WorldClone is a market validation engine that simulates user reactions pre- and post-launch with AI panels that mirror real-world distributions, helping teams de-risk and iterate faster.

How does the AI panel work?

We combine thousands of persona presets to generate AI panels that reflect real population distributions, then run concept, price, and message tests instantly to predict user reactions.

PMs, growth marketers, brand teams, and research teams at B2B companies who need to validate their products before launch.

Privacy Policy

Last Updated: April 13, 2026

WorldClone Lab ("Company", "we", "us") takes the protection of your personal information seriously. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use the WorldClone Lab website and related services (collectively, the "Services"). This policy complies with the Korean Personal Information Protection Act (PIPA), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

1. Information We Collect

1.1 Required Information

We collect the following information that you provide when creating an account or using core features:

Email address (via OAuth or direct registration)
Display name / username
Account credentials (hashed passwords or OAuth tokens)

1.2 Optional Information

You may choose to provide additional information to enhance your experience:

Company name and job title
Profile avatar / photo
Communication preferences

1.3 Automatically Collected Information

We automatically collect the following technical information when you use our Services:

IP address, browser type, operating system, and device information
Access timestamps and page visit logs
Cookies and similar tracking identifiers (with your consent for non-essential cookies)
Referral URLs and page interaction data

All persona data and simulation results generated through our platform are synthetic and do not represent real individuals.

2. How We Collect Information

OAuth authentication: profile data within the scope you authorize (Google, GitHub, etc.)
Direct user input: registration forms, account settings, scenario creation
Automatic collection during service use: server logs, cookies, analytics events

3. Purpose of Collection and Use

We use the information we collect for the following purposes:

Account creation, authentication, and session management
Providing core service features (World creation, Console testing, Signals analysis)
Processing transactions and sending payment-related information
Sending service notices, updates, and technical support messages
Analyzing usage patterns to improve service quality and user experience
Abuse prevention, fraud detection, and security incident response
Compliance with legal obligations and regulatory requirements
Generating anonymized, aggregated analytics for service improvement

4. Data Retention

We retain your information for as long as necessary to provide our services. When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

Legally Required Retention Periods

Service usage records (access logs): 3 months (Telecommunications Business Act)
Contract and payment records: 5 years (E-Commerce Act)
Consumer complaint records: 3 years (E-Commerce Act)
Records of display/advertisement: 6 months (E-Commerce Act)

5. Third-Party Sharing and Disclosure

We do not sell your personal information. We may share information only in the following limited circumstances:

With your explicit consent
To comply with legal obligations, court orders, or government requests
To protect the rights, property, and safety of WorldClone Lab, our users, or the public
In connection with a merger, acquisition, or sale of assets (with prior notice to affected users)

6. Data Processing Outsourcing

We outsource certain data processing tasks to the following third-party service providers. All outsourcing contracts comply with applicable data protection laws.

Processor	Purpose	Retention
Supabase (AWS)	Database hosting, authentication, file storage	Until contract termination
Vercel	Web application hosting and CDN	Until contract termination
Google (OAuth + GA4)	Authentication, anonymized analytics (with consent)	Until contract termination
OpenAI / Anthropic / Google AI	AI-powered persona generation and scenario simulation	Until API call completes (no data retained)

7. Your Rights

Under applicable data protection laws (including PIPA, GDPR, and CCPA), you have the following rights regarding your personal information:

Right to Access: Request a copy of your personal information we hold
Right to Correction: Request correction of inaccurate or incomplete information
Right to Deletion: Request deletion of your personal information
Right to Data Portability: Request your data in a structured, machine-readable format
Right to Restrict Processing: Request that we limit how we process your information
Right to Withdraw Consent: Withdraw previously given consent at any time

To exercise these rights, contact us at worldclonelab@gmail.com or use the account settings at /dashboard/settings.

8. Data Security Measures

We implement the following technical and organizational measures to protect your information:

HTTPS/TLS encryption for all data in transit
Encryption at rest for database storage (Supabase/AWS)
Row-Level Security (RLS) and role-based access controls
Rate limiting per IP and per user
Regular security assessments and penetration testing
Audit logging for administrative actions

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Cookies and Tracking Technologies

We classify cookies into the following categories:

Essential Cookies (Required)

These cookies are necessary for the website to function and cannot be disabled:

Session and authentication cookies (Supabase auth tokens)
Language preference cookies
Cookie consent preference

Analytics Cookies (Optional)

These cookies help us understand how visitors use our website. They are only activated after you give explicit consent via the cookie banner:

Google Analytics 4 (GA4): page views, user interactions, anonymized usage data

You can manage your cookie preferences at any time through the cookie consent banner or your browser settings. Declining analytics cookies does not affect core functionality.

10. Analytics Services

We use Google Analytics 4 (GA4) to understand service usage patterns. GA4 is configured with the following privacy protections:

IP anonymization is enabled by default
Google Signals and ad personalization are disabled
Analytics data is aggregated and anonymized
GA4 scripts are loaded only after explicit cookie consent
Do Not Track (DNT) browser signals are respected

11. AI-Based Data Processing

WorldClone Lab uses AI services (OpenAI, Anthropic, Google AI) for core functionality including persona generation and scenario simulation. Important disclosures:

User input data is sent to AI providers solely for generating simulation results
AI providers do not retain your data for model training (per our contractual agreements)
No real personal data of third parties should be submitted to AI processing features
All AI-generated content (personas, responses, signals) is synthetic and clearly labeled as such

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States (Supabase/AWS, Vercel, AI providers). We ensure appropriate safeguards are in place through Standard Contractual Clauses (SCCs) and processor agreements that comply with GDPR and PIPA requirements.

13. Children's Privacy

Our Services are not intended for users under 14 years of age (in accordance with Korean PIPA) or under 16 years of age (in jurisdictions where GDPR applies). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately and we will take steps to delete such information.

14. Account Deletion

You may request account deletion at any time through your account settings or by contacting us. Upon deletion request:

A 30-day grace period begins during which you can cancel the deletion
After the grace period, your personal information is permanently deleted or anonymized
Content you created may be anonymized (author attribution removed) rather than deleted to maintain service integrity
Information required by law will be retained for the legally mandated period, then destroyed

15. Data Protection Officer

For privacy inquiries, please contact our Data Protection team:

WorldClone Lab Operations Team

Email: worldclonelab@gmail.com

External Remediation Agencies

If you are not satisfied with our response, you may contact the following agencies:

Personal Information Infringement Report Center (KISA): 118, privacy.kisa.or.kr
Personal Information Dispute Mediation Committee: 1833-6972, www.kopico.go.kr
Supreme Prosecutors' Office Cyber Investigation Division: 1301, www.spo.go.kr
National Police Agency Cyber Bureau: 182, ecrm.cyber.go.kr

16. Changes to This Policy

We may update this Privacy Policy from time to time. For significant changes that affect your rights, we will provide at least 30 days' notice before the effective date. For minor clarifications, we will provide at least 7 days' notice. Notice will be given via email and/or prominent display on the Services. Your continued use after the effective date constitutes acceptance.

17. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Email: worldclonelab@gmail.com

WorldClone Lab

This Privacy Policy is effective as of April 13, 2026 and applies to all existing and new users.