Collable Privacy Policy

PruitPruit (Representative: Seunghwan Lee, Service Name: Collable, hereinafter referred to as the "Company") complies with the Personal Information Protection Act and is doing its best to ensure that users' personal information is protected. Accordingly, pursuant to Article 30 of the Personal Information Protection Act, the Company establishes and discloses the following Privacy Policy to guide the procedures and standards for processing personal information and to handle grievances related thereto promptly and smoothly.

This Policy is subject to change according to changes in relevant laws and guidelines and changes in internal operation policies.

1. Purpose of Collection and Use of Personal Information

The Company collects minimum personal information of users and utilizes it only for the following purposes.

A. Member Management

- Provision of member services, personal identification, and identity verification (verification of legal representative consent for children under the age of 14), prevention of fraudulent use by rogue members and unauthorized use, and confirmation of intent to join.

B. Fulfillment of Contract for Service Provision and Settlement

- Fee settlement, purchase, and fee payment according to the provision of "Paid Services."

- Global payment processing and tax processing through payment agencies and Resellers (Merchant of Record).

- Fraud Prevention and securing transaction stability.

- Handling inquiries.

C. Service Development and Marketing Utilization

- Recommendation of customized content based on estimation of user interests and propensities, development of new services and products, provision of event information and advertising information, marketing promotions, identification of access frequency, and statistics on service usage.

2. Items of Personal Information Collected and Collection Method

The Company collects the following personal information for service provision.

A. Items Collected

1. Sign-up and Management: [Required] Email address, Password, Name, Mobile phone number / [Optional] Profile image, Company name, Job title.

2. When Paying for Paid Services:

- Credit Card Payment: Payment approval information such as card company name, card number (partial), validity period, etc.

- Bank Transfer/Deposit without Bankbook: Bank name, account number, account holder name.

- Tax Invoice Issuance: Business registration number, representative name, business address, business type/item, contact person information.

- Note: When paying through a PG company or Reseller (e.g., Paddle), the Company receives only minimal information required for order fulfillment, such as 'Payment Status' and 'Transaction ID' from the relevant company and does not store sensitive payment information (such as CVC).

3. In the Process of Service Usage: IP address, Cookies, visit date and time, service usage records, bad usage records, device information.

- IP address and device information may be collected for Fraud Detection and license management.

B. Collection Method

- Collection through homepage sign-up, service usage, payment information entry, and automatic information generation tools.

3. Matters Concerning the Processing of Personal Information of Children Under 14 Years of Age

- The Service is not provided to children under the age of 14. If it is determined that a child under the age of 14 has provided personal information, such information will be destroyed without delay.

4. Retention, Usage Period, and Destruction of Personal Information

A. The Company destroys the personal information without delay when the purpose of processing personal information constitutes achievement or upon the user's request for service termination.

B. However, if the imposition of a storage obligation for a certain period is required by relevant laws and regulations, the personal information is safely stored for that period.

- Records on contract or withdrawal of subscription, etc. (Act on the Consumer Protection in Electronic Commerce, Etc.: 5 years)

- Records on payment and supply of goods, etc. (Act on the Consumer Protection in Electronic Commerce, Etc.: 5 years)

- Records on consumer complaints or dispute handling (Act on the Consumer Protection in Electronic Commerce, Etc.: 3 years)

- Records on display/advertising (Act on the Consumer Protection in Electronic Commerce, Etc.: 6 months)

- Records on electronic financial transactions (Electronic Financial Transactions Act: 5 years)

- Service visit records (Protection of Communications Secrets Act: 3 months)

C. The methods of destroying personal information are as follows:

- Electronic file format: Safely deleted using technical methods that cannot be reproduced/restored.

- Personal information printed on paper: Destroyed by shredding or incineration.

5. Provision of Personal Information to Third Parties and Entrustment (Including International Transfer)

A. The Company does not provide the user's personal information to a third party without prior consent.

- If provision of the user's personal information is necessary, the Company notifies the user in advance of the 'Recipient of personal information, Purpose of provision, Items of personal information provided, and Retention and usage period of the recipient' and obtains separate consent.

- However, providing personal information without the customer's consent is possible if otherwise stipulated by relevant laws and regulations.

B. International Transfer of Personal Information (Global Payment Processing)

The Company transfers (provides) personal information abroad as follows for global payment processing and Tax Compliance.

- Recipient: Paddle.com Market Ltd / Paddle.com Inc

- Transferred Countries: United Kingdom (UK), United States (US)

- Purpose of Provision: Global payment agency (Merchant of Record), Fraud Prevention, Tax reporting and payment.

- Items Provided: Email address, payment information (partial card info, transaction history), IP address, country information.

- Retention and Usage Period: Until membership withdrawal or the retention period required by relevant laws and regulations.

C. Entrustment of Personal Information Processing (Domestic Vendors)

The Company entrusts personal information processing tasks to external specialized companies for service improvement as follows.

- Upon concluding an entrustment contract, the Company specifies in documents such as contracts matters regarding the prohibition of personal information processing other than for the purpose of performing entrusted tasks, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the trustee, and liability for damages, etc., in accordance with Article 26 of the 「Personal Information Protection Act」, and supervises whether the trustee processes personal information safely.

- If the contents of the entrusted task or the trustee change, the Company will disclose it without delay through this Privacy Policy.

[Details of Entrustment]

- Payment

Trustee: Toss Payments

- Mail Sending

Trustee: Google LLC, AWS SES

- Provision of Cloud IT Infrastructure

Trustee: Amazon Web Services (AWS)

※ Retention and usage period of personal information: Until membership withdrawal or termination of the entrustment contract.

※ Notices regarding personal information related to one-time or short-term entrustment will be notified separately in 'Entrustment of Personal Information Processing (One-time)'.

D. In accordance with the 'Rules on Processing and Protection of Personal Information in Emergencies' jointly announced by relevant government ministries, the Company may provide personal information to relevant agencies without the consent of the data subject in the event of an emergency such as a disaster, infectious disease, an accident causing imminent danger to life or body, or imminent property loss. For details, please check the guidelines of the Personal Information Protection Commission.

6. Rights of Users and Legal Representatives and Method of Exercise

A. Rights of Users

- Users may exercise rights such as requesting access, correction, deletion, and suspension of processing of their personal information to the Company at any time.

- However, requests for access, etc., to personal information regarding children under the age of 14 must be made directly by their legal representative. Users who are minors aged 14 or older may exercise their rights regarding their personal information themselves or through a legal representative.

7. Matters Concerning the Installation, Operation, and Refusal of Automatic Personal Information Collection Devices

The Company may collect ‘cookies’ to provide personalized services.

A. What is a Cookie?

- It is a small amount of information sent by the server used to operate the Company's website to the user's computer browser and may also be stored on the hard disk of the user's PC computer.

B. Purpose of Use of Cookies

- It is used to provide personalized services by identifying the user's tastes and interests.

- It reads the contents of cookies stored on the user's device to maintain the user's preferences and provide optimized services.

C. Installation, Operation, and Refusal of Cookies

- Users have the option to install cookies. Therefore, users may allow all cookies, go through confirmation every time they are saved, or refuse the storage of all cookies by setting options in the web browser.

- However, if the storage of cookies is refused, there may be difficulties in providing the service.

D. Remedy for User Damage

- You may inquire by referring to the contents described in Article 10 (Customer Service for Personal Information).

8. Matters Concerning Collection, Use, Provision, and Refusal of Behavioral Data

A. The Company collects and uses behavioral data to provide customized services or advertisements and a better service environment to data subjects during the service usage process.

- Items of Behavioral Data Collected

Service visit history, usage history, purchase and search history, device information, Advertising IDs (ADID/IDFA), and other online activity information.

- Method of Collecting Behavioral Data

Automatically collected and transmitted through analysis tools when a user visits the website.

- Purpose of Collecting Behavioral Data

Statistical analysis for service quality improvement, provision of customized services and benefits, and provision of online customized advertisements.

- Retention/Usage Period and Processing Method Thereafter

Destruction within a maximum of 18 months (destroyed or processed to be unviewable after the retention period).

B. The Company allows online customized advertising operators to collect and process behavioral data as follows.

- Advertising Operators Intending to Collect and Process Behavioral Data

Google

- Method of Collecting Behavioral Data

Automatically collected and transmitted through analysis tools when a user visits the website.

- Items of Behavioral Data Collected and Processed

Service visit history, usage history, access and sign-up paths, device information, Advertising IDs, and other online activity information.

- Retention and Usage Period

Destruction within a maximum of 18 months (destroyed or processed to be unviewable after the retention period).

C. The Company collects only the minimum behavioral data necessary for online customized advertising, etc., and does not collect sensitive behavioral data that may clearly infringe on individual rights, interests, or privacy, such as ideology, beliefs, family and relative relationships, academic background, medical history, or other social activity history.

D. The Company does not collect behavioral data for the purpose of customized advertising from online services whose main users are children known to be under the age of 14 or children under the age of 14, and does not provide customized advertisements to children known to be under the age of 14.

9. Measures to Ensure Safety for Personal Information Protection

The Company takes technical, administrative, and physical measures to ensure safety so that personal information is not lost, stolen, leaked, falsified, or damaged in processing customers' personal information.

A. Technical Measures

- Users' personal information is transmitted using encrypted communication channels (SSL/TLS), and important information such as passwords is stored in encrypted form.

- Measures are taken to prevent damage caused by computer viruses using antivirus software.

- Security is strictly maintained using vulnerability analysis, etc., in preparation for external intrusions such as hacking.

B. Administrative Measures

- Access rights to personal information are restricted to a minimum number of personnel. In addition, information leakage is prevented in advance through security pledges and regular training and campaigns for relevant employees.

- An internal management plan for the safe processing of personal information has been established, and internal procedures are in place to monitor implementation and employee compliance.

C. Physical Measures

- Access control to computer rooms, etc.

10. Customer Service for Personal Information

A. The Company designates the relevant department and Chief Privacy Officer (CPO) as follows to protect customers' personal information and handle complaints and inquiries related to personal information.

- Chief Privacy Officer (CPO): Seunghwan Lee

- Department in Charge: Development Team

- Inquiry Email: help@collable.co

B. If you need to report or consult on other personal information infringements, please contact the agencies below.

- Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)

- KISA Personal Information Infringement Report Center (privacy.kisa.or.kr / 118)

- Supreme Prosecutors' Office Cyber Investigation Division (www.spo.go.kr / 1301)

- Korean National Police Agency Cyber Investigation Bureau (ecrm.cyber.go.kr / 182)

11. Changes to the Privacy Policy

This Privacy Policy shall be effective from March 1, 2026.