Privacy Policy
Yeomyeonggeori (hereinafter referred to as the 'Company') values users' personal information and complies with the Personal Information Protection Act and other relevant laws. Through this Privacy Policy, the Company informs users about the purposes and methods of using the personal information provided by users, and what measures are being taken to protect their personal information.
1. Items of Personal Information Collected
Required Items
Membership Registration and Management
- Email address, password (or Google login information: name, email address, profile photo)
Service Usage Information
- Product information entered by users (product name, description, price, etc.)
- Marketing content created by users
For Paid Services (Payment information is processed through external PG providers)
- Subscription status, plan information, payment processor customer identifier
- Invoice and payment status, payment currency
- AI credit usage, additional credit purchase history, refund or chargeback records
Information Automatically Generated and Collected During Service Use
- Service usage records, access logs, cookies, IP address
- Device information, browser information
- AI feature usage data (feature name, model name, token usage, processing time, etc.)
Collection Methods
- Direct collection during membership registration and service use
- Automatic collection through Google OAuth
- Collection through customer service inquiries and event entries
- Collection through automatically generated information collection tools
2. Purpose of Collection and Use of Personal Information
Service Provision
- Member identification and identity verification
- Provision of AI-based marketing content generation and automatic publishing features
- Provision of analytics and reporting features
- Payment processing and credit usage calculation
- Prevention of fraudulent use and misuse
- Service usage statistics and analysis
Member Management
- Identity verification and personal identification for member-based service use
- Prevention of fraudulent use by malicious members and unauthorized use
- Verification of intent to join and age verification
- Handling of complaints and delivery of notices
Use for Marketing and Advertising (with consent)
- Development of new services and provision of customized services
- Delivery of promotional information such as events
- Identification of access frequency and statistics on members' service use
3. Retention and Use Period of Personal Information
In principle, users' personal information is destroyed without delay once the purpose of collection and use is achieved. However, the following information is retained for the reasons specified below for the period indicated.
Information Retention Based on Company Internal Policy
- Fraudulent use records: Retained for 1 year after withdrawal to prevent fraudulent use, then destroyed
- Dormant account information: 1 year after dormancy conversion (destroyed after a total of 2 years of inactivity)
- Product information and generated content: Automatically deleted after up to 6 months of storage
Information Retention Based on Relevant Laws
- Records of contracts or withdrawal of subscription: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
- Records of payment and supply of goods, etc.: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
- Records of consumer complaints or dispute handling: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
- Login records: 3 months (Protection of Communications Secrets Act)
4. Destruction Procedures and Methods of Personal Information
In principle, the Company destroys the relevant information without delay after the purpose of collection and use of personal information is achieved. The destruction procedures and methods are as follows.
Destruction Procedure
Information entered by users for membership registration, etc. is transferred to a separate DB after the purpose is achieved, stored for a certain period according to internal policies and other relevant laws for information protection, and then destroyed. Personal information transferred to a separate DB is not used for purposes other than retention unless required by law.
Destruction Method
- Personal information stored in electronic file format is deleted using technical methods that make it impossible to reproduce the records.
- Personal information printed on paper is destroyed by shredding or incineration.
5. Provision of Personal Information to Third Parties
The Company does not provide users' personal information to external parties in principle. However, exceptions are made in the following cases.
- When users have given prior consent
- When required by law or by investigative agencies according to the procedures and methods stipulated by law for investigation purposes
6. Outsourcing of Collected Personal Information and Cross-Border Transfer
The Company outsources personal information as follows for service improvement, and stipulates necessary matters so that personal information can be safely managed in outsourcing contracts in accordance with relevant laws.
Personal Information Outsourcing
| Trustee | Outsourced Task |
|---|
| Cloudflare, Inc. | Cloud infrastructure (CDN/WAF/DNS) operation |
| Supabase, Inc. | Database/authentication/storage operation |
| Stripe, Inc. | Overseas payment processing |
| Google LLC | Google Analytics (GA4) — Website visitor analysis, Google login authentication |
The Company's personal information outsourcing processors and outsourced tasks may change, and any changes will be announced through this Privacy Policy.
Cross-Border Transfer of Personal Information
The Company transfers personal information overseas as follows for service provision. Cross-border transfers are made within the scope necessary for the performance of the service use contract, and protective measures are applied in accordance with relevant laws so that personal information can be safely protected.
| Recipient | Country | Purpose | Timing/Method | Retention Period |
|---|
| Cloudflare, Inc. | United States | Cloud infrastructure (CDN/WAF/DNS) | Automatic transfer through network requests when using the service | Until termination of outsourcing contract |
| Supabase, Inc. | United States | Database/authentication/storage | Automatic transfer when using the service | Until termination of outsourcing contract |
| Stripe, Inc. | United States | Payment processing, billing management, refund/dispute handling | Automatic transfer when paying | 5 years (Act on Electronic Commerce) |
| Google LLC | United States | GA4 analytics, Google login authentication | Automatic transfer when using the service | Until termination of outsourcing contract |
Users may refuse the cross-border transfer of personal information, and refusal may limit the use of relevant features. Transferred personal information is retained for the duration of service use and is destroyed without delay after the purpose of use is achieved.
7. Information on Automated Decisions
The Company performs the following automated processing during service provision.
- AI-based Marketing Content Generation: AI models automatically generate content based on product information, keywords, etc. entered by users.
- Scheduled Content Publishing: Content is automatically published according to the schedule set by the user.
Users have the right to request explanations of automated decisions, refuse automated decisions, and request human intervention. To exercise these rights, please contact the Personal Information Protection Officer.
The Company applies access control and minimization measures for automated processing.
8. Protection of Personal Information of Children Under 14
The Company restricts membership registration by children under 14 years of age. When collecting personal information of children under 14, consent from a legal representative must be obtained, and the legal representative may request access, correction, deletion, or suspension of processing of the child's personal information. If it becomes known that personal information of a child under 14 has been collected without the consent of a legal representative, such information will be destroyed without delay.
9. Matters Concerning Pseudonymized Information Processing
The Company does not currently process pseudonymized information separately. If pseudonymized information is processed in the future for purposes such as statistical creation, scientific research, or preservation of public interest records, it will be announced through this Privacy Policy in accordance with relevant laws.
10. Rights of Users and Legal Representatives and How to Exercise Them
Users and legal representatives can view or modify their own personal information or that of children under 14 they represent at any time, and can also request withdrawal of membership.
- Personal information view/modification: Available directly on the 'Edit Member Information' page within the service
- Membership withdrawal (consent revocation): Available on the 'Withdraw Membership' page within the service after identity verification
- Or take action without delay by contacting the Personal Information Protection Officer via email
When users request correction of errors in their personal information, the Company will not use or provide such personal information until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction results without delay to ensure that the correction is made.
The Company processes personal information terminated or deleted at the request of users or legal representatives in accordance with '3. Retention and Use Period of Personal Information' and ensures that it cannot be viewed or used for other purposes.
Upon membership withdrawal, stored external authentication tokens such as Google OAuth are immediately deleted. Users can also directly revoke the Company's data access permissions on the Google Account Permissions page (https://myaccount.google.com/permissions).
11. Matters Concerning the Installation, Operation, and Refusal of Personal Information Auto-Collection Devices
The Company uses 'cookies' that store and recall usage information from time to time to provide individualized customized services to users. Cookies are very small text files sent by the server operating the website to the user's browser, and are stored on the user's computer hard disk.
- Purpose of using cookies: Analyzing access frequency and visit time of members and non-members, identifying users' tastes and interests, identifying participation in various events and number of visits, and providing targeted marketing and personalized services.
- Installation/operation and refusal of cookies: Users have the option to install cookies. By setting options in your web browser, you can allow all cookies, confirm each time cookies are saved, or refuse to save all cookies. However, refusing to install cookies may cause difficulties in service provision.
12. Technical and Administrative Measures for Personal Information Protection
In processing users' personal information, the Company is taking the following technical and administrative measures to ensure safety so that personal information is not lost, stolen, leaked, altered, or damaged.
- Password Encryption: Member passwords are stored and managed in encrypted form, so only the user can know them, and verification and changes to personal information can only be made by the user who knows the password.
- Transmission Section Encryption: All communications are encrypted and transmitted via HTTPS.
- Access Permission Control: Access to personal information is granted only to personnel necessary for business, and Role-Based Access Control (RBAC) and Row Level Security are applied.
- API Token Security: API access tokens used in external service integration are stored encrypted and only minimum permissions are requested. They are immediately deleted upon membership withdrawal.
- Minimum Information Transfer for External API Integration: Only the minimum information necessary for service provision is transferred during third-party service integration.
- Measures Against Hacking: To prevent member personal information from being leaked or damaged by hacking or computer viruses, the Company controls unauthorized access from the outside through intrusion prevention systems (WAF), etc.
- Minimization and Training of Processing Staff: The Company limits personal information processing staff to those in charge, and emphasizes compliance with the Privacy Policy through regular training for those in charge.
- Access Log Retention and Inspection: Access logs for personal information access/processing are retained, and regular inspections are conducted at least once per quarter.
However, the Company is not responsible for any problems caused by leakage of personal information such as ID and password due to the user's negligence or internet problems.
13. Personal Information Protection Officer and Responsible Department
The Company has designated a Personal Information Protection Officer as follows to protect customers' personal information and handle complaints related to personal information.
- Personal Information Protection Officer: Kim Yeomyeong
- Email: [email protected]
- Role: Personal information protection management, complaint handling, and internal training
For reports of personal information infringement or counseling, please contact the following organizations.
- Personal Information Infringement Report Center (privacy.kisa.or.kr / 118)
- Supreme Prosecutors' Office Cyber Investigation Division (www.spo.go.kr / 1301)
- National Police Agency Cyber Safety Guardian (police.go.kr / 182)
14. Notification Obligation
When there are additions, deletions, or modifications to the current Privacy Policy, notification will be given through in-app announcements or email at least 7 days before the revision. However, if there are important changes to user rights, such as collection and use of personal information or provision to third parties, notification will be given at least 30 days in advance.
- Announcement date: May 8, 2026
- Effective date: May 8, 2026