Privacy Policy

Last updated: April 16, 2026

1. Introduction

theXEO ("we", "our", "us") operates the website the-xeo.com and the theXEO platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

  • Company name: Soyoyu (소요유)
  • Representative: Seungyub Jeon
  • Business registration number: 897-10-02681
  • Address: 415, Gyeonggi Startup Innovation Space, 4F, Building D, 190 Galmae Jungang-ro, Guri-si, Gyeonggi-do, Republic of Korea

2. Information We Collect

Account Information

When you sign up via Google OAuth, we receive your name, email address, and profile picture. We do not receive or store your Google password.

Site Data

When you connect a website, we access your Cloudflare account via the API token you provide. We use this to deploy and manage the theXEO Edge Worker on your infrastructure. We scan your site's HTML to generate SEO recommendations and health scores.

Payment Information

Payments are processed by Toss Payments (토스페이먼츠). We do not store your credit card numbers, bank account details, or other financial information on our servers. Payment data is handled in accordance with the Toss Payments Privacy Policy.

Usage Data

We collect analytics data including page views, feature usage, error logs, and performance metrics to improve our service.

Our Service is not directed at children under 14. We do not knowingly collect personal information from children under 14.

3. How We Use Your Information

  • To provide, maintain, and improve the theXEO platform
  • To deploy and manage Edge Workers on your Cloudflare account
  • To generate SEO analysis, AI-powered meta tags, and health scores
  • To process payments and manage subscriptions
  • To send service-related communications (not marketing)
  • To detect and prevent fraud or abuse

4. Data Storage and Security

Your data is stored on Cloudflare's global infrastructure (D1 database, Workers KV, R2 storage). Cloudflare API tokens are encrypted using AES-256-GCM with per-customer derived keys (HKDF). Sessions use httpOnly cookies with secure flags.

We implement industry-standard security measures, but no method of electronic transmission or storage is 100% secure.

5. Third-Party Services

We use the following third-party services:

  • Cloudflare — Infrastructure, CDN, Workers runtime
  • Google — OAuth authentication
  • Toss Payments — Payment processing
  • Sentry — Error monitoring
  • Google Gemini / Cloudflare Workers AI — AI-powered content generation

Each service has its own privacy policy governing data handling.

6. Data Processing Delegation

We delegate the processing of personal data to the following service providers:

Delegatee Purpose
Toss Payments Co., Ltd.Payment processing and billing key management
Cloudflare, Inc.Infrastructure hosting, CDN, Workers runtime
Google LLCOAuth authentication
Functional Software, Inc. (Sentry)Error monitoring
Google LLC (Gemini)AI content generation

7. Your Cloudflare Account

theXEO deploys Edge Workers to your Cloudflare account using the API token you provide. You maintain full control of your Cloudflare account. You can revoke the API token at any time to disconnect theXEO. We only perform read and deploy operations necessary for the service.

8. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where required by law. Anonymized statistical data that cannot be re-identified may be retained indefinitely.

Where required by applicable law, we retain the following records:

  • Contract and subscription withdrawal records: 5 years (Act on Consumer Protection in Electronic Commerce)
  • Payment records: 5 years (Act on Consumer Protection in Electronic Commerce)
  • Consumer complaints and dispute resolution records: 3 years (Act on Consumer Protection in Electronic Commerce)
  • Electronic financial transaction records: 5 years (Electronic Financial Transactions Act)

9. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent at any time

To exercise these rights, contact us at [email protected]. We will process your request within 10 days of receipt. If we refuse, we will notify you of the reason.

10. Cookies

We use a single session cookie (sid) for authentication. It is httpOnly, secure, and scoped to the .the-xeo.com domain. We do not use tracking cookies or third-party advertising cookies. This cookie is essential for the Service and login is not possible without it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes at least 30 days before the effective date via registered email and a notice on the Service, and by updating the "Last updated" date on this page.

12. Data Protection Officer

  • Name: Seungyub Jeon
  • Title: CEO (also serving as CPO)
  • Email: [email protected]
  • Phone: 010-8174-7778

13. Contact

If you have questions about this Privacy Policy, contact us at [email protected].