집 항목 최소화: 가입 시 이메일만 필수. PII (IP/이메일/전화/카드/주민번호/API 키)는 모든 로그에서 자동 마스킹.
2. 목적 외 사용 금지: 광고·재판매·AI 학습 데이터 제공 0건.
3. 보유 기간: API 텔레메트리 90일, 서버 로그 30일.
4. 이용자 권리: 열람·정정·삭제·이동·텔레메트리 거부 가능.
5. 연락처: privacy@irfeed.dev — 30일 내 응답.