top of page

Privacy Policy

'BelleLine', operated by 'Keensight Inc.' (hereinafter referred to as the 'Company'), has established and operates the following Privacy Policy in accordance with Article 27-2 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. (hereinafter referred to as the 'Information and Communications Network Act') to protect the personal information, rights, and interests of users and to promptly address related grievances and difficulties. The Company makes its best efforts to comply with and fulfill the responsibilities and obligations stipulated in relevant laws and regulations.

 

Article 1) Guidance on Collection, Use, and Retention Period of Personal Information

The Company collects the minimum necessary personal information for service provision, varying the purpose of collection, items collected, and retention/use period according to the services provided, as outlined below.

  • Membership Registration and Customer Management

    • Purpose of Collection: Service membership registration, mobile phone number verification, customer management.

    • Required Items: Mobile phone number, date of birth, password, nickname, photo (for general profile display, distinct from photos for 3D reconstruction), age, gender, region, spoken languages.

    • Retention and Use Period: Until membership withdrawal.

  • Service Use

    • Purpose of Collection: Profile management, customer data management, generation and management of user 3D face models from user-provided photographs for core app functionality (visualizing before & after beauty clinic procedures), customer content creation, in-app payment processing.

    • Required Items: Institution name (if applicable), name, age, multiple photographs of the user's face (for 3D reconstruction), the resulting 3D face model (as detailed in Article 1.1), mobile phone number, email address, customer registration number (if applicable), automatically collected information, service connection status, service access location.

    • Retention and Use Period: Until membership withdrawal. (Specifics for face data, including photographs for 3D reconstruction and 3D face models, are detailed in Article 1.1 and Article 3).

  • Service Quality Improvement

    • Purpose of Collection: Data analysis and statistics for service quality improvement.

    • Required Items: Device ID, conversation history, conversation content (voice), purchase history, other service usage details. Note: Personally identifiable information is excluded from analysis items.

    • Retention and Use Period: Upon achievement of the data analysis purpose.

  • Monitoring Fraudulent Users

    • Purpose of Collection: Monitoring fraudulent users and preventing re-registration.

    • Required Items: Email, mobile phone number, nickname, device ID, call history, call content (voice), purchase history, other service usage details.

    • Retention and Use Period: Personal information of users with permanently suspended accounts is retained permanently according to the service usage policy.

  • Customer Inquiries

    • Purpose of Collection: Responding to service inquiries.

    • Required Items: Email, nickname, inquiry content, mobile phone number.

    • Retention and Use Period: Until membership withdrawal.

  • Consent to Receive Marketing Information (Optional)

    • Purpose of Collection: Consent to receive information such as service benefits and event guides via text message, email, and push notifications.

    • Required Items: Nickname, mobile phone number, device ID.

    • Retention and Use Period: Until membership withdrawal or consent withdrawal.

  • Notice Regarding Personal Information Processing

    • The Company does not provide its services to children under the age of 14 and does not knowingly collect personal information related thereto.

    • If the purpose or items of member information processed by the Company change, prior consent will be requested in accordance with relevant laws and regulations.

    • The Company collects personal information through the following methods and obtains prior consent before collection:

      • Method where the user directly inputs personal information during service use.

      • Method of collecting personal information in writing offline, such as at external events.

      • Method where access logs, usage records, etc., are automatically generated and collected during service use.

    • The Company, in principle, prohibits the processing of Resident Registration Numbers (RRNs). RRNs are processed only when specifically required by law, presidential decree, National Assembly rules, Supreme Court rules, Constitutional Court rules, National Election Commission rules, and Board of Audit and Inspection rules during the course of business operations.

Article 1.1) Specifics on Face Data Processing for 3D Reconstruction

The 'Company' collects multiple photographs of the user's face, captured and provided by the user through the 'BelleLine' app, specifically for the purpose of 3D face reconstruction using the Company's proprietary technology. From these photographs, 'face data' is processed. This face data includes the original photographs, extracted facial features (such as landmarks, contours, and texture information), and the algorithmically generated 3D face model.

  • Purpose of Collection and Use of Face Data: This face data is collected and used exclusively for the following purposes:

    • To generate a 3D model of the user's face. This 3D model is the core feature of the 'BelleLine' app, enabling users to visualize how different the look of before & after beauty clinic procedures might appear on their 3D representation. Storing this data is necessary to provide this ongoing functionality to the user.

    • For storage within the user's profile and use within the app to deliver the aforementioned features for the duration of the user's active account.

    • Optionally, for service improvement: Anonymized and aggregated data derived from the 3D reconstruction process (e.g., reconstruction success metrics, general geometric properties without any individual identifiers) may be used to improve the performance and accuracy of our 3D reconstruction technology. Original photographs and identifiable 3D face models are not used for this purpose.

  • Sharing of Face Data: Original photographs and generated 3D face models are not shared with, sold, or rented to any third parties for their independent use. All processing is conducted using the Company's proprietary technology. Data is stored with Amazon Web Services (AWS) as detailed in Article 4 and Article 5. AWS is used solely for the purpose of secure hosting and storage infrastructure.

  • Storage of Face Data: Original photographs and the generated 3D face models are stored securely using technical and administrative safeguards on Amazon Web Services (AWS) servers, as further detailed in Article 5 regarding potential international server locations.

  • Retention and Deletion of Face Data: Photographs provided for 3D reconstruction and the resulting 3D face models are retained only for as long as the user's account remains active, as this data is necessary to provide the app's core 3D modeling features to the user during that time. This data is deleted from the Company's active systems upon the user's withdrawal from service (account deletion). Currently, the Company does not offer a separate mechanism for users to delete their specific face data (photographs and 3D models) while their account remains active. The management and deletion of this data are tied to the overall account status, as outlined in Article 3 and Article 7.

 

Article 2) Matters Concerning Installation, Operation, and Refusal of Automatic Personal Information Collection Devices

During the service usage process, the following information may be automatically generated/collected from the user and used for the following purposes:

  • Guidance on Automatic Collection and Refusal Methods

    • Collected Items: Visit records, access IP information, service usage records, mobile device type, model name, OS version, region of residence, all activities occurring within the app, communication connection status, network type, cookies (Cookies are small pieces of information sent by the server (http) operating the website to the user's computer browser and may be stored on the user's PC hard disk).

  • How to Install, Operate, and Refuse Cookies: You can refuse cookie storage through the methods below:

    • [Mobile]

      • iPhone: Safari App > Clear History and Website Data > Confirm.

      • Chrome: Chrome App > Top right More > History > Clear Browse data > Select time range > Check boxes next to 'Cookies and site data' and 'Cached images and files' > Clear data.

      • Naver: Naver App > Settings > Clear Cache + Internet Usage History > Delete Cookies.

Article 3) Retention, Use Period, and Destruction of Personal Information

The Company processes collected personal information within the retention/use period agreed upon by the user at the time of collection or within the retention/use period stipulated by relevant laws. Upon achievement of the purpose or expiration of the retention/use period, the relevant personal information will be destroyed without delay in a manner that prevents recovery or regeneration. Specific handling of face data, including photographs for 3D reconstruction and 3D models, is further detailed in Article 1.1.

  • Member Information

    • Upon a user's withdrawal from service membership (account deletion), their personal information, including all photographs provided for 3D reconstruction and any resulting 3D face models as detailed in Article 1.1, is deleted from active systems.

    • For the purpose of preventing fraudulent use after membership withdrawal, certain non-personally identifiable transaction or service usage data (specifically excluding face data such as photos and 3D models) may be retained for 1 year in a non-identifiable state. Re-registration with the same ID may not be possible during this period.

    • Information associated with accounts that have been permanently suspended due to violations of terms of service is not deleted, in accordance with the service usage policy.

    • Accounts of users who have not used the service for 1 year will be converted to a dormant state, and their personal information (including face data if applicable) will be stored securely, separate from the active member database, until the account is reactivated or deleted upon withdrawal.

    • Even after membership withdrawal, if relevant laws require the preservation of personal information, the Company will comply with the provisions of said laws.

  • [Notification]

    • Users will be notified 30 days prior to the expiration date regarding:

      • The fact that personal information will be destroyed or stored/managed separately.

      • The expiration date.

      • The specific items of personal information affected.

    • Notification Method: Via email, mail, phone, or other similar methods.

  • Mandatory Retention Periods Based on Relevant Laws

    • a. Records concerning labeling and advertising: Period: 6 months; Legal Basis: Act on Consumer Protection in Electronic Commerce, etc.

    • b. Records concerning contracts or withdrawal of offers: Period: 5 years; Legal Basis: Act on Consumer Protection in Electronic Commerce, etc.

    • c. Records concerning payment and supply of goods, etc.: Period: 5 years; Legal Basis: Act on Consumer Protection in Electronic Commerce, etc.

    • d. Records concerning consumer complaints or dispute resolution: Period: 3 years; Legal Basis: Act on Consumer Protection in Electronic Commerce, etc.

    • e. Records concerning access (log data): Period: 3 months; Legal Basis: Protection of Communications Secrets Act.

 

Article 4) Entrustment of Personal Information Processing

The Company entrusts some personal information processing tasks to external parties for efficient operation and supervises whether the processors handle personal information securely upon concluding entrustment contracts, in accordance with relevant laws. If the scope of entrusted tasks or the processors are added or changed, the Company will notify users through prior consent procedures as required by law or disclose the changes through this Privacy Policy without delay.

  • Entrusted Tasks and Processors

    • Processor: Google Play Store

      • Entrusted Task: In-app payment processing

      • Contact: 080-234-0051

    • Processor: Apple App Store

      • Entrusted Task: In-app payment processing

      • Contact: apple.com/legal/privacy/contact

    • Processor: Amazon Web Services (AWS)

      • Entrusted Task: System operation and secure data storage, including user-provided photographs and generated 3D face models.

      • Contact: support@keensight.kr

 

Article 5) International Transfer of Personal Information

To provide its services, including the storage of user data (such as photographs, 3D face models, and other personal information as described in Article 1), the Company utilizes Amazon Web Services (AWS), a global cloud infrastructure provider. The AWS servers used by the Company are currently located in Japan. However, for operational reasons, such as service optimization, latency reduction, or disaster recovery, the Company may in the future utilize AWS servers in other regions, or transfer data between AWS regions. These regions may be outside of the user's country of residence, including but not limited to other countries in Asia, North America, or Europe.

Amazon Web Services acts as a data processor, meaning it stores data according to the Company's instructions as part of providing the hosting infrastructure, and does not use this personal data for its own purposes. AWS retains the data only for the period directed by the Company (which, for active user data, corresponds to the duration the user's account is active, and is deleted upon account withdrawal as specified in Article 1.1 and Article 3).

The Company ensures that such international transfers are conducted in compliance with applicable data protection laws and that appropriate safeguards are in place 1 for the protection of personal information. Amazon Web Services maintains robust security and data protection certifications and practices, which apply to the data stored on their infrastructure. By using the service, users consent to the potential transfer of their personal information to AWS servers located outside of their country of residence, including Korea, under these conditions.  

Article 6) Measures to Ensure the Security of Personal Information

The Company strives to manage users' personal information securely to prevent loss, theft, leakage, alteration, or damage, and implements necessary technical, administrative, and physical measures.

  • Encryption: User personal information, including sensitive data such as photos and 3D face models, is encrypted during transit and at rest for storage and management.

  • Access Control: The Company implements measures for controlling access to personal information by granting, changing, and revoking access rights to the personal information processing system based on roles and responsibilities.

  • Establishment and Implementation of Internal Management Plan: An internal management plan is established and implemented for the secure processing of personal information.

  • Storage and Prevention of Forgery/Alteration of Access Logs: Access logs (web logs, summary information, etc.) to the personal information processing system are stored and managed for at least 1 year to facilitate responses in case of infringement incidents. Security functions are used to prevent forgery, alteration, theft, or loss of access logs.

  • Technical Countermeasures Against Hacking, etc.: The Company installs security programs and performs regular updates and checks to prevent personal information leakage or damage caused by hacking or computer viruses. Systems are installed in areas with restricted external access and are technically/physically monitored and blocked.

  • Restriction of Access to Personal Information: Access to personal information is controlled through the management of access rights to the system that processes personal information.

 

Article 7) Rights of Users and Legal Representatives and How to Exercise Them

Users have the following rights regarding their personal information, which can be exercised as follows:

  • How to Exercise Rights

    • View/Modify: Profile > Edit Profile

    • Membership Withdrawal (Account Deletion): Profile > Settings > Withdraw Service. Upon withdrawal, personal information, including face data as specified in Article 1.1, is deleted according to the terms in Article 1.1 and Article 3.

  • Users may also request the suspension of processing of their personal information through written requests, email, etc., to the Data Protection Officer.

  • The Company will not use or provide the relevant personal information until correction or deletion (in the case of account withdrawal) is completed if a request for correction of errors or account withdrawal is made.

  • A request for correction or deletion of personal information cannot be made if other laws specify that the personal information is subject to collection for a legally mandated period.

  • The Company verifies the identity of the person making the request when processing requests for access, correction/deletion, or suspension of processing according to user rights.

  • As stated in Article 1.1, currently, there is no separate mechanism for users to delete their specific face data (photographs and 3D models) while keeping their account active; deletion of face data is tied to the deletion of the entire user account via Membership Withdrawal.

 

Article 8) Data Protection Officer and Remedies for Infringement of Rights and Interests (This article appears generally fine, no changes indicated based on previous discussions, assuming contact details are current.)

The Company designates a Data Protection Officer (DPO) responsible for overseeing personal information processing tasks and handling user complaints and damage relief related to personal information processing.

  • Data Protection Officer (DPO)

    • Name: Hyunsoo Cho

    • Title/Position: CEO

    • Contact: support@keensight.kr

    • Role of the DPO: Responsible for overall personal information processing, handling related inquiries, complaints, and damage relief. Users may contact the DPO regarding any inquiries, complaints, or requests for damage relief related to personal information protection that arise while using the service. The Company will respond to and process user inquiries without delay.

  • Institutions for Assistance Regarding Rights Infringement

    • (List of Korean institutions remains unchanged)

 

Article 9) Changes to the Privacy Policy

This Privacy Policy is effective from the date specified below. Should there be any additions, deletions, or corrections to the content due to changes in relevant laws, regulations, or company policy, the Company will provide notification through its website or in-app notice without delay.

 

Privacy Policy Version: 2.0

Effective Date: May 12, 2025 (Previous Version Effective Date: January 14, 2025)

bottom of page