Privacy Policy
Our privacy policy details how we collect, use, and protect your information. Learn how we handle your data and your privacy rights.
Article 1 (Purpose of Personal Information Processing)
The Company processes personal information for the following purposes. Personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, necessary measures will be taken such as obtaining separate consent in accordance with the "Personal Information Protection Act" Article 18.
- Service provision and member management: Personal information is processed for the purpose of member registration and management, service provision, content provision, personalized service provision, identity verification, etc.
- Use in marketing and advertising: Personal information is processed for the purpose of developing new services and providing personalized services, providing event and advertising information, confirming service validity, determining access frequency, etc.
Article 2 (Processing and Retention Period of Personal Information)
① The Company processes and retains personal information within the personal information retention and use period stipulated by law or the personal information retention and use period consented to by the data subject when collecting personal information.
② The Company retains and uses members' personal information until member withdrawal or until the purpose of collection and use is achieved, and without separate request, it will be stored for 3 years from the date of collection and then destroyed.
Article 3 (Items of Personal Information Being Processed)
The Company processes the following personal information items:
- Required items for service provision and member management: Email, phone number
- Automatically collected items: Service usage records (daily/monthly platform-specific API call volume), last login time
Article 4 (Procedures and Methods for Destroying Personal Information)
① The Company destroys the relevant personal information within a reasonable period when it becomes unnecessary due to the expiration of the retention period or achievement of the processing purpose. However, due to technical constraints or large-volume data processing situations, the destruction procedure may take a certain period, and until destruction, access control and other security measures will be taken.
② If personal information must continue to be preserved under other laws despite the expiration of the personal information retention period consented to by the data subject or the achievement of the processing purpose, the personal information will be moved to a separate database (DB) or stored in a different location.
③ The procedures and methods for destroying personal information are as follows:
- Destruction procedure: The Company selects personal information for which destruction reasons have occurred and destroys it with the approval of the Company's personal information protection officer.
- Destruction method: Personal information recorded and stored in electronic file format is deleted using technical methods to prevent reproduction of the records, and personal information recorded and stored in paper documents is destroyed by shredding with a shredder or incineration.
Article 5 (International Transfer of Personal Information)
The Company transfers users' personal information internationally as follows:
- Recipient: Google LLC (Firebase)
- Transfer country: United States and other countries where Google servers are located
- Recipient's purpose of use: Member information storage, authentication service provision
- Personal information items being transferred: Email, phone number, service usage records, last login time
- Recipient's retention and use period: Until member withdrawal or service use termination
※ The Company uses Firebase service to store and manage member data, and data is processed according to Google's privacy policy and Firebase service terms.
Article 6 (Rights and Obligations of Data Subjects and Legal Representatives and How to Exercise Them)
① Data subjects may exercise rights such as personal information access, correction, deletion, processing suspension requests, etc., to the Company at any time.
② The exercise of rights under paragraph 1 may be made to the Company in writing, via email, fax transmission, etc., in accordance with Article 41(1) of the Enforcement Decree of the "Personal Information Protection Act," and the Company will take action without delay.
③ The exercise of rights under paragraph 1 may be made through a legal representative of the data subject or an agent such as someone who has been delegated. In this case, a power of attorney according to the form in Attachment 11 of the "Notice on Personal Information Processing Methods (No. 2020-7)" must be submitted.
④ Requests for personal information access and processing suspension may be restricted according to Article 35(4) and Article 37(2) of the "Personal Information Protection Act."
⑤ Requests for correction and deletion of personal information cannot request deletion if the personal information is specified as a collection target in other laws.
⑥ The Company verifies whether the person requesting access, correction/deletion, or processing suspension under data subject rights is the person themselves or a legitimate agent.
Article 7 (Measures to Ensure the Safety of Personal Information)
The Company takes the following measures to ensure the safety of personal information:
- Administrative measures: Minimizing and training staff handling personal information
- Technical measures: Managing access rights and controlling access to personal information processing systems
- Firebase database access rules settings
Article 8 (Collection, Use, and Rejection of Behavioral Information)
① The Company collects and uses behavioral information to provide optimized personalized services, benefits, online personalized advertising, etc., to data subjects during service use.
② The Company collects behavioral information as follows:
- Items of behavioral information collected: Service usage records (daily/monthly platform-specific API call volume), last login time
- Behavioral information collection method: Automatically collected when users visit the Company's website and use the service
③ Users can partially reject personalized advertising based on preferences by changing web browser settings. However, even if users reject personalized advertising, general advertising will still be provided.
Article 9 (Criteria for Additional Use and Provision)
The Company may additionally use or provide personal information without the consent of the data subject in consideration of the matters specified in Article 14-2 of the "Enforcement Decree of the Personal Information Protection Act" in accordance with Article 15(3) and Article 17(4) of the "Personal Information Protection Act." Accordingly, the Company has considered the following matters to additionally use or provide personal information without the consent of the data subject:
- Whether the purpose of additional use or provision of personal information is related to the original collection purpose
- Whether additional use or provision is predictable in light of the circumstances under which personal information was collected or processing practices
- Whether the additional use or provision of personal information unduly infringes on the interests of the data subject
- Whether necessary measures such as pseudonymization or encryption have been taken to ensure safety
Article 10 (Personal Information Protection Officer)
① The Company has designated a personal information protection officer as follows to take overall responsibility for personal information processing tasks and handle complaints and damage relief from data subjects related to personal information processing:
- Personal Information Protection Officer Name: Kim Young-woong
- Contact: 010-9254-0402
② Data subjects may inquire about all personal information protection-related matters, complaints, damage relief, etc., that arise while using the Company's service to the personal information protection officer. The Company will respond to and handle inquiries from data subjects without delay.
Article 11 (Remedy for Rights Infringement)
Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, KISA Personal Information Infringement Reporting Center, etc., for remedy regarding personal information infringement. For other reports and consultations on personal information infringement, please contact the following institutions:
- Personal Information Dispute Mediation Committee: (Without area code) 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Reporting Center: (Without area code) 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office: (Without area code) 1301 (www.spo.go.kr)
- National Police Agency: (Without area code) 182 (ecrm.cyber.go.kr)
A person whose rights or interests have been infringed due to disposition or inaction by the head of a public institution regarding requests made under the provisions of Article 35 (Access to Personal Information), Article 36 (Correction/Deletion of Personal Information), Article 37 (Suspension of Personal Information Processing, etc.) of the "Personal Information Protection Act" may request administrative adjudication according to the Administrative Appeals Act. ※ For details on administrative adjudication, please refer to the Central Administrative Appeals Commission website (www.simpan.go.kr).
Article 12 (Changes to Privacy Policy)
① This privacy policy applies from May 19, 2025.
② Previous privacy policies can be viewed below. Not applicable (first establishment)