Privacy Policy

Article 1 (Purpose)

1. The Provider (hereinafter referred to as the "Provider") establishes this Privacy Policy (hereinafter referred to as "this Policy") in order to protect the information (hereinafter referred to as "personal information") of individuals (hereinafter referred to as "users" or "individuals") who use the services provided by the Provider (hereinafter referred to as "Provider Services"), to comply with relevant laws and regulations including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. (hereinafter referred to as "Information and Communications Network Act"), and to promptly and smoothly handle complaints related to the protection of service users' personal information.

Article 2 (Principles of Personal Information Processing)

1. In accordance with personal information-related laws and this Policy, the Provider may collect users' personal information, and the collected personal information may be provided to third parties only with the individual's consent. However, if legally mandated by statutory provisions, the Provider may provide collected users' personal information to third parties without prior individual consent.



Article 3 (Disclosure of this Policy)

1. The Provider discloses this Policy through the first screen of the Provider's website or a screen linked to the first screen so that users can easily check this Policy at any time.
2. When disclosing this Policy pursuant to paragraph 1, the Provider uses font size, color, etc. to ensure that users can easily check this Policy.



Article 4 (Changes to this Policy)

1. This Policy may be revised in accordance with changes to personal information-related laws, guidelines, notifications, or government or Provider Service policies or contents.
2. When revising this Policy pursuant to paragraph 1, the Provider announces it through one or more of the following methods.
3. Announcement through the notice section of the first screen of the internet homepage operated by the Provider or through a separate window
4. Announcement to users by written notice, facsimile transmission, electronic mail, or similar methods
5. The Provider makes the announcement pursuant to paragraph 2 at least 7 days prior to the effective date of the Policy revision. However, if there are significant changes to user rights, it announces at least 30 days in advance.



Article 5 (Information for Member Registration)

1. The Provider collects the following information for users' member registration for Provider Services.

Required collection information: Password and nickname
Optional collection information: Email



Article 6 (Information for Identity Verification)

1. The Provider collects the following information for user identity verification.

Required collection information: Date of birth



Article 7 (Other Collected Information)

1. The Provider collects information as follows.
2. Information is not collected for users who do not use the "save data to account" feature.
3. Information will not be used for purposes other than the collection purpose.

Collection purpose: Providing "save data to account" feature
Collected information: Encrypted conversation content exchanged with artificial intelligence, encrypted persona information



Article 8 (Personal Information Collection Methods)

1. The Provider collects users' personal information through the following methods.

Method in which users enter their personal information on the Provider's website
Method in which users enter their personal information through services other than the website provided by the Provider, such as applications
Method in which users enter information in the process of using the Provider's services, such as customer center consultations and activities on bulletin boards



Article 9 (Use of Personal Information)

1. The Provider uses personal information in the following cases.

When necessary for Provider operations, such as delivering announcements
To improve services for users, such as responding to usage inquiries and handling complaints
To provide the Provider's services
To prevent and sanction measures against members who violate laws and Provider terms, including acts that hinder the smooth operation of services, including fraudulent use
For the development of new services



Article 10 (Provision of Personal Information Based on Prior Consent, Etc.)

1. Notwithstanding the prohibition on providing personal information to third parties, the Provider may provide personal information to third parties if users disclose in advance or consent to the following matters. However, even in this case, the Provider provides personal information to the minimum extent within the scope of relevant laws.
2. The Provider also follows the same procedure to notify and obtain consent from users when there is a change in the third-party provision relationship pursuant to the preceding paragraph or when the third-party provision relationship is terminated.



Article 11 (Entrusted Processing of Personal Information)

1. The Provider entrusts personal information processing as follows for smooth service provision and effective business processing.

Personal information processing is entrusted to Cloudflare for DB purposes until service termination
- Cloudflare is a provider headquartered in the United States, and personal information is transferred overseas.
- Cloudflare's privacy policy can be found at https://www.cloudflare.com/privacypolicy/

Article 12 (Retention and Use Period of Personal Information)

1. The Provider retains and uses users' personal information for the period necessary to achieve the purpose of collecting and using personal information.
2. Notwithstanding the preceding paragraph, the Provider retains service fraud usage records for up to 1 year from the time of member withdrawal to prevent fraudulent registration and use in accordance with internal policies.



Article 13 (Retention and Use Period of Personal Information According to Laws)

1. The Provider retains and uses personal information as follows in accordance with relevant laws.

2. Retention information and retention period according to the Act on Consumer Protection in Electronic Commerce, Etc.
3. Records on contracts or withdrawal of subscription, etc.: 5 years
4. Records on payment and supply of goods, etc.: 5 years
5. Records on consumer complaints or dispute resolution: 3 years
6. Records on indication and advertisement: 6 months
7. Retention information and retention period according to the Protection of Communications Secrets Act
8. Website log record data: 3 months
9. Retention information and retention period according to the Electronic Financial Transactions Act
10. Records on electronic financial transactions: 5 years
11. Act on the Protection and Use of Location Information, Etc.
12. Records on personal location information: 6 months



Article 14 (Principle of Personal Information Destruction)

1. In principle, the Provider destroys such information without delay when personal information is no longer necessary, such as when the purpose of processing users' personal information is achieved or the retention and use period has expired.




Article 15 (Personal Information Destruction Procedures)

1. Information entered by users for member registration, etc. is transferred to a separate DB (separate document box in the case of paper) after the purpose of personal information processing is achieved and stored for a certain period according to internal policies and information protection reasons under other relevant laws (refer to retention and use period) before being destroyed.
2. The Provider destroys personal information for which destruction reasons have occurred through the approval procedure of the personal information protection officer.



Article 16 (Personal Information Destruction Methods)

1. The Provider deletes personal information stored in electronic file format using technical methods that cannot reproduce records, and destroys personal information printed on paper by shredding with a shredder or incineration, etc.




Article 17 (Measures for Transmitting Advertising Information)

1. The Provider obtains users' explicit prior consent when transmitting commercial advertising information using electronic transmission media. However, prior consent is not obtained in any of the following cases
2. When the Provider has collected contact information directly from recipients through transaction relationships for goods, etc., and intends to transmit commercial advertising information for the same type of goods, etc. that the Provider has processed and transacted with recipients within 6 months from the date the transaction ends
3. When a telephone solicitation seller under the 「Act on Door-to-Door Sales, Etc.」 verbally notifies recipients of the source of personal information collection and solicits by telephone
4. Notwithstanding the preceding paragraph, the Provider does not transmit commercial advertising information when recipients express their intention to refuse reception or withdraw prior consent, and notifies them of the processing results for refusal of reception and withdrawal of consent.
5. When transmitting commercial advertising information using electronic transmission media during the time from 9:00 PM to 8:00 AM the next day, the Provider obtains separate prior consent from the recipients, notwithstanding paragraph 1.
6. When transmitting commercial advertising information using electronic transmission media, the Provider specifically discloses the following matters in the advertising information.
- Provider's name and contact information
- Indication of matters concerning the expression of intent to refuse reception or withdraw consent
7. When transmitting commercial advertising information using electronic transmission media, the Provider does not take any of the following measures.
- Measures to evade or hinder the refusal of reception or withdrawal of consent by advertising information recipients
- Measures to automatically create recipients' contact information such as telephone numbers and email addresses by combining numbers, symbols, or letters
- Measures to automatically register telephone numbers or email addresses for the purpose of transmitting commercial advertising information
- Various measures to conceal the identity of the advertising information sender or the source of advertisement transmission
- Various measures to deceive recipients and induce responses for the purpose of transmitting commercial advertising information



Article 18 (Protection of Children's Personal Information)

1. The Provider allows member registration only for users aged 14 or older to protect the personal information of children under 14 years of age.
2. Notwithstanding paragraph 1, if the user is a child under 14 years of age, the Provider obtains consent from the child's legal representative for the collection, use, and provision of the child's personal information.
3. In the case of paragraph 2, the Provider additionally collects the legal representative's name, date of birth, gender, duplicate registration confirmation information (ID), mobile phone number, etc.



Article 19 (User's Obligations)

1. Users must keep their personal information up to date, and the responsibility for problems arising from users' inaccurate information input lies with the users themselves.
2. In the case of member registration using another person's personal information, users may lose their user qualifications or be punished according to relevant personal information protection laws.
3. Users are responsible for maintaining security for email addresses, passwords, etc., and cannot transfer or lend them to third parties.



Article 20 (Provider's Personal Information Management)

1. The Provider is taking necessary technical and managerial protective measures to ensure safety so that personal information is not lost, stolen, leaked, falsified, or damaged in processing users' personal information.




Article 21 (Processing of Deleted Information)

1. Personal information terminated or deleted at the request of users or legal representatives is processed according to what is specified in "Retention and Use Period of Personal Information" collected by the Provider and is processed so that it cannot be viewed or used for other purposes.




Article 22 (Encryption of Passwords)

1. Users' passwords are stored and managed with one-way encryption, and verification and changes to personal information are possible only by the user who knows the password.




Article 23 (Measures Against Hacking, Etc.)

1. The Provider is doing its best to prevent users' personal information from being leaked or damaged by intrusion into information and communication networks such as hacking and computer viruses.
2. The Provider uses the latest vaccine programs to prevent users' personal information or data from being leaked or damaged.
3. The Provider is doing its best for security by using intrusion prevention systems in preparation for emergencies.
4. The Provider ensures that sensitive personal information (if collected and retained) can be safely transmitted over the network through encrypted communication, etc.



Article 24 (Minimization and Training of Personal Information Processing)

1. The Provider limits personal information processing staff to the minimum and emphasizes compliance with laws and internal policies through administrative measures such as training for personal information processors.




Article 25 (Measures for Personal Information Leakage, Etc.)

1. When the Provider becomes aware of the loss, theft, or leakage (hereinafter referred to as "leakage, etc.") of personal information, it immediately notifies the relevant users of all of the following matters and reports to the Korea Communications Commission or Korea Internet & Security Agency.

- Personal information items that were leaked, etc.
- Time when leakage, etc. occurred
- Measures that users can take
- Response measures by the information and communications service provider, etc.
- Department and contact information where users can receive consultation, etc.



Article 26 (Exceptions to Measures for Personal Information Leakage, Etc.)

1. Notwithstanding the preceding Article, if there is a legitimate reason such as not being able to know the user's contact information, the Provider may take measures to replace the notification of the preceding Article by posting on the Provider's website for 30 days or more.

Article 27 (Protection of Personal Information Transferred Abroad)

1. The Provider does not conclude international agreements that violate relevant laws and regulations such as the Personal Information Protection Act regarding users' personal information.
2. The Provider obtains users' consent to provide (including cases of inquiry), entrust processing, or store (hereinafter referred to as "transfer") users' personal information abroad. However, if all of the items in paragraph 3 of this Article are disclosed in accordance with relevant laws and regulations such as the Personal Information Protection Act or notified to users according to methods prescribed by Presidential Decree such as email, the consent procedure for entrusted processing and storage of personal information may be omitted.
3. To obtain consent pursuant to the main text of paragraph 2 of this Article, the Provider notifies users of all of the following matters in advance.
- Personal information items being transferred
- Country to which personal information is transferred, transfer date and time, and transfer method
- Name of the person receiving personal information (in the case of a corporation, its name and contact information of the information management officer)
- Purpose of using personal information by the person receiving personal information and the retention and use period
4. When transferring personal information abroad after obtaining consent pursuant to the main text of paragraph 2 of this Article, the Provider takes protective measures in accordance with the Presidential Decree of the Personal Information Protection Act and other relevant laws and regulations.



Article 28 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)

1. The Provider uses automatic personal information collection devices (hereinafter referred to as 'cookies') that store usage information and retrieve it from time to time to provide individual customized services to users. Cookies are small amounts of information sent to users' web browsers (including PC and mobile) by servers (http) used to operate websites and may be stored in users' storage space.
2. Users have the right to choose cookie installation. Therefore, users can allow all cookies, go through confirmation each time cookies are stored, or refuse to store all cookies by setting options in their web browser.
3. However, if you refuse to store cookies, you may have difficulty using some of the Provider's services that require login.


Article 29 (Method of Specifying Cookie Installation Permission)

1. You can set cookie permission, cookie blocking, etc. through web browser option settings.

Edge: Settings menu at the top right of the web browser > Cookies and site permissions > Manage and delete cookies and site data
Chrome: Settings menu at the top right of the web browser > Privacy and security > Cookies and other site data

Article 31 (Remedy for Infringement of Rights and Interests)

Data subjects can apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc. to receive relief from personal information infringement. For other reports and consultations on personal information infringement, please contact the following organizations.
Personal Information Dispute Mediation Committee: (no area code) 1833-6972 (www.kopico.go.kr)
Personal Information Infringement Report Center: (no area code) 118 (privacy.kisa.or.kr)
Supreme Prosecutors' Office: (no area code) 1301 (www.spo.go.kr)
National Police Agency: (no area code) 182 (ecrm.cyber.go.kr)
The Provider guarantees the data subject's right to self-determination of personal information and strives to provide consultation and relief from damage caused by personal information infringement. If you need to report or consult, please contact the department in charge in paragraph 1.
Those whose rights or interests have been infringed by a disposition or non-action by the head of a public institution regarding requests under Article 35 (Inspection of Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Personal Information Processing, etc.) of the Personal Information Protection Act may file an administrative appeal in accordance with the Administrative Appeals Act.
Central Administrative Appeals Commission: (no area code) 110 (www.simpan.go.kr)

Article 32 (Personal Information Protection Officer)

1. The Provider designates a personal information protection officer as follows to take overall responsibility for work related to personal information processing and to handle users' complaints and provide relief from damage related to personal information processing.

Email: [email protected]

Supplementary Provisions

Article 1 This Policy shall be enforced from April 15, 2026.

Article 2 The original text of these terms and conditions is in Korean, and translations are provided for reference purposes. If there is a difference in interpretation between the translation and the original text, the original text takes precedence.

This text has been translated from Korean. The Korean original is the legally binding version. Translations are provided for informational purposes only and have no legal effect.