'EZ-FACE', operated by 'Keensight Inc.' (hereinafter referred to as the 'Company'), has established and operates the following Privacy Policy in accordance with Article 27-2 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. (hereinafter referred to as the 'Information and Communications Network Act') to protect the personal information, rights, and interests of users and to promptly address related grievances and difficulties. The Company makes its best efforts to comply with and fulfill the responsibilities and obligations stipulated in relevant laws and regulations.  

Article 1) Guidance on Collection, Use, and Retention Period of Personal Information

The Company collects the minimum necessary personal information for service provision, varying the purpose of collection, items collected, and retention/use period according to the services provided, as outlined below.

• Membership Registration and Customer Management

  • Purpose of Collection: Service membership registration, mobile phone number verification, customer management.

  • Required Items: Mobile phone number, date of birth, password, nickname, photo, age, gender, region, spoken languages.

  • Retention and Use Period: Until membership withdrawal.

• Service Use

  • Purpose of Collection: Profile management, customer data management, customer content creation, in-app payment processing.

  • Required Items: Institution name, name, age, photo, mobile phone number, email address, customer registration number, automatically collected information, service connection status, service access location.

  • Retention and Use Period: Until membership withdrawal.

• Service Quality Improvement

  • Purpose of Collection: Data analysis and statistics for service quality improvement.

  • Required Items: Device ID, conversation history, conversation content (voice), purchase history, other service usage details. Note: Personally identifiable information is excluded from analysis items.

  • Retention and Use Period: Upon achievement of the data analysis purpose.

  • Purpose of Collection: Monitoring fraudulent users and preventing re-registration.

  • Required Items: Email, mobile phone number, nickname, device ID, call history, call content (voice), purchase history, other service usage details.

  • Retention and Use Period: Personal information of users with permanently suspended accounts is retained permanently according to the service usage policy.

• Customer Inquiries

  • Purpose of Collection: Responding to service inquiries.

  • Required Items: Email, nickname, inquiry content, mobile phone number.

  • Retention and Use Period: Until membership withdrawal.

• Consent to Receive Marketing Information (Optional)

  • Purpose of Collection: Consent to receive information such as service benefits and event guides via text message, email, and push notifications.

  • Required Items: Nickname, mobile phone number, device ID.

  • Retention and Use Period: Until membership withdrawal or consent withdrawal.

• Notice Regarding Personal Information Processing

  • The Company does not provide its services to children under the age of 14 and does not knowingly collect personal information related thereto.

  • Regarding the personal information processed for user matching, the Company provides the following notice: Users acknowledge and agree to use the service understanding that they cannot fully control when, where, or how their personal information will be used. The Company is not responsible for matters arising between conversation partners. Please refer to the Terms of Service for details.

  • If the purpose or items of member information processed by the Company change, prior consent will be requested in accordanceance with relevant laws and regulations.

  • The Company collects personal information through the following methods and obtains prior consent before collection:

    • Method where the user directly inputs personal information during service use.

    • Method of collecting personal information in writing offline, such as at external events.

    • Method where access logs, usage records, etc., are automatically generated and collected during service use.

  • The Company, in principle, prohibits the processing of Resident Registration Numbers (RRNs). RRNs are processed only when specifically required by law, presidential decree, National Assembly rules, Supreme Court rules, Constitutional Court rules, National Election Commission rules, and Board of Audit and Inspection rules during the course of business operations.  

Article 2) Matters Concerning Installation, Operation, and Refusal of Automatic Personal Information Collection Devices

During the service usage process, the following information may be automatically generated/collected from the user and used for the following purposes:

• Guidance on Automatic Collection and Refusal Methods

  • Collected Items: Visit records, access IP information, service usage records, mobile device type, model name, OS version, region of residence, all activities occurring within the app, communication connection status, network type, cookies (Cookies are small pieces of information sent by the server (http) operating the website to the user's computer browser and may be stored on the user's PC hard disk).  

  • How to Install, Operate, and Refuse Cookies: You can refuse cookie storage through the methods below:

    • [Mobile]

      • iPhone: Safari App > Clear History and Website Data > Confirm.

      • Chrome: Chrome App > Top right More > History > Clear Browse data > Select time range > Check boxes next to 'Cookies and site data' and 'Cached images and files' > Clear data.

      • Naver: Naver App > Settings > Clear Cache + Internet Usage History > Delete Cookies.

Article 3) Retention, Use Period, and Destruction of Personal Information

The Company processes collected personal information within the retention/use period agreed upon by the user at the time of collection or within the retention/use period stipulated by relevant laws. Upon achievement of the purpose or expiration of the retention/use period, the relevant personal information will be destroyed without delay in a manner that prevents recovery or regeneration.

• Member Information

  • If a user withdraws from the service membership, the Company retains the personal information for 1 year to prevent fraudulent use. In this case, the personal information is kept in a non-identifiable state, and re-registration with the same ID is not possible. However, information associated with permanently suspended accounts is not deleted.

  • Accounts of users who have not used the service for 1 year will be converted to a dormant state, and their personal information will be stored securely, separate from the active member database.

  • Even after membership withdrawal, if relevant laws require the preservation of personal information, the Company will comply with the provisions of said laws.

• [Notification]

  • Users will be notified 30 days prior to the expiration date regarding:

    • The fact that personal information will be destroyed or stored/managed separately.

    • The expiration date.

    • The specific items of personal information affected.

  • Notification Method: Via email, mail, phone, or other similar methods.

• Mandatory Retention Periods Based on Relevant Laws

  • a. Records concerning labeling and advertising:

    • Period: 6 months

    • Legal Basis: Act on Consumer Protection in Electronic Commerce, etc.

  • b. Records concerning contracts or withdrawal of offers:

    • Period: 5 years

    • Legal Basis: Act on Consumer Protection in Electronic Commerce, etc.

  • c. Records concerning payment and supply of goods, etc.:

    • Period: 5 years

    • Legal Basis: Act on Consumer Protection in Electronic Commerce, etc.

  • d. Records concerning consumer complaints or dispute resolution:

    • Period: 3 years

    • Legal Basis: Act on Consumer Protection in Electronic Commerce, etc.

  • e. Records concerning access (log data):

    • Period: 3 months

    • Legal Basis: Protection of Communications Secrets Act

Article 4) Entrustment of Personal Information Processing

The Company entrusts some personal information processing tasks to external parties for efficient operation and supervises whether the processors handle personal information securely upon concluding entrustment contracts, in accordanceance with relevant laws. If the scope of entrusted tasks or the processors are added or changed, the Company will notify users through prior consent procedures as required by law or disclose the changes through this Privacy Policy without delay.

• Entrusted Tasks and Processors

  • Processor: Google Play Store

    • Entrusted Task: In-app payment processing

    • Contact: 080-234-0051

  • Processor: Apple App Store

    • Entrusted Task: In-app payment processing

    • Contact: apple.com/legal/privacy/contact

  • Processor: Amazon Web Services (AWS)

    • Entrusted Task: System operation and data storage

    • Contact: support@keensight.kr

Article 5) International Transfer of Personal Information

The Company does not transfer user personal information to businesses located outside of Korea.

Article 6) Measures to Ensure the Security of Personal Information

The Company strives to manage users' personal information securely to prevent loss, theft, leakage, alteration, or damage, and implements necessary technical, administrative, and physical measures.

• Encryption: User personal information is encrypted for storage and management.

• Access Control: The Company implements measures for controlling access to personal information by granting, changing, and revoking access rights to the personal information processing system.  

• Establishment and Implementation of Internal Management Plan: An internal management plan is established and implemented for the secure processing of personal information.

• Storage and Prevention of Forgery/Alteration of Access Logs: Access logs (web logs, summary information, etc.) to the personal information processing system are stored and managed for at least 1 year to facilitate responses in case of infringement incidents. Security functions are used to prevent forgery, alteration, theft, or loss of access logs.

• Technical Countermeasures Against Hacking, etc.: The Company installs security programs and performs regular updates and checks to prevent personal information leakage or damage caused by hacking or computer viruses. Systems are installed in areas with restricted external access and are technically/physically monitored and blocked.

• Restriction of Access to Personal Information: Access to personal information is controlled through the management of access rights to the system that processes personal information.

Article 7) Rights of Users and Legal Representatives and How to Exercise Them

Users have the following rights regarding their personal information, which can be exercised as follows:

• How to Exercise Rights

  • View/Modify: Profile > Edit Profile

  • Membership Withdrawal: Profile > Settings > Withdraw Service

  • Users may also request the suspension of processing or deletion of their personal information through written requests, email, etc.

• The Company will not use or provide the relevant personal information until correction or deletion is completed if a request for correction or deletion of errors is made.

• A request for correction or deletion of personal information cannot be made if other laws specify that the personal information is subject to collection.

• The Company verifies the identity of the person making the request when processing requests for access, correction/deletion, or suspension of processing according to user rights.

Article 8) Data Protection Officer and Remedies for Infringement of Rights and Interests

The Company designates a Data Protection Officer (DPO) responsible for overseeing personal information processing tasks and handling user complaints and damage relief related to personal information processing.

• Data Protection Officer (DPO)

  • Name: Hyunsoo Cho

  • Title/Position: CEO

  • Contact: support@keensight.kr

• Role of the DPO: Responsible for overall personal information processing, handling related inquiries, complaints, and damage relief.  

Users may contact the DPO regarding any inquiries, complaints, or requests for damage relief related to personal information protection that arise while using the service. The Company will respond to and process user inquiries without delay.

• Institutions for Assistance Regarding Rights Infringement

  • If you need further assistance regarding the infringement of your rights, please contact the institutions below:

    • Personal Information Infringement Report Center (operated by KISA - Korea Internet & Security Agency)

      • Scope: Reporting personal information infringement, requesting consultation

      • Website: privacy.kisa.or.kr

      • Phone: 118 (no area code needed)

      • Address: 3F, 9 Jinheung-gil, Naju-si, Jeollanam-do (58324)

    • Personal Information Dispute Mediation Committee (KOPICO)

      • Scope: Applying for personal information dispute mediation, collective dispute mediation (civil resolution)

      • Website: www.kopico.go.kr

      • Phone: 1833-6972 (no area code needed)

      • Address: 4F, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul (03171)

       

    • Supreme Prosecutors' Office Cybercrime Investigation Division: 02-3480-3573 (www.spo.go.kr)

    • National Police Agency Cyber Bureau: 182 (cyberbureau.police.go.kr)

Article 9) Changes to the Privacy Policy

This Privacy Policy applies from its effective date. Should there be any additions, deletions, or corrections to the content due to changes in relevant laws, regulations, or company policy, the Company will provide notification through its website without delay.

Initial Version: January 14, 2025