Privacy Policy
Underpin, Inc. (the “Company”) places great importance on protecting users’ personal information and complies with applicable laws and regulations, including the Personal Information Protection Act of Korea. This Privacy Policy is established and disclosed to ensure that the Company lawfully and safely processes personal information in connection with the use of the KLATOO mobile application and web-based services (the “Service”).
Article 1 (Purpose of Collection and Use of Personal Information)
The Company collects and uses personal information for the following purposes:
1. Identifying members, confirming intent to use the Service, identity verification (if necessary), and preventing fraudulent use
2. Providing and operating the Service, handling inquiries/complaints/disputes, and delivering notices
3. Analyzing Service usage records, producing statistics, providing personalized services, and improving the Service
4. Preventing violations of the Terms and policies, account theft, and fraudulent transactions
5. Processing payments and refunds, operating KUBIC transactions (transfer/assignment), and processing settlements (including fees)
6. Providing advertisements, measuring advertising effectiveness, and promoting the Service
7. (With optional consent) Providing personalized advertisements
8. (With optional consent and use) Providing location-based features and recommending location-based content/communities
Article 2 (Items of Personal Information Collected and Methods of Collection)
1. Items Collected
(1) Sign-up/Login and Account Management
- Required: account identifier, nickname, login provider identification information
- Social login info: Google/Apple identifiers, name, email, profile photo (if provided).
(2) Information Automatically Collected
- Access logs, usage history, IP address, Device info (OS, model, version), Language/Country settings, Error logs, Push tokens.
(3) Advertising/Marketing Information (IDFA/AAID).
(4) Location Information (collected only when using location-based features).
(5) Payment/Refund details.
(6) Settlement (KYC): Mobile phone ownership verification.
2. Methods of Collection: Direct input, social login, automatic generation, and customer inquiries.
Article 3 (Retention and Use Period of Personal Information)
1. Electronic Commerce: Contracts/Withdrawals (5 years), Complaints/Disputes (3 years).
2. Protection of Communications Secrets Act (Access records): 3 months.
3. Legal investigations: Until completion.
4. Membership withdrawal dispute response: 1 year.
Article 4 (Provision of Personal Information to Third Parties)
The Company does not provide personal information to third parties except with user consent or as required by law. Public profiles/posts may be disclosed to other users.
Article 5 (Entrustment of Processing of Personal Information)
The Company may entrust part of personal information processing to external service providers for Service operation, and, upon entrustment, enters into contracts and manages/supervises service providers in accordance with applicable laws.
The service providers and entrusted tasks (fixed in the main text) are as follows:
| Service Provider | Entrusted Task | Data Processed | Retention Period |
|---|---|---|---|
| Google LLC | Google Sign-In, FCM push notifications, Google Ads | Account information, advertising identifiers, push tokens | Until purpose is achieved or as required by law |
| Apple Inc. | Apple Sign-In, APNs push notifications | Apple user identifier, email address, push tokens | Until purpose is achieved or as required by law |
| Meta Platforms, Inc. | Advertising delivery and performance measurement | Advertising identifiers, event information | Until purpose is achieved or as required by law |
| Amazon Web Services, Inc. | Cloud infrastructure operation and data storage | Service operation data | Until purpose is achieved or as required by law |
| Stripe | Web payment processing | Payment identifiers, payment details | As required by law |
| Mapbox, Inc. | Map rendering and location-based features | Location coordinates, derived location-based information | Until purpose is achieved or as required by law |
Article 6 (Users’ Rights and How to Exercise Them)
Users may request access, correction, deletion, or suspension of processing via in-Service features or customer support.
Article 7 (Destruction of Personal Information)
1. Time of destruction: when the retention period expires or the processing purpose is achieved
2. Methods of destruction
- Electronic files: permanently deleted in a manner that prevents restoration
- Paper documents: shredded or incinerated
3. Where retention is required by law, information is stored separately and destroyed upon expiration of the required period.
Article 8 (Measures to Ensure Safety)
The Company implements the following measures to protect personal information:
1. Administrative measures: establishment/implementation of internal management plans and regular training
2. Technical measures: access control, encryption, security programs, and log monitoring
Article 9 (Cookies and Similar Automatic Collection Devices)
The Company may use cookies and similar devices when providing web services, and users may refuse cookie storage through browser settings.
However, refusing cookies may make it difficult to use certain personalized features.
Article 10 (Processing of Location Information)
1. The Company processes location information with the user’s consent to provide location-based features.
2. Location information is collected/used only when the user uses the relevant feature.
3. The Company may use external map services such as Mapbox to provide map and location-based functions; in such cases, location information is processed only within the scope of the purpose.
4. Users may withdraw consent to provide location information at any time.
Article 11 (Chief Privacy Officer)
Chief Privacy Officer: Taejun Kim (CEO)
Email: cs@underpin.kr
Phone: 070-7537-2017
Address: 83 Uisadang-daero, Yeongdeungpo-gu, Seoul, Republic of Korea
Article 12 (Remedies for Infringement of Rights)
Users may contact the following organizations for counseling or remedies regarding personal information infringements:
1. Personal Information Infringement Report Center (KISA): 118 (no area code)
2. Personal Information Dispute Mediation Committee: 1833-6972 (no area code)
3. Supreme Prosecutors’ Office Cyber Crime Investigation Division: 02-3480-3573
4. National Police Agency Cyber Bureau: 182
Article 13 (Changes to This Privacy Policy)
This Policy may be amended due to changes in applicable laws or Company policies. In such cases, the Company will provide prior notice through appropriate means such as in-Service notices.
Addendum
This Privacy Policy shall take effect from January 1, 2026.