PRIVACY POLICY

Koylabs (the “Company”) values the protection of personal information of its end-users who use KOKIRI services (the “Member(s)”) and always strives to protect the Members' personal information. The Company complies with all domestic laws and regulations and any notices, ordinances and guidelines published by any government agency related to the protection of personal information, including the Personal Information Protection Act (“PIPA”) and the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. (the “Communications Network Act”). The Company protects personal information of data subjects, and, to handle related grievances promptly and smoothly, establishes and discloses the Company's privacy policy (this “Privacy Policy”) pursuant to Article 30 of PIPA, as follows:

Article 1. Collection of Personal Information and Purpose of Use

The Company processes the collected personal information for the following purposes. The personal information processed by the Company is not used for any purpose other than the purposes specified in the following.

  1. Performance Pursuant to the Service Agreement; Calculation of Charges for Providing Paid Services
    Charging for paid services; purchases and payments for charges; identity verification; collecting charges for provision of contents and use of paid services.
  2. Management of Members
    Identity verification for using membership services; distinguishing personal identities; preventing misbehaving Members' misuse or unauthorized use; monitoring overlapping application; confirming a Member's intention to sign up; confirming the age; preventing the sign-up of those under the age of fourteen (14); preserving records for dispute resolution; handling complaints; sending out notices.
  3. Marketing and Advertisements
    Development of new services and provision of customized services; provision of services and placement of advertisements in accordance with statistical analysis; analysis of the effectiveness of services; analysis of access frequency; statistics on Members' use of services; providing event information, advertisement information, and opportunities for participation.

Article 2. Processing and Retaining Personal Information

① The Company processes and retains personal information for the duration provided by the relevant laws and regulations, or the period to which each data subject consented at the time when the data subject's personal information was collected.

② The Company collects, through legal and proper means, the minimum personal information necessary to enter into a service agreement with the Member and provide the Company's services.

③ The period for processing and retaining each category of personal information is as follows:

  1. Performance of the Service Agreement & Settlement of Charges: upon the provision of the services or upon the completion of the settlement of the charges. Notwithstanding the foregoing, records on marks and advertisements are retained for 6 months; records on the contract, subscription withdrawal, payment and supply of goods for 5 years; records on customer complaints or dispute settlements for 3 years.
  2. Management of Members: until deletion of a relevant Member's account.
  3. Marketing and Advertisements: until deletion of a relevant Member's account.

Article 3. Provision of Personal Information to Third Parties

① The Company processes Members' personal information only within the scope prescribed in Article 1 of this Privacy Policy, and provides Members' personal information to third parties only under the circumstances provided for in Article 17 and Article 18 of PIPA.

② The Company provides personal information to the following third parties with prior consent from the Members:

  1. Amazon Web Services Inc.
  2. Firebase
  3. Google Cloud Platform
  4. Google Analytics
  5. Revenue Cat
  6. Appsflyer

③ In the event the Company assigns all or part of its business or succeeds the rights and obligations of the service provider due to merger or inheritance, the Company shall give notice to each Member in writing or by posting on the Company's website for at least thirty (30) days.

Article 4. Entrustment of Personal Information

① The Company entrusts personal information to the following third-party companies to improve the Company's services.

  1. System Operation — Amazon Web Service, Inc., Google Cloud Platform, Firebase
  2. Statistics and Data Analysis — Google Analytics, Appsflyer
  3. Payment Processing — Revenue Cat

② When entering an entrustment agreement, the Company, in accordance with Article 26 of PIPA, stipulates obligations such as prevention of personal information processing for purposes other than the outsourced purpose, technical and managerial safeguards, restriction on further outsourcing, and responsibility of compensation of damages.

③ If there is a change in the entrusted operations or companies, the Company will disclose it through this Privacy Policy.

Article 5. Rights and Obligations of Members; Exercise of the Rights

① A Member is liable for any accident caused by the Member's entry of inaccurate information.

② At any time, Members may view or edit their personal information registered in their accounts, or request deletion of their accounts together with their personal information.

③ Members may view or edit their personal information by clicking “edit my personal information” and completing the identity verification process. Members may also delete their accounts by clicking “delete my account” and verifying their identity.

④ Where a Member requests the correction of its/his/her personal information, the Company does not use or provide the relevant information until the correction is made.

⑤ If the Company learns that a Member stole another person's personal information when signing up, the Company will take necessary measures against such Member.

⑥ Members using the Company's services have privacy rights, along with obligations to protect their own personal information and to not violate others'.

Article 6. Items of Personal Information to be Processed

The Company processes the following items of personal information:

  1. Provision of Service and Performance of Service Agreement — Required items: e-mail address, gender, date of birth, email and membership number for Google, Apple, or Facebook account.
  2. Payment and Provision of Paid Services — Required items: payment history.
  3. Provision of Opportunities to Participate in Events or Promotions — Optional items: email address, date of birth, gender.
  4. Provision of Recommendation Service Customized to Each Member — Optional items: access information that cannot identify a certain Member, behavioral information such as access period and the number of views.
  5. Customer Center Access — Optional items: email address, date of birth, payment information.

Article 7. Destruction of Personal Information

① The Company immediately destroys personal information when the information is no longer needed. When a Member requests to delete its/his/her account, the Company temporarily stores the personal information of such Member for seven (7) days and notifies such Member of the grace period at the time of the request. After the seven (7) days period expires, the personal information is completely destroyed.

② Members' personal information is destroyed immediately after it fully serves the purpose of collection and use. The following retention periods apply under relevant laws:

  • Records on the contract or subscription withdrawal: 5 years
  • Records on the payment and supply of goods: 5 years
  • Records on the consumer complaints or dispute settlement: 3 years
  • Records on marks and advertisements: 6 months
  • Records on website visitors: 3 months

Article 8. Measures for Ensuring Safety of Personal Information

The Company has taken the following measures to ensure safety of personal information:

  1. Encryption of personal information — The Company transmits Members' personal information over the network via encrypted communication. The Company also encrypts Members' passwords for storage.
  2. Measures against hacking, etc. — The Company makes every effort to prevent leakage or damage of Members' personal information caused by hacking or computer viruses, and uses encrypted communication to safely transmit personal information over the network.
  3. Keeping minimal number of employees and education — The Company keeps employees handling personal information to a minimum and provides periodic training programs.
  4. Restrictions on Access to Personal Information — The Company restricts entry of unauthorized personnel by keeping personal information in a separate place and setting and operating procedures to control access.

Article 9. Cookie Policy

① The Company uses cookies, which are small pieces of information that store and retrieve Members' access information, to provide personalized and customized service to Members.

② Members have an option for setting a cookie. Members may allow all cookies by setting the option on the web browser, complete the confirmation whenever a cookie is stored, or block the storage of all cookies. If Members reject the storage of a cookie, then Members may have difficulties using the services.

③ The information collected by cookies is limited to the unique ID of each Member and no other information is collected.

Article 10. Linked Websites

The Company may provide on its website the websites of other companies or links to other websites. If Members visit such websites, Members should review the privacy policies posted by such websites as those policies are irrelevant to this Privacy Policy.

Article 11. Obligation to Notify

The Company will notify Members of any addition, deletion, or revision of this Privacy Policy at least seven (7) days prior to the scheduled amendment. If a modification puts Members at a disadvantage, the Company will notify such amendments at least thirty (30) days prior to the scheduled amendment.

Article 12. Chief Privacy Officer

The Company prioritizes protecting the Members' personal information and makes its best efforts to not damage or leak personal information of its Members.

Article 13. Requests to Access Personal Information

Pursuant to Article 35 of PIPA, Members may make a request to access their personal information to the following department:

Article 14. Remedies for Violation of Privacy Rights and Interests

① The Company values its Members' opinions. The Company will give prompt and full responses to any inquiries regarding the Company's services.

② When help is needed on other privacy matters, please contact:

  • Personal Information Infringement Reporting Center, Korea Internet & Security Agency — Phone: 118 / Website: http://privacy.kisa.or.kr
  • Cyber Bureau of Investigation, National Police Agency — Phone: 02-393-9112 / Website: http://www.netan.go.kr
  • Cyber Crime Investigation Unit of the Supreme Prosecutor's Office — Phone: 02-3480-3751 / Website: http://www.spo.go.kr

Effective Date: March 08, 2023