Privacy Policy

Photowidget Inc. (hereinafter referred to as the “Company”) establishes and discloses the following personal information handling policy in order to protect users' personal information in accordance with Article 30 of the 「Personal Information Protection Act」 and to promptly and smoothly handle related difficulties.

The Company processes personal information for the following purposes, and the processed personal information is not used for purposes other than the following purposes. If the purpose of use is changed, necessary measures such as obtaining separate consent in accordance with Article 18 of the 「Personal Information Protection Act」 will be implemented.

In addition, the Company provides services to users over the age of 14, and if it recognizes that the personal information of children under the age of 14 has been collected, the information will be deleted without delay.

1. Personal information items to be collected and methods of collection

(1)Items of personal information to be collected

1) When registering as a member, the following information is collected.

- When using an Apple account: public profile (name), email address

*When registering as a member through external platform authentication, other personal information other than the above information is not stored.

(2)Ad identifier, visit history, device information (type, model name, OS version, APP version, device identifier, language and country), purchase information provided for in-app purchases (subscription items, subscription start/end date and time, receipt ID, etc.)

1) In the process of using the service, the following information may be collected.

- Nickname, Username, User picture, service use record, access log, defective use record, mobile device information (model name, carrier information, OS information, language and country information, APP version, device unique identification number, advertisement ID), access country information, language information, IP information, cookies, visit history

2) The Company may collect additional information when using the following customer-related services, and at this time, it can obtain consent to collect and use personal information in accordance with relevant laws.

Additional collection types Items of personal information to be collected

- When applying for customer consultation (including 1:1 inquiry)

: Answer registration email

- When the event is in progress

: Email or mobile phone number, name, date of birth, gender

- Providing customized services

: Date of birth, gender

(3)How to collect personal information

It is collected through membership registration, service use (including mobile service), member information modification, event application, provision from partner companies, customer center consultation, and generated information collection tool.

2. Purpose of collection and use of personal information

The Company uses the collected personal information for the following purposes.

(1)Implementation of contract for service provision and provision of content according to service provision

(2)Membership registration and management

Identity verification according to membership service use, personal identification, prevention of illegal use by misbehavior members and prevention of unauthorized use, confirmation of intention to join, complaint handling and customer consultation, etc.

(3) Provision of Goods or Services:

• Delivery of services and in-app purchases, content, and customized services including advertisements.
• Provision of AI image generation and transformation services.
• Provision of community features for user-generated content (AI images and prompts), including public posting and sharing with other users (e.g., views, likes, and saves).

(4)Used for marketing and statistical analysis

Development and specialization of new services (products), delivery of promotional information such as events, provision of services and advertisements according to demographic characteristics, identification of access frequency, or statistical analysis of member service use

(5)Handling difficulties

Confirmation of user's identity, confirmation of inquiry, contact for fact investigation, notification, notification of processing result

3. Period of retention and use of collected personal information

In principle, after the purpose of collecting and using personal information is achieved, the information is destroyed without delay. In case it is necessary to preserve it even after the purpose of collection and use has been achieved in accordance with the provisions of the relevant laws, the Company keeps the member information for a certain period as stipulated by the relevant laws and regulations as follows.

- Records on display/advertisement: 6 months (Act on Consumer Protection in Electronic Commerce, etc.)

- Records regarding contract or subscription withdrawal: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)

- Records on payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)

- Records on handling consumer complaints or disputes: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)

- Records of website visits: 3 months (Communications Secret Protection Act)

- If an investigation or investigation is in progress due to a violation of the relevant laws and regulations, until the inquiry or investigation is completed

- In the case of receivables and debt relationships resulting from service use, until the receivables and debt relationships are settled

- Collected user photos for use of the photo transfer function: 5 years or until the user requests deletion

- Data collected for the use of AI image services (user photos, generated images, prompts, etc.): Until account deletion or until the user requests deletion. (However, content posted to the community may be managed separately in accordance with the Service's operational policies and Terms of Use.)

4. Procedure and method of destruction of personal information

In principle, the Company destroys the information without delay after the purpose of collection and use of personal information is achieved, and the destruction procedure and method are as follows.

(1)Destruction procedure

- The information entered by the user for membership registration, etc. is stored for a certain period of time and then destroyed in accordance with the internal policy and other reasons for information protection pursuant to the relevant laws and regulations (refer to the retention and use period) after the purpose is achieved.

(2)Destruction method

- Personal information stored in electronic file format is deleted using a technical method that cannot reproduce the record.

- Personal information printed in writing is shredded with a shredder or destroyed through incineration.

5. Provision of personal information to third parties

(1)The Company processes users' personal information only within the scope specified in Article 1 (Purpose of processing personal information), and only if it falls under Articles 17 and 18 of the 「Personal Information Protection Act」 such as the consent of the information subject and special provisions of the law, the information will be provided to third parties.

(2)The Company does not provide personal information to third parties, and if provided, we will obtain consent from users.

6. Consignment of personal information processing

(1)The Company entrusts the following personal information processing tasks for smooth personal information processing.

(a) Data storage and system operation — Consignee: Amazon Web Services, Inc.; Scope of entrusted work: server hosting and CDN operation; Personal information items: all personal information collected in the course of providing the service; Time of transfer: upon entry of the information necessary to use the service; Method of transfer: stored in the AWS cloud computing environment; Retention/use period: until the end of service use, account withdrawal, or termination of the consignment contract.

(b) Service usage analysis — Consignee: Google LLC / Firebase; Scope of entrusted work: service usage analysis; Personal information items: service usage records, device information, IP address, etc.; Time of transfer: automatically collected at the time of service use; Method of transfer: encrypted data transmission; Retention/use period: until the end of service use, account withdrawal, or termination of the consignment contract.

(2)When concluding a consignment contract, the Company shall comply with Article 26 of the 「Personal Information Protection Act」 regarding responsibilities such as prohibition of processing of personal information for purposes other than the purpose of performing entrusted tasks, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the trustee, and compensation for damages. It is specified in documents such as contracts and supervised whether the trustee handles personal information safely.

(3)If the contents of the consignment work or the consignee is changed, we will disclose it through this personal information processing policy without delay.

(4) Among the personal information processing consignment above, the tasks processed overseas are as follows.

(a) Amazon Web Services, Inc. (https://aws.amazon.com/) — Date/method of transfer: transmitted over the network at the time of service use; Countries of transfer: AWS regions (United States, Republic of Korea); Items transferred: all data including the personal information collected and stored by the Company; Recipient’s purpose and retention/use period: service operation / until the end of service use, account withdrawal, or termination of the consignment contract.

(b) Google LLC / Firebase (https://firebase.google.com/) — Countries of transfer: United States and other Google cloud regions; Date/method of transfer: transmitted over the network at the time of service use; Items transferred: (1) Firebase Authentication — user account information (email, phone number, etc.); (2) Firebase Cloud Firestore / Realtime Database — user input data, app usage records; (3) Firebase Analytics — app usage logs, device information, IP address; (4) Firebase Cloud Messaging (FCM) — user identifiers related to push notifications; Recipient’s purpose and retention/use period: service operation, user data analysis, and push notification delivery / until the end of service use, account withdrawal, or termination of the consignment contract.

7. Rights and obligations of users and their legal representatives and how to exercise them

(1)Users can exercise the right to view, correct, delete, and suspend processing of personal information at any time with respect to the Company.

View personal information: Settings > My Profile

Personal information correction: Settings > My Profile > Selecting the corresponding menu

- PHOTOWIDGET service ID

- Profile picture, nickname, bio link, introduction

Delete personal information

- Profile picture, nickname, bio link, introduction: Settings > My Profile > Selecting the corresponding menu

Disable social network service (SNS/Social Media) link

- Apple: Settings > Password & Security > Apps using Apple ID > Select apps to unlink > Stop using Apple ID

(2)Users' rights may be restricted in accordance with Article 35 (4) and 37 (2) of the Personal Information Protection Act to request information access and processing suspension.

(3)The request for correction and deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws.

(4)The Company can check whether the person who made the request, such as a request for reading, correction or deletion, or request for suspension of processing, is the person or a legitimate agent according to the user's right.

(5)If the subject of the exercise of rights under Paragraph 4 is an agent (a user's legal representative or a person who has been delegated), a power of attorney in accordance with the attached form No. 11 of the "Personal Information Processing Method Notice (No. 2020-7)" must be submitted.

8. Measures to ensure the safety of personal information

The Company is taking the following measures to ensure the safety of personal information.

Administrative Measures

Establishment and implementation of internal management plan, regular employee training, regular access record inspection, consignee inspection, etc.

Technical measures

Management of access rights, installation of access control system, encryption according to internal management plan (transmission section and storage), installation of security program of personal information processing system, etc.

9. Matters concerning the installation, operation and rejection of automatic personal information collection devices

① The Company uses 'cookies' to store and retrieve usage information from time to time to provide users with individually customized services.

Cookies are a small amount of information that the server (http) used to operate the website sends to the user's computer browser and is also stored in the storage space of the user's device.

1)Purpose of use of cookies

It is used to provide optimized information and advertisements (including personalized advertisements) to users by identifying the types of visits and usage, popular search terms, and secure access to each service and website visited by the user.

2)Installation, operation and rejection of cookies

• iOS: Select “Block all cookies” in [Settings > Safari > Privacy & Security]

In case that users refuse to store cookies, they may experience difficulties in using customized services.

② The Company uses the user's advertisement identifier and analysis software to provide suitable and more useful services and advertisement services (including customized advertisements) to users.

The advertisement identifier is automatically collected when the user activates the advertisement-related function in the OS settings of the smartphone or tablet PC owned by the user. Users can opt-out of advertising identifiers from being used for interest-based advertising by changing the device's settings or by leveraging the advertising platform operator's opt-out feature.

1)Advertising platform operator

• ByteDance Ltd.
• Google LLC.
• Facebook Ireland Ltd.
• Applovin
• Mintegral
• Digital Turbine

2)Block personalized ads

• iOS: Uncheck “Personalized Ads” in [Settings > Privacy > Apple Advertising]

Analysis software is used to analyze information that is automatically generated when a user visits a website or uses a mobile service, and the user can refuse this.

• iOS: Uncheck “Allow Apps to Request to Track” in [Settings > Privacy > Tracking]

10. Changes and Notice of Privacy Policy

(1)If there is any addition, deletion or modification of the contents of this Privacy Policy, we will notify you in advance through 'Notice' or 'Notifications' at least 7 days before the revision. In addition, when a significant change in user rights occurs, such as a change in the items of personal information collected and the purpose of use, the user's consent may be obtained again.

11. Scope of application of this Privacy Policy

(1)This privacy policy applies to all services (including website and APP) provided by the Company, but if the characteristics of the service are different, a personal information handling policy specialized for each service may be applied.

(2)If users visit another company's website linked to the Company's services, or the website the users visit collect the personal information, this Privacy Policy does not apply.

(3) Precautions for Using Community Services: Users are solely responsible for any exposure of personal information (such as real names, contact information, etc.) that occurs when such information is voluntarily entered into prompts and subsequently made public through generated content in the community. Please be cautious not to enter any sensitive personal information in publicly accessible areas or input fields.

12. Personal Information Protection Officer

(1)The Company is in charge of handling personal information and has designated a person in charge of personal information protection as follows to handle complaints and damage relief related to personal information processing from users.

Jinkwon Choi, Business Division CSO Contact

(2)Users may inquire to the person in charge of personal information protection regarding personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the Company's services, and the inquiry will be answered and processed as soon as possible. However, if there is a delay due to unavoidable reasons, we will notify the user again.

If you need to report or consult on other personal information infringement, please contact the following organizations.

1. Personal Information Infringement Report Center (privacy.kisa.or.kr / ☎ 118 without area code)

2. Cyber Investigation Division, Supreme Prosecutors' Office (spo.go.kr / ☎ 1301 without area code)

3. Korean National Police Agency Cyber Bureau (cyberbureau.police.go.kr / ☎ 182 without area code)

4. Personal Information Dispute Mediation Committee (kopico.go.kr / ☎ 1833-6972 without area code)

Privacy Policy Version Number: 20260312

This Privacy Policy is effective from 12 March, 2026.