P2ACH AI Inc. is the controller. Address: 28, Seolleung-ro 92-gil, Gangnam-gu, Seoul 06160, Republic of Korea. This public website is intended for business users, partners, investors, media and demo requesters. Customer contracts, offline PoCs, camera or video analytics deployments may be governed by the relevant contract, DPA, on-site notice or separate service notice. If this Policy conflicts with a customer-specific contract, DPA, on-site notice or service-specific notice, the more specific document controls to the extent permitted by applicable law.

Contact form: name, company, department, job title (optional), email, country code, phone number (optional), inquiry type, title, message, attachment (optional), referral source (optional), consent status, submission time, IP address, browser/device data and language setting.
Demo request: name, company, department, job title (optional), email, phone number (optional), venue type, desired demo location, preferred start date, purpose, title, message, attachment (optional), referral source, consent status, submission time, IP address, browser/device data and language setting.
Automatically collected data: IP address, User-Agent, requested URL, referrer, access time, error/performance logs, session identifier, CSRF token, rate-limit record, Datadog RUM events and cookie or similar identifiers. We do not request sensitive data, government identifiers, payment data or biometric data in website forms. If unsolicited sensitive data or third-party information is submitted, we may delete it or restrict processing unless retention is required by law.

We process personal information to respond to inquiries, arrange demos, provide follow-up, verify submissions, prevent spam or abuse, maintain security, provide the website, remember language settings, analyze errors and performance, comply with law, handle disputes, process rights requests and send marketing only where permitted or consented to. Legal bases may include consent, pre-contractual steps or contract performance, legal obligations and legitimate interests. Analytics cookies are not activated before consent where local law requires consent.

Inquiry and demo records are retained for up to 3 years after completion unless a longer period is required for contracts, disputes or law. Attachments are deleted when no longer needed and no later than the inquiry retention period where preservation is necessary. Server session TTL is currently up to 3 hours. Security and error logs are generally retained for up to 90 days. Datadog RUM data is retained according to the Datadog account settings and contract terms and is reviewed for minimization.

When the purpose is fulfilled or the retention period expires, we delete, anonymize or restrict access to personal information. Electronic records are deleted or anonymized so they are not reasonably recoverable, and paper records, if any, are shredded or destroyed. Backup copies are isolated from ordinary use and deleted according to backup cycles.

We do not sell personal information and do not share it for cross-context behavioral advertising under U.S. state privacy laws. We disclose personal information only where required by law, with consent, to service providers acting for us, or as reasonably necessary for a merger, acquisition, financing or business transfer.

We use Amazon Web Services, Inc. and affiliates (Republic of Korea, AWS Seoul Region ap-northeast-2) for cloud infrastructure, database, file storage, Amazon SES email transmission and operational security. We use Datadog, Inc. (United States, datadoghq.com) for website RUM, error, performance and session replay monitoring only after analytics cookies are allowed.
Website inquiry and demo data stored on AWS is stored by default in Korea. Datadog may receive or access IP address, User-Agent, requested URL, referrer, access time, browser/device data, cookie or similar identifiers, RUM session/view/resource/error/performance events and masked session replay data. Transfer occurs through the browser SDK and encrypted HTTPS communications when the user uses the website after allowing analytics cookies. Retention follows Datadog account settings and contract terms and is reviewed for minimization. Safeguards include data processing terms, standard contractual clauses or equivalent transfer safeguards where required by applicable law, TLS, access control, input masking, logging and vendor security review. If you object, you may refuse analytics cookies; essential forms remain available but analytics and error monitoring will be limited.

We use necessary cookies for PHP sessions, CSRF security, language selection and popup/banner dismissal. Datadog RUM loads only after an affirmative analytics-cookie choice. The consent cookie stores the policy version, selected categories and timestamp; if the policy version changes, we may request consent again. See the Cookie Policy for details.

P2ACH AI Vision AI products may analyze camera or CCTV video inputs from customer-operated stores, retail spaces, DOOH media, hotels, transport or mobility environments. Purposes include aggregated and statistical insights such as visitor counts, foot traffic, paths, congestion, ad attention, gaze dwell time, estimated age group and gender, Re-ID-based deduplication and heatmaps. Regardless of whether original footage is stored, video frames may be treated as personal information or video personal information during processing under applicable law, so the customer site legal basis, notices, rights process and contract/DPA apply together.
As a product principle, we do not store original CCTV video or image frames. Frames are analyzed in memory on Edge AI devices, and only aggregated, statistical or de-identified category data and event results are generated and transmitted. We do not use Vision AI outputs for face-recognition identity verification, matching with names or contact details, biometric authentication or tracking intended to identify a specific person. Depending on the customer contract and actual role allocation, P2ACH AI may act as a processor/service provider or as a joint controller for customer-site Vision AI processing.
For Korea, customer on-site signage, contracts or DPAs address installation purpose limits, filming range/time, person in charge, no audio recording, no arbitrary camera manipulation, no use beyond stated purposes and no filming in privacy-sensitive areas. For the EU/EEA, we consider EDPB video-device guidance on lawful basis, transparency notices, minimization, purpose limitation, retention limitation and data-subject rights. For Japan, we consider PPC guidance on camera images and facial-feature data, including purpose specification, retention, outsourcing/joint-use structure and absence of identification purpose. For Vietnam, we consider Decree 13 notice, consent and data-subject-right principles and public-place video/audio recording notice principles. For the United States/California, we consider CCPA/CPRA notice, deletion, correction, opt-out and non-discrimination rights for video, inferred characteristics and information that may be perceived as biometric or sensitive personal information.

The website contact/demo process does not make decisions that produce legal or similarly significant effects solely by automated means. Vision AI outputs are provided for aggregated statistics and operational insights and, as a principle, are not used to make automated decisions that produce legal or similarly significant effects on an individual.

To the extent recognized by applicable law, you may request access, correction, deletion, suspension, withdrawal of consent, restriction, portability, objection and information about automated decisions. Requests may be denied or limited where a statutory restriction or exception applies. Contact sales@p2ach.ai. We verify identity and respond within the legally required period. We do not intentionally collect personal information from children under 14 and will delete it if discovered.

We apply reasonable technical and organizational measures including access control, administrative restrictions, encryption or hashing where appropriate, TLS, CSRF tokens, IP-based rate limiting, upload extension and size controls, logging, vulnerability checks, backup controls and employee access governance. No method of transmission or storage can guarantee absolute security; we maintain incident prevention, detection, response and notification procedures to the extent required by applicable law.

Privacy Officer: Dongyeol Lee, CEO
Privacy Team, P2ACH AI Inc.
Email: sales@p2ach.ai
Address: 28, Seolleung-ro 92-gil, Gangnam-gu, Seoul 06160, Republic of Korea
Korean users may also contact the Personal Information Infringement Report Center (privacy.kisa.or.kr / 118) or the Personal Information Dispute Mediation Committee (kopico.go.kr).

This Policy is effective as of 2026-05-22. We will post updates on the website when laws, services, processors, collection items or retention periods change. Material changes will be separately notified where reasonably possible.