Part 2: Privacy Policy

Article 1 (Purpose of Collection and Use of Personal Information)

① The Company processes personal information for the following purposes. Personal information being processed is not used for purposes other than those stated below, and if the purpose of use changes, the Company will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act:

• Service provision and contract fulfillment: Member registration, service provision, identity verification, subscription management, payment processing
• Service improvement and new service development: Usage statistics analysis, service quality improvement, new feature development
• Customer support: Inquiry response, complaint handling, notice delivery, customer satisfaction surveys
• Legal obligation fulfillment: Compliance with tax laws, e-commerce laws, Communications Secrets Protection Act, and other relevant laws
• Marketing and advertising: Providing customized services and advertisements to users (with consent)

Article 2 (Items of Personal Information Collected and Collection Methods)

① The Company collects the following personal information to provide the Service:

• Required items: Email address, password (stored encrypted), service usage records (access logs, usage, etc.)
• Optional items: Profile information, marketing consent
• Automatically collected items: IP address, cookies, access logs, device information (browser type, OS information), browser extension version information
• Payment information: Payment method information, payment history (sensitive information such as credit card numbers are managed by payment processors)
• Prompt data: Temporarily processed for service provision and deleted immediately after processing

② The Company collects personal information through the following methods:

• When users directly input information (member registration, profile modification, etc.)
• When automatically generated and collected during service use (access logs, cookies, etc.)
• When collected through payment processors (payment information)
• When processed through third-party services (OpenAI API, etc.) (temporary processing for prompt improvement)

③ The Company does not store users' original prompt content for extended periods and deletes it immediately after temporary processing for service improvement. However, anonymized statistical data may be retained for service improvement purposes.

Article 3 (Processing and Retention Period of Personal Information)

① The Company processes and retains personal information within the period of retention and use of personal information under applicable laws or the period of retention and use of personal information agreed upon at the time of collection from the information subject.

② The processing and retention period for each type of personal information is as follows:

• Member information: Until membership withdrawal (however, if retention is required under relevant laws, it will be retained for the required period)
• Payment information: Retained for 5 years under the E-Commerce Act
• Service usage records: Retained for 3 months under the Communications Secrets Protection Act
• Access logs: Retained for 3 months under the Communications Secrets Protection Act
• Prompt data: Not stored (deleted immediately after temporary processing)
• Marketing consent information: Until consent withdrawal or membership withdrawal

③ When users request membership withdrawal or withdraw consent for personal information collection and use, the Company destroys the personal information without delay. However, the following information is retained for the periods specified below for the reasons stated:

• Records related to contracts or withdrawal of offers under the E-Commerce Act: 5 years
• Records related to payment and supply of goods under the E-Commerce Act: 5 years
• Login records under the Communications Secrets Protection Act: 3 months

Article 4 (Provision of Personal Information to Third Parties)

① The Company does not provide users' personal information to external parties in principle. However, exceptions are made in the following cases:

• When users have consented in advance
• When required by law or when requested by investigative agencies in accordance with procedures and methods prescribed by law for investigative purposes
• When necessary for service provision (e.g., prompt improvement processing through OpenAI API, payment processing through payment processors)

② The Company uses the following third-party services to provide the Service, and personal information may be transmitted accordingly:

• OpenAI API: Transmits prompt data for prompt improvement. For details, please refer to OpenAI's Privacy Policy (https://openai.com/privacy).
• Paddle: Transmits payment information for payment processing. For details, please refer to Paddle's Privacy Policy (https://paddle.com/privacy).
• Supabase: Stores and processes personal information for database and authentication services. For details, please refer to Supabase's Privacy Policy (https://supabase.com/privacy).

③ When the Company provides personal information to third parties, it notifies users of the following matters and obtains consent:

• The recipient of personal information
• The purpose of use of personal information
• The items of personal information provided
• The retention and use period of personal information by the recipient

④ Users have the right to refuse consent to the provision of personal information to third parties. However, service use may be restricted if consent is refused.

Article 5 (Destruction of Personal Information)

① The Company destroys personal information without delay when it becomes unnecessary due to the expiration of the retention period or achievement of the processing purpose.

② The procedures and methods for destroying personal information are as follows:

• Destruction procedure: Information entered by users is moved to a separate database (or separate documents in the case of paper) after the purpose is achieved and destroyed immediately or after a certain period in accordance with internal policies and other relevant laws.
• Destruction method: Information in electronic file format is deleted using technical methods that make it impossible to reproduce records. Personal information printed on paper is destroyed by shredding or incineration.
• Prompt data: Deleted immediately after temporary processing for service provision, and backup data is also regularly deleted.

③ When destroying personal information, the Company takes the following measures:

• Complete deletion of personal information from databases
• Deletion of personal information from backup systems
• Complete destruction if physical storage media exist

Article 6 (Rights of Users and Methods of Exercise)

① Users may exercise the following rights at any time:

• Request to access personal information
• Request correction in case of errors
• Request deletion
• Request suspension of processing
• Withdraw marketing consent

② Rights may be exercised by written request, email, or fax to the Company, and the Company will take action without delay.

③ When users request correction of personal information, the Company does not use or provide the personal information until correction is completed.

④ Users may exercise rights such as access, correction, deletion, and suspension of processing of personal information against the Company at any time, and the Company will take action without delay.

Article 7 (Measures to Ensure Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information:

• Administrative measures: Establishment and implementation of internal management plans, regular employee training, designation of personnel responsible for personal information processing and access rights management
• Technical measures: Access rights management for personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs, regular security inspections and updates
• Physical measures: Access control for computer rooms, data storage rooms, operation of access control systems
• Network security: SSL/TLS encrypted communication, firewall operation, intrusion detection system operation

② The Company limits employees who process personal information to a minimum and conducts regular security training.

③ When a personal information breach occurs, the Company immediately notifies users and takes necessary measures such as reporting to relevant agencies.

Article 8 (Operation and Rejection of Cookies)

① The Company may use cookies to provide personalized services to users.

② Cookies are small text files that are automatically created when visiting a website and stored on the user's computer. Cookies identify the user's computer but do not personally identify the user.

③ The Company uses cookies for the following purposes:

• Maintaining login status
• Analyzing service usage patterns
• Providing customized services
• Improving service quality

④ Users have the right to choose whether to install cookies and can set cookie acceptance or blocking through web browser settings. However, if cookies are rejected, there may be difficulties in using the Service.

⑤ The Company may collect service usage information through users' browser extensions, which is used solely for service provision and improvement purposes.

Article 9 (Personal Information Protection Officer)

① The Company is responsible for overseeing all matters related to personal information processing and has designated a Personal Information Protection Officer as follows to handle complaints and damage relief related to personal information processing:

② Information subjects may contact the Personal Information Protection Officer regarding all matters related to personal information protection inquiries, complaint handling, and damage relief that occur while using the Company's Service.

③ Information subjects may contact the following agencies if they need to report or consult regarding personal information breaches:

• Personal Information Infringement Report Center (privacy.go.kr / 182 without area code)
• Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
• Supreme Prosecutors' Office Cyber Crime Investigation Division (www.spo.go.kr / 02-3480-3573)
• National Police Agency Cyber Terror Response Center (www.netan.go.kr / 182 without area code)

Article 10 (Changes to Privacy Policy)

① This Privacy Policy will be notified through the Service's notice board 7 days before the implementation of any changes when additions, deletions, or modifications are made due to changes in laws, policies, or security technology.

② Previous Privacy Policies can be viewed below.

③ Users may discontinue use of the Service if they do not agree to the changed Privacy Policy.