Privacy Policy

Last updated: May 19, 2026

This Privacy Policy describes what personal data we collect when you visit nineagents.ferrorium.com, purchase Nine Agents, or run the desktop application, and how we use it.

Data Controller / Operator
POLAAPP (폴라앱) — registered in the Republic of Korea
Business Registration No. 344-02-02294 · Represented by Cheolhee Lee (이철희)
Registered office: 3F #301, 22 Wolpyeongdong-ro, Seo-gu, Daejeon, Republic of Korea
Contact & privacy inquiries: [email protected]

Short version: we collect only what's necessary to deliver your purchase, enforce the single-device license, and send transactional email. No advertising trackers, no profiling, no resale.

1. Data we collect

When you visit the website

Standard HTTP request data (IP address, user agent, requested path) — handled by Cloudflare, retained for security/anti-abuse purposes only.
No analytics or advertising cookies. No third-party tracking pixels.

When you purchase

Email address, billing address, and payment details (collected by Paddle as our Merchant of Record — we receive the email and a transaction reference, but not your card details).
Transaction id, amount, currency, country (received from Paddle for license issuance).

When you use the desktop app

License key (entered by you), device fingerprint (a SHA-256 hash of MAC + hostname + OS — used only to enforce the single-device limit), platform identifier (e.g. macos-arm64 / windows-x64), hostname (optional, for your own license dashboard).
Heartbeat timestamps (so the license stays usable offline for 7 days).
No file contents, prompts, project data, or AI conversations ever leave your machine.

2. How we use it

Issue and enforce your license (single-device binding, reassignment, revocation).
Deliver the download link, license key, and product-related transactional email.
Respond to support questions you initiate.
Investigate fraud, abuse, or breach of our Terms.

We do not sell, rent, or share your data with advertisers, data brokers, or unrelated third parties.

3. Sub-processors

We rely on a small set of vendors to operate the service:

Paddle (Paddle.com Market Limited) — payment processing, tax handling, invoice issuance. Merchant of Record.
Cloudflare (Cloudflare, Inc.) — website hosting (Pages), API hosting (Workers), database (D1), file storage (R2), DNS, DDoS protection.
Resend (Resend, Inc.) — transactional email delivery.

Each sub-processor operates under its own privacy policy and applicable cross-border transfer mechanisms.

4. Retention

Order and license records are retained for as long as your license is active, plus up to 7 years thereafter (legal / tax obligations).
Device-activation records are retained while a license is active; deactivated rows are kept up to 12 months for fraud forensics, then deleted.
Webhook event logs are kept up to 90 days for debugging.
Server access logs (Cloudflare): up to 7 days by default.

5. Your rights

Depending on your jurisdiction (GDPR, UK GDPR, CCPA, PIPA-Korea, etc.) you may have the right to:

Access the personal data we hold about you.
Request correction or deletion.
Object to or restrict processing.
Receive a portable copy of your data.
Withdraw consent (where processing is based on consent).
Lodge a complaint with your local supervisory authority.

To exercise any of these, email [email protected]. We respond within 30 days.

6. Security

License keys are stored only in our database; we never ship them in the app binary. Webhook payloads from Paddle are HMAC-verified. All web/API traffic is HTTPS-only (HSTS preload eligible). Access to the production database is limited to the operator's account.

7. Children

Nine Agents is a developer tool, not directed at children under 13 (16 in the EEA). We do not knowingly collect personal data from such users.

8. Changes to this policy

We may update this policy from time to time. Material changes will be announced on the Site and reflected in the "Last updated" date above.

9. Contact

Privacy questions: [email protected].