Privacy Policy

Article 1 (Purpose)

Luvr (hereinafter referred to as the 'Services') establishes the following personal information processing policy in order to protect the information (hereinafter referred to as 'Personal Information') of individuals (hereinafter referred to as “users”) who use the services (hereinafter referred to as the “Services”) provided by the Company, in compliance with the Personal Information Protection Act, the “Information and Communications Network Act” and other related laws and regulations, and to promptly and smoothly process complaints related to personal information protection of service users.

Article 2 (Principles of Personal Information Processing)

In accordance with the laws and regulations related to personal information and this policy, the company may collect personal information of users, and the collected personal information may be provided to third parties only with the consent of the individual. However, in cases where it is legally compelled by laws and regulations, the company may provide the collected personal information of users to third parties without the prior consent of the individual.

Article 3 (Disclosure of this Policy)

1. The company discloses this policy through the home screen of the company homepage or a screen linked to the home screen so that users can easily check this policy at any time.
2. When the company discloses this policy in accordance with Paragraph 1, it uses font size, color, etc. to ensure that users can easily check this policy.

Article 4 (Changes to this Policy)

1. This policy may be revised in accordance with changes in personal information-related laws, guidelines, notices, or company service policies or content.
2. When the company revises this policy in accordance with Paragraph 1, it will notify the public in one or more of the following ways.

• Method of notifying through the 'Personal Information Handling Policy' section on the first screen of this service or the 'Notification' message on the app service navigation bar
• Method of notifying users by e-mail

3. The company will notify the notice in Paragraph 2 at least 7 days prior to the effective date of the revision of this policy. However, in the case of significant changes to user rights, it will notify at least 30 days prior.

Article 5 (Information for Membership Registration)

The company collects the following information for users to register for membership in the company's services.

1. Required information collected:Email address and password
2. Optional information collected: Profile photo

Article 6 (Information for User Authentication)

The company collects the following information for user authentication.

1. Required information collected:Email address

Article 7 (Information for checking service use and fraudulent use)

The company collects the following information for statistical analysis and checking and analyzing fraudulent use of the service by users. (Unauthorized use refers to acts of illegally or improperly receiving economic benefits such as discount coupons or event benefits provided by the company, such as repeatedly canceling a purchase after withdrawing membership, etc., acts prohibited by the Terms of Use, etc., and illegal or improper acts such as identity theft, etc.)

1. Required collection information: Access location information
2. Optional collection information: Access browser information

Article 8 (Method of collecting personal information)

The company collects users' personal information in the following ways:

1. Method in which users enter their personal information on the company's website
2. Method in which users enter their personal information through services other than the company's website, such as applications
3. Data transmitted upon membership registration

Article 9 (Use of Personal Information)

The company uses personal information in the following cases.

1. When necessary for company operation, such as delivery of notices
2. When improving services for users, such as responding to inquiries and handling complaints
3. When providing company services
4. When restricting use of members who violate laws and company terms and conditions, and preventing and sanctioning acts that interfere with the smooth operation of services, including illegal use

Article 10 (Provision of Personal Information with Prior Consent, etc.)

1. The Company may provide personal information to a third party if the user discloses it in advance or consents to the following items, despite the prohibition on providing personal information to a third party. However, even in this case, the Company will provide personal information to the minimum extent possible within the relevant laws and regulations.
2. Google Play to transmit payment information, we provide Google Member ID
3. When there is a change in the third-party provision relationship of the preceding paragraph or the third-party provision relationship is terminated, the company will notify the user and obtain consent through the same procedure.

Article 11 (Retention and Use Period of Personal Information)

1. The Company retains and uses personal information of users for the period necessary to achieve the purpose of collecting and using personal information.
2. Notwithstanding the preceding paragraph, the Company retains records of service fraud for up to one year from the time of membership withdrawal in accordance with internal policy to prevent fraudulent registration and use.

Article 12 (Retention and Use Period of Personal Information in Accordance with Laws)

The Company retains and uses personal information as follows in accordance with relevant laws.

1. Retention information and retention period in accordance with the Act on Consumer Protection in E-Commerce, etc.

• Records on contracts or cancellation of subscriptions, etc.: 5 years
• Records on payment and supply of goods, etc.: 5 years
• Records on consumer complaints or dispute resolution: 3 years
• Records on display and advertisement: 6 months

2. Information and retention period according to the Communication Secret Protection Act

• Website log records: 3 months

3. Information and retention period according to the Electronic Financial Transactions Act

• Records regarding electronic financial transactions: 5 years

4. Act on the Protection and Use of Location Information

• Records regarding personal location information: 6 months

Article 13 (Personal Information Destruction Principle)

In principle, the company When personal information is no longer needed, such as when the purpose of processing the user's personal information is achieved or the retention/use period has expired, the information is destroyed without delay.

Article 14 (Personal Information Destruction Procedure)

1. The information entered by the user for membership registration, etc. is transferred to a separate DB (in the case of paper, a separate file) after the purpose of processing personal information is achieved and stored for a certain period of time according to internal policies and other relevant laws and regulations for information protection (see retention and use period) and then destroyed.
2. The company destroys personal information for which a reason for destruction has occurred through the approval process of the personal information protection manager.

Article 15 (Method of Destruction of Personal Information)

The company deletes personal information stored in electronic file formats using a technical method that renders the records unrecoverable, and destroys personal information printed on paper by shredding or incineration.

Article 16 (Transmission of Advertising Information)

1. When the company transmits advertising information for commercial purposes using electronic transmission media, it obtains the user's explicit prior consent. However, prior consent is not obtained in any of the following cases:

• If the company collects contact information directly from the recipient through a transaction relationship for goods, etc., and intends to transmit advertising information for commercial purposes about goods, etc. of the same type as those processed and transacted with the recipient within 6 months from the date of the end of the transaction
• If a telephone solicitation salesperson in accordance with the 「Door-to-Door Sales, etc. Act」 notifies the recipient of the source of personal information collection through voice and makes telephone solicitations

2. Notwithstanding the preceding paragraph, if the recipient expresses an intention to refuse to receive or withdraws prior consent, the company will not transmit advertising information for commercial purposes and will notify the recipient of the results of the processing of the refusal to receive and withdrawal of consent to receive.
3. In the event that the Company transmits advertising information for commercial purposes using electronic transmission media between 9:00 PM and 8:00 AM the following day, the Company shall obtain separate prior consent from the recipient, notwithstanding Paragraph 1.
4. In the event that the Company transmits advertising information for commercial purposes using electronic transmission media, the Company shall specifically state the following in the advertising information:

• Company name and contact information
• Indication of intent to refuse receipt or withdraw consent to receive

5. In the event that the Company transmits advertising information for commercial purposes using electronic transmission media, the Company shall not take any of the following measures:

• Measures to avoid or interfere with the refusal or withdrawal of consent of the recipient of advertising information
• Measures to automatically create the recipient's contact information, such as a phone number or e-mail address, by combining numbers, symbols or letters
• Measures to automatically register a phone number or e-mail address for the purpose of transmitting advertising information for commercial purposes
• Various measures to conceal the identity of the sender of advertising information or the source of the advertisement transmission
• Various measures to deceive the recipient and induce a response for the purpose of transmitting advertising information for commercial purposes

Article 17 (Protection of Personal Information of Minors)

1. The company does not allow membership registration by minors and children under the age of 18.
2. By restricting the use of the Google Play platform to those over 18, it is fundamentally impossible for minors to download apps and register as members.
3. Nevertheless, we are not responsible for any problems that arise from minors stealing the smartphones of users who have registered as members over 18.

Article 18 (Change of Personal Information, etc.)

1. Users may request the Company to correct errors in their personal information through the methods set forth in the preceding article.
2. In the case of the preceding paragraph, the Company shall not use or provide personal information until the correction of personal information is completed, and if incorrect personal information has already been provided to a third party, the Company shall promptly notify the third party of the results of the correction process to ensure that the correction is made.

Article 19 (User Obligations)

1. Users must keep their personal information up to date, and users are responsible for any problems that arise from incorrect information input.
2. If you sign up using someone else's personal information, you may lose your user status or be punished under the relevant personal information protection laws.
3. Users are responsible for maintaining the security of their email addresses, passwords, etc., and cannot transfer or lend them to third parties.

Article 20 (Company's Personal Information Management)

When processing users' personal information, the company implements necessary technical and administrative protection measures to ensure the safety of personal information so that it is not lost, stolen, leaked, altered, or damaged.

Article 21 (Processing of Deleted Information)

The company processes personal information that has been terminated or deleted at the request of the user or legal representative in accordance with the “Retention and Use Period of Personal Information” collected by the company, and processes it so that it cannot be viewed or used for any other purpose.

Article 22 (Encryption of Password)

Users' passwords are stored and managed in one-way encryption, and personal information can only be confirmed or changed by the person who knows the password.

Article 23 (Countermeasures against hacking, etc.)

1. The company is doing its best to prevent users' personal information from being leaked or damaged by hacking, computer viruses, or other intrusions into the information and communications network.
2. The company is using the latest antivirus programs to prevent users' personal information or data from being leaked or damaged.
3. The company is doing its best to ensure security by using an intrusion prevention system in preparation for emergencies.
4. The company is ensuring that sensitive personal information (if collected and held) can be safely transmitted over the network through encrypted communication, etc.

Article 24 (Minimization and Education of Personal Information Processing)

The company limits the number of people in charge of personal information processing to a minimum and emphasizes compliance with laws and internal policies through management measures such as education of personal information processors.

Article 25 (Measures against personal information leaks, etc.)

When the company learns of loss, theft, or leak of personal information (hereinafter referred to as “leakage, etc.”), it shall promptly notify the relevant user of all of the following matters and report it to the Korea Communications Commission or the Korea Internet & Security Agency.

1. Personal information items that have been leaked, etc.
2. Time of leak, etc.
3. Actions that users can take
4. Response measures by information and communication service providers, etc.
5. Departments and contact information where users can receive consultations, etc.

Article 26 (Exceptions to measures for personal information leaks, etc.)

Notwithstanding the preceding article, if there is a justifiable reason such as the company being unable to know the user's contact information, the company may take measures in lieu of the notification in the preceding article by posting it on the company's homepage for 30 days or more.

Article 27 (Matters related to the installation, operation, and rejection of automatic personal information collection devices)

1. The company uses automatic personal information collection devices (hereinafter referred to as 'cookies') to store and retrieve usage information from time to time in order to provide customized services to users. Cookies are small amounts of information that the server (http) used to operate the website sends to the user's web browser (including PCs and mobile devices) and are also stored in the user's storage space.
2. Users have the option to install cookies. Therefore, users can allow all cookies, confirm each time a cookie is saved, or reject the storage of all cookies by setting options in the web browser.
3. However, if you refuse to store cookies, you may have difficulty using some of the company's services that require sign in.

Article 28 (Method of specifying cookie installation permission)

You can set cookie permission, cookie blocking, etc. through the web browser option settings.

1. Edge: Settings menu in the upper right corner of the web browser > Cookies and site permissions > Manage and delete cookies and site data
2. Chrome: Settings menu in the upper right corner of the web browser > Privacy and security > Cookies and other site data

Article 29 (Designation of the company's personal information protection officer)

• In order to protect users' personal information and handle complaints related to personal information, the company has designated the following departments and personal information protection officers.

1. Data Protection Officer

• Name: Ted Kim
• Position: CTO
• Phone: +82-7088576265
• Email: ex.friend.ai@gmail.com

2. Personal Information Protection Officer

• Department in Charge: Management Support Team
• Name of Person in Charge: Ted Kim
• Phone Number: +82-7088576265
• Email: ex.friend.ai@gmail.com

Article 30 (Remedy for infringement of rights)

1. In order to receive relief for personal information infringement, the data subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center of each country, etc.
2. The company guarantees the data subject's right to self-determination of personal information and strives to provide consultation and relief for damages due to personal information infringement. If you need to report or consult, please contact the department in charge of Paragraph 1.
3. A person whose rights or interests have been infringed upon in accordance with the provisions of Article 35 (Access to Personal Information), Article 36 (Correction/Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information, etc.) of the Personal Information Protection Act may request an administrative appeal based on the administrative law of the country of residence.

Request for deletion of personal information

Article 31 (Method of deleting personal information)

Currently, complete deletion of user information from the system of this service is not possible through software automation.

Article 32 (Request for deletion of personal information)

If you wish to completely delete your personal information in accordance with the laws and policies related to personal information, please send an email to the person in charge of handling personal information ex.friend.ai@gmail.com with the email address you registered with (email ID in the case of Google or Facebook) and the subject line of the email “ Request for deletion of personal information ”".

Supplementary Provisions

Article 1 This policy will be implemented from 2025.05.03.