Privacy Policy

Effective Date: June 19, 2026

NadooModoo Inc. (the "Company") complies with the personal information protection regulations under applicable laws that information and communications service providers must observe, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, the Protection of Communications Secrets Act, and the Telecommunications Business Act. The Company has established this Privacy Policy in accordance with applicable laws to safeguard users' rights and interests. This Privacy Policy applies to the services provided by the Company and contains the following content.

Chapter 1. Items and Methods of Personal Information Collection

Article 1 (Items of Personal Information Collected)

The Company collects the following minimum personal information from users for purposes such as account registration, smooth user support, and the provision of various services.

  • Account registration: name, email address, password
  • In the course of using or providing services, the following information may be automatically generated or additionally collected: IP address, cookies, access logs, visit timestamps, service usage records and outputs, and records of misuse.

Article 2 (Methods of Personal Information Collection)

The Company collects personal information through the following methods.

  • Direct collection through the website
  • Automatic collection through generated-information collection tools
  • Personal information provided by a third party who has already obtained the user's consent to such processing (only when the user signs in to the Company's website through that third party's service)

Chapter 2. Purposes of Collection and Use of Personal Information

Article 3 (Performance of Service Contracts)

The Company collects users' personal information for purposes related to service provision, including delivery of content, provision of specific customized services, and identity verification.

Article 4 (Member Management)

The Company collects users' personal information for member-management purposes, including identity verification under membership services, personal identification, prevention of fraudulent or unauthorized use, confirmation of intent to subscribe, limits on subscription and number of subscriptions, record-keeping for dispute resolution, complaint handling, and delivery of notices.

Article 5 (New Service Development and Marketing/Advertising)

The Company collects users' personal information for purposes related to new service development and marketing, including development of new services and customized services, provision of services and advertisements based on demographic characteristics, verification of service effectiveness, provision of events and promotional information and opportunities to participate, analysis of access frequency, and statistics on members' service use.

Chapter 3. Provision and Outsourcing of Personal Information

Article 6 (Provision of Personal Information)

The Company uses users' personal information within the scope notified in Chapter 2 and, in principle, does not disclose users' personal information to third parties beyond that scope without the user's prior consent. However, the following cases are exceptions.

  • When users have given prior consent
  • When required by law or when an investigative agency requests the information in accordance with the procedures and methods prescribed by law for investigative purposes

Article 7 (Outsourcing of Personal Information Processing)

The Company currently does not outsource the processing of users' personal information to any external party. If outsourcing becomes necessary to improve services, the Company will give prior notice of the outsourced party and the scope of the outsourced work and will stipulate necessary matters in the outsourcing agreement so that personal information is safely managed in accordance with applicable laws.

Chapter 4. Retention and Use Period of Personal Information

In principle, users' personal information is destroyed without delay once the purpose of collection and use has been achieved. However, the following information is retained for the periods specified below for the stated reasons.

Article 8 (Retention Required by Internal Company Policy)

Information RetainedReasonRetention Period
Records of misusePrevention of misuse1 year
Inquiries and partnership communications (when separate consent has been obtained)User support handling6 months

Article 9 (Retention Required by Applicable Laws)

Where retention is required by applicable laws such as the Commercial Act and the Act on Consumer Protection in Electronic Commerce, the Company retains member information for the period prescribed by the relevant law. In such cases, the Company uses the retained information only for the purpose of its retention, and the retention periods are as follows.

Information RetainedReasonRetention Period
Records on contracts or withdrawal of offersAct on Consumer Protection in Electronic Commerce5 years
Records on consumer complaints or dispute resolutionAct on Consumer Protection in Electronic Commerce3 years
Records on display/advertisingAct on Consumer Protection in Electronic Commerce6 months
Sign-in logsProtection of Communications Secrets Act3 months

Chapter 5. Procedures and Methods for Destroying Personal Information

In principle, users' personal information is destroyed without delay once the purpose of collection and use has been achieved. The Company's procedures and methods for destroying personal information are as follows.

Article 10 (Destruction Procedures)

  • Information entered by users for purposes such as account registration is, once the purpose has been achieved, transferred to a separate database (or, in the case of paper, to a separate filing cabinet) and stored for a certain period in accordance with internal policies and the information-protection grounds under other applicable laws (see retention and use periods) before being destroyed.
  • Such personal information is not used for any purpose other than retention except as required by law.

Article 11 (Destruction Methods)

  • Personal information printed on paper is destroyed by shredding or incineration.
  • Personal information stored as electronic files is deleted using technical methods that prevent the records from being restored.

Chapter 6. Rights of Users and Legal Representatives

Article 12 (Rights and How to Exercise Them)

  • Users and their legal representatives may at any time view, modify, or request termination of their registered personal information.
  • To view, modify, or terminate the subscription (withdraw consent) of their personal information, users may, after going through the identity verification procedure on the relevant page of the Company's website, directly view, correct, or withdraw.
  • Users may exercise the rights under this Article by contacting the Company's personal information protection officer or the person in charge in writing, by phone, or by email.
  • If a user requests correction of an error in personal information, the relevant personal information will not be used or provided until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction without delay so that the correction can be made.
  • Personal information that has been terminated or deleted at the request of a user or legal representative is handled in accordance with Chapter 4 and is processed so that it cannot be viewed or used for any other purpose.

Chapter 7. Installation, Operation, and Rejection of Automatic Personal Information Collection Devices

Article 13 (Definition of Cookies)

  • The Company uses "cookies" — small pieces of information sent by the server to the user's browser — that store and frequently retrieve user information in order to provide personalized and customized services.
  • A cookie is a very small text file sent by the server operating the website to the user's browser and stored on the hard disk of the user's computer.
  • Cookies do not automatically or actively collect personally identifiable information, and users can refuse or delete the storage of cookies at any time.

Article 14 (Purposes of Cookies)

Cookies are used to identify how users visit and use each of the Company's services and websites, popular search terms, the size of the user base, and other information, in order to provide users with optimized, customized information, including advertisements.

Article 15 (Installation, Operation, and Rejection of Cookies)

  • Users have the option to install cookies. Therefore, by configuring options in the web browser, users may allow all cookies, require confirmation each time a cookie is saved, or refuse to save all cookies.
  • However, if a user refuses to save cookies, the user may experience difficulties using some of the Company's services that require sign-in.

Chapter 8. Technical, Administrative, and Physical Safeguards for Personal Information

The Company implements the following technical, administrative, and physical safeguards to ensure the safety of users' personal information so that it is not lost, stolen, leaked, altered, or damaged.

Article 16 (Establishment and Implementation of an Internal Management Plan)

The Company has established and implemented an internal management plan covering personal information protection and related matters to ensure the safe processing of personal information.

Article 17 (Password Encryption)

Member passwords are stored and managed in encrypted form so that only the individual concerned can know them, and verification and modification of personal information can be performed only by the individual who knows the password.

Article 18 (Measures Against Hacking and Similar Threats)

The Company does its utmost to prevent the leakage or damage of members' personal information due to hacking, computer viruses, and similar threats. To prepare for damage to personal information, the Company regularly backs up data, uses the latest antivirus programs to prevent users' personal information or data from being leaked or damaged, and uses encrypted communications to safely transmit personal information over the network. The Company also uses an intrusion prevention system to control unauthorized external access and strives to install all technically possible measures to secure systemic security.

Article 19 (Storage of Access Records for Breach Response)

The Company does its utmost to prevent personal information breaches. In addition, to respond to such breaches, the Company retains and manages records of access to personal information storage systems for at least six months and implements technical measures to prevent the records from being forged or altered.

Article 20 (Minimization and Training of Personal Information Handlers)

The Company limits employees who handle personal information to those in charge, assigns separate passwords for this purpose that are regularly renewed, and continually emphasizes compliance with the Privacy Policy through frequent training of such personnel.

Article 21 (Operation of a Dedicated Personal Information Protection Organization)

Through an in-house dedicated personal information protection organization, the Company verifies the implementation of this Privacy Policy and the compliance of those in charge, and strives to immediately correct any issues identified. However, the Company shall not be liable for damages not attributable to the Company, such as accidents caused by the user's own negligence or by incidents occurring outside the Company's control, even where the Company has fulfilled its personal information protection obligations.

Chapter 9. Miscellaneous

Article 22 (Personal Information Protection Officer)

You may report any privacy-related complaints arising from your use of the Company's services to the personal information protection officer or the responsible department. The Company will promptly provide sufficient responses to user reports.

ItemPersonal Information Protection Officer
Name / TitleHeeeun Lim, CTO
AffiliationNadooModoo Inc.
Emailcs@nadoomodoo.com

Article 23 (Exceptions)

This Privacy Policy does not apply to the collection of personal information by websites linked from the Company's internet services.

Article 24 (Duty to Notify)

Any additions, deletions, or modifications to the contents of this Privacy Policy will be announced through the Company's website at least seven (7) days prior to the amendment. However, in the event of material changes to user rights such as collection and use of personal information or provision to third parties, notice will be given at least thirty (30) days in advance.

Addendum: This Privacy Policy is effective from June 19, 2026.

개인정보 처리방침 | Nadoo AI