DITO

Privacy Policy

This Privacy Policy describes what information DITO collects, how we use it, and the choices you have. It is written to align with the EU General Data Protection Regulation (GDPR) and the Korean Personal Information Protection Act (PIPA).

Last updated: May 13, 2026 · Effective: May 13, 2026

0. Who we are

DITO is operated by DIGI PLANET, which is the data controller responsible for the information described in this policy. DITO is currently provided as a beta service and is not operated on a commercial basis at this time, except for on-chain network fees passed through to cover infrastructure costs. For any privacy matter, please use the contact in §14.

1. Information we collect

We collect only the information that is necessary to operate the service:

  • Account information — your email address, a username you choose, your hashed password, and sign-up and sign-in timestamps.
  • Your Embers — the embers you light, the entries you write, the days you tend them, and your Stage progression. Encrypted at rest.
  • Conversations with Ember (the AI coach) — the messages you send and the responses Ember returns. To generate replies, these messages pass through our gateway and are submitted to a large-language-model (LLM) provider, such as Google Gemini, Groq, or OpenAI. See §4 for details.
  • Wallet address (if you connect one) — the public address of your Solana wallet, used to mint Embers and to verify identity. We never receive or store your private key or seed phrase. DITO currently operates on Solana <b>Devnet</b> while in demo; we will provide separate notice before any mainnet migration.
  • On-chain activity — only the minimum information necessary to mint an Ember—the transaction hash, your public wallet address, and the public Ember metadata—is written to Solana. Your entries, conversations with Ember, and other private content are never written to the blockchain; they remain encrypted on our servers. Because Solana is a public ledger, the on-chain information described above is inherently permanent and globally readable.
  • Device and connection data — your request IP address (retained briefly for security and rate-limiting), User-Agent, and language preference.
  • Session — a session token that keeps you signed in.
  • Optional analytics — anonymized usage events (for example, "an entry was saved"), collected only if you opt in via the cookie banner.

2. Information we do not collect

  • We do not use third-party advertising trackers.
  • We do not collect social-graph information. There is no follow, no feed.
  • We do not collect precise location data.
  • We do not collect special categories of personal data such as biometric, health, political, or religious information.
  • We do not sell any of your personal data — ever.
  • External LLM providers (such as Gemini, Groq, and OpenAI) do not train their models on your content (see §4). Any internal training of DITO’s own talent-discovery algorithms occurs only with your separate opt-in consent (see §3, "Consent").

3. Purposes and legal bases

For users in the EU and EEA, we rely on the legal bases set out in Article 6 of the GDPR. For users in Korea, we rely on the grounds set out in Article 15 of PIPA.

  • Performance of a contract — to operate your account, store your entries, generate Ember responses, and process Ember mints — the contract you entered when you signed up.
  • Legitimate interests — to protect the service (rate limiting, abuse prevention), to monitor security, and to compute anonymous aggregate metrics — only where these interests are not overridden by your rights and freedoms.
  • Consent — applies to optional analytics cookies, marketing emails (if any), and opt-in data used to improve DITO’s own talent-discovery algorithms. The specific items and methods used for internal training are protected as trade secret and are not disclosed; no raw content is shared with third parties. You may withdraw any consent at any time.
  • Compliance with legal obligations — to meet tax and accounting requirements and to respond to lawful requests from courts or government authorities.

4. Ember conversations and LLM providers

To generate a reply, Ember submits your message to an external LLM provider. The current providers are Google Gemini, Groq, and OpenAI. If we change providers, we will update this page and notify you in the app.

These providers act as our data processors under contracts that prohibit using your messages for any other purpose. We use only endpoints configured to exclude your data from model training. Providers may, however, retain processing logs for a short period (typically up to 30 days) for safety review.

Please do not enter sensitive information—such as government identification numbers, payment card numbers, or medical records—into Ember conversations. Ember is not designed to handle such data.

5. The Solana blockchain and Embers

Embers are minted on the Solana public blockchain (currently on Devnet, since DITO is in demo). Transaction hashes, your public wallet address, and the public Ember metadata are globally readable and permanent. We have no authority to delete on-chain data, so please consider this carefully before minting.

Embers are non-transferable (Soulbound) tokens. Once an Ember is minted to your wallet, it cannot be moved to another wallet. The contents of a minted Ember cannot be modified, and minting fees are non-refundable. If you lose access to your wallet, we may verify your identity using your registered email and re-bind your Ember to a new wallet. Any costs of re-issuance (such as network fees and re-mint costs) are your responsibility. See Terms §7 for details.

6. Recipients and service providers

By default, only you can access your information. Your entries are private and encrypted at rest. Our personnel do not read individual entries in the ordinary course of business; access is granted only under strict access controls and only for security, fraud, or legal purposes.

We engage the following service providers to operate DITO. Each is bound by a data-processing agreement that prohibits any use of your data outside the service we receive:

  • Hosting and storage: Amazon Web Services
  • Transactional email: Resend
  • LLM providers: Google Gemini, Groq, OpenAI (see §4)
  • Error reporting (if any): stack traces without personal identifiers
  • Blockchain: the Solana public ledger (see §5)

7. International transfers

Our servers are located in Korea (Seoul), but LLM providers and the Solana blockchain are inherently global. Some of your information may therefore be transferred to the United States or other countries. For users in the EU and EEA, we rely on the Standard Contractual Clauses under GDPR Article 46 or equivalent safeguards.

8. Retention

  • Account data: while your account is active, plus 30 days after closure (excluding data we are required to retain by law).
  • Entries and Stage progression: until you delete them or close your account.
  • Ember conversation logs (on our side): 90 days. Provider-side retention: see §4.
  • Server access logs and IP: up to 30 days, for security purposes.
  • On-chain data: permanent (see §5). We have no authority to delete it.
  • Payment and tax records (if applicable): for the period required by applicable law.

9. Your rights

You may exercise the rights below regardless of where you live. Additional rights may apply under your local law (for example, the GDPR, PIPA, or the CCPA).

  • Right of access — request a copy of the personal data we hold about you.
  • Data portability — download all of your fires as a single archive at any time.
  • Rectification — correct your account details from Settings.
  • Erasure — close your account and your data is permanently deleted within 30 days. On-chain data is unaffected (see §5).
  • Restriction and objection — ask us to restrict or stop certain processing, especially processing based on legitimate interests.
  • Withdrawal of consent — turn off optional analytics from the cookie banner. You can unsubscribe from any marketing email via the link in the message.
  • Automated decision-making — We do not make solely-automated decisions that produce legal or similarly significant effects on you. Ember’s outputs are not a substitute for human judgement.
  • Right to lodge a complaint — with the Korean Personal Information Protection Commission (privacy.go.kr); for users in the EU or EEA, with your local supervisory authority; for residents of California, with the California Attorney General.

To exercise these rights, contact us at the address in §14. We will respond within 30 days (extendable by an additional 60 days where reasonably necessary).

10. Security

  • TLS 1.2 or higher encryption in transit.
  • AES-256 or equivalent encryption at rest.
  • Passwords are hashed using bcrypt.
  • Internal access is granted on a least-privilege basis and recorded in audit logs.
  • Rate limiting and abuse monitoring are applied.

No system on the internet is completely secure. If we become aware of a personal-data breach that may affect you, we will notify you and the relevant supervisory authority within the timeframe required by applicable law (for example, within 72 hours under the GDPR).

11. Cookies

We use one essential cookie to keep you signed in. Optional analytics cookies are loaded only if you select Accept all. You can withdraw your consent at any time by clearing site data. For users in the EU and UK, all non-essential cookies are opt-in in accordance with the e-Privacy Directive.

12. Children

DITO is intended for users 16 years of age and older. We do not knowingly collect personal data from children under 16. If we learn that we have, we will delete it without undue delay.

13. Changes to this policy

If we make changes to this policy, we will surface the update in the app before it takes effect and update the date at the top of this page. We will provide at least 30 days’ advance notice for material changes.

14. Contact and Privacy Lead

14-1. Privacy questions and rights requests: privacy@dgpla.net

14-2. Operator: DIGI PLANET (non-commercial beta service).

DITOPrivacy·Terms© 2026 DIGI PLANET