Privacy Policy

BanaeU Service Privacy Policy (Effective Date: January 21, 2025)

Article 1 (Consent to the Processing of Personal Information)

Another Door Inc. (hereinafter referred to as the “Company”) obtains users’ consent to this Privacy Policy during the membership registration process. By clicking the "Agree" button, users are deemed to have fully understood and consented to the terms of this Privacy Policy.

Article 2 (Purpose)

1. Another Door Inc. (hereinafter referred to as the "Company") values the personal information of its members when providing the BanaeU Service (hereinafter referred to as the "Service") and is committed to managing it effectively and protecting it securely.

2. The Company complies with all applicable laws and regulations related to the protection of personal information, including the Act on Promotion of Information and Communications Network Utilization and Information Protection.

3. Through this Privacy Policy, the Company informs members of how their personal information is collected, used, and protected.

4. The Company makes this Privacy Policy readily accessible by posting it within the Service interface for easy reference.

5. The Company does not collect members’ personal information without prior consent and utilizes the collected data as follows:

1) Development of New Services: The Company may use the personal information provided by members to develop more useful services. When developing new services or expanding content, the Company may prioritize services and select content based on the personal information for which consent has been obtained.

2) Member Management: Personal information is used for identity verification, personal authentication, prevention of fraudulent use by unauthorized members, confirmation of membership intent, age verification, processing orders and payments, handling deliveries, verifying parental consent for the collection of personal information from children under 14, handling complaints, and delivering important notices.

3) Marketing and Advertising: Personal information is used to provide service updates, deliver event notifications, offer personalized services, display advertisements based on demographic characteristics, and compile statistics on user access frequency and service usage patterns.

Article 3 (Types of Personal Information Collected and Collection Methods)

1. The Company provides a consent process for service terms and the collection and use of personal information during membership registration. If a user selects “Agree,” it is considered that they have consented to the collection and use of their personal information.

2. The Company may collect personal information for the purpose of providing services and fulfilling contractual obligations, as outlined below:

1) BanaeU App Membership Registration

- Required Information: Email address, password (stored in an encrypted format to prevent decryption)

2) Additional Information Collected for Specific Services Within the BanaeU App

- Information for Statistical Collection (Firebase): Device model, OS version, app version, app instance ID, language and country, app activity

- Information for Member CS Processing and Management: Email

- Optional Information: Profile picture (including metadata), status message

- Information collected through data generation tools

- Information provided by partner companies

3. The Company may automatically collect information such as service usage records, access logs, cookies, access IP information, ID, and payment records during service use.

4. The Company collects personal information using the following methods:

1) Membership registration, service inquiries, event participation, delivery requests, etc.

2) Data collection tools for service usage tracking

5. The Company may collect and use access permissions from a user's mobile device during the provision of the Service. Prior notice and consent will be obtained before any access permissions are collected. Users may choose not to grant optional permissions without affecting their ability to use other features of the Service. Access permissions can be modified in the device settings.

1) Android

[Optional]

- Microphone: Used for recording and sending voice messages/videos

- Camera: Used for capturing and transmitting photos/videos, setting profile pictures and profile backgrounds

- Storage: Used for saving photos, videos, and audio files

- Notifications: Used for receiving chat messages and delivering announcements.

2) iOS

[Optional]

- Microphone: Used for recording and sending voice messages/videos

- Camera: Used for capturing, transmitting, and saving photos/videos

- Photos: Used for storing and transmitting photos/videos, setting profile pictures and profile backgrounds

Article 4 (Purpose of Collection and Use of Personal Information)

The Company utilizes the collected personal information for the following purposes:

1. Fulfillment of Service Contracts

- Providing content and other services as per the contract with the user.

2. Member Management

- Preventing fraudulent use and unauthorized access by abusive members.

- Verifying duplicate memberships and confirming membership intent.

- Retaining records for dispute resolution.

- Handling complaints and inquiries, delivering important notices.

- Confirming requests for account deletion.

3. Marketing and Advertising

- Developing new services and providing personalized services.

- Offering services and advertisements based on statistical demographics.

- Assessing service effectiveness, analyzing visit frequency, and generating statistical insights on service usage.

- Providing event participation opportunities and sending promotional information.

Article 5 (Sharing and Disclosure of Personal Information)

1. The Company uses users’ personal information only within the scope specified in Article 4 (Purpose of Collection and Use of Personal Information) and does not disclose personal information to third parties without prior consent. However, exceptions apply in the following cases:

- When the user has given prior consent to disclosure.

- When disclosure is required by law or when a lawful request is made by investigative authorities in accordance with legal procedures and methods.

2. Retention and Usage Period of Provided Information

- Personal information provided to third parties will be retained and used for up to one year after the transaction between the user and the recipient is completed.

- After the transaction ends, the information will only be retained and used to the extent necessary for financial fraud investigations, dispute resolution, complaint handling, and compliance with legal obligations.

Article 6 (Outsourcing of Personal Information Processing)

1. The Company entrusts certain personal information processing tasks to external specialized service providers to enhance its services. To ensure the security of outsourced data management, the Company establishes contracts that explicitly define compliance with personal information handling guidelines, confidentiality obligations, prohibitions on third-party disclosure, and responsibilities in case of an incident. These contracts are maintained in written form.

2. If there are any changes to the scope of outsourced tasks or the entrusted service providers, the Company will disclose such changes without delay through this Privacy Policy.

Article 7 (Retention and Usage Period of Collected Personal Information)

1. If a member withdraws from the Service or their account is deleted due to false information, the collected personal information will be permanently deleted and cannot be used for any purpose.

2. The Company notifies users in advance about the retention period of personal information and obtains individual consent when necessary. Once the retention period expires or the purpose of collection and use is achieved, the personal information is promptly destroyed. However, if preservation is required under the Company's internal policies or applicable laws, the information may be retained for the periods specified below.

Article 8 (Personal Information Destruction Procedure and Method)

1. The Company, in principle, promptly destroys personal information once the retention period expires or the purpose of collection and use is achieved.

1) Destruction Procedure:

- Personal information entered by the member for registration or other purposes is promptly destroyed once the purpose of collection and use has been fulfilled.

- Unless required by law, the collected personal information is not used for any other purpose.

2) Destruction Method:

- Printed personal information is shredded or incinerated.

- Personal information stored in electronic files is deleted using technical methods that make data recovery impossible.

Article 9 (Member Rights and How to Exercise Them)

1. Members may review, access, or modify their personal information at any time. They may also request the termination of their membership or the suspension of personal information processing. However, in such cases, access to certain or all parts of the Service may be restricted.

2. Members can directly review and modify their personal information through the [Profile] section within the Service. Additionally, they may terminate their service agreement at any time via the [Withdrawal] option, which will result in the deletion of all personal information. However, if any personal information falls under the retention requirements specified in Article 6, Clause 2 of this Privacy Policy, it may be retained for the legally mandated period.

3. If a member requests the correction or deletion of their personal information, the Company will verify the requestor’s identity and promptly take the necessary actions.

4. If a correction request is made regarding an error in personal information, the Company will not use or provide the relevant information until the correction is completed. If incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction request to ensure proper amendments are made.

5. Personal information that has been terminated or deleted at the member’s request will be handled as specified in Article 6 of this Privacy Policy and will not be accessed or used for any other purpose.

6. The rights specified in Clause 1 and Clause 2 may also be exercised by a legal representative or an authorized agent on behalf of the member. In such cases, the power of attorney must be submitted in accordance with Form No. 11 of the Enforcement Rules of the Personal Information Protection Act.

Article 10 (Technical and Managerial Measures for Personal Information Protection)

The Company takes the following technical and managerial measures to ensure the security of members' personal information and to prevent loss, theft, leakage, alteration, or damage.

1. Technical Measures

- The Company makes every effort to prevent the leakage or damage of members' personal information due to hacking, computer viruses, or other threats. To protect against data corruption, information is regularly backed up, and the latest antivirus software is used to prevent leaks or damage to user data.

- Additionally, the Company strives to implement all available technical measures to enhance the security of its systems.

2. Managerial Measures

- Access to personal information is restricted to designated personnel, and separate passwords are assigned and updated periodically to ensure security. Employees handling personal information receive regular training to reinforce compliance with this Privacy Policy.

- The Company appoints a Personal Information Protection Officer to oversee compliance with this Privacy Policy. If any issues arise, immediate corrective measures are taken. However, the Company assumes no responsibility for personal information leaks resulting from user negligence or internet-related security vulnerabilities.

Article 11 (Installation, Operation, and Rejection of Automatic Data Collection Devices)

The Company installs and operates cookies to provide users with faster web experience. Users have the option to refuse the use of cookies.

Article 12 (Linked Websites)

The Company may provide links to external websites or resources operated by other companies through the Service. In such cases, the Privacy Policy of the linked website is independent of the Company's Privacy Policy, and users are advised to review the Privacy Policy of any newly visited website.

Article 13 (Personal Information Protection Officer)

The Company designates a Personal Information Protection Officer to handle user inquiries, feedback, and complaints related to personal information.

1. Personal Information Protection Officer

1) Company: Another Door Inc.

2) Service: BanaeU

3) Name: Jinhyun Kim

4) Email: support@anotherdoor.io

2. Working Hours of the Personal Information Protection Officer

1) Weekdays: 10:00 AM – 7:00 PM (Lunch break: 1:00 PM – 2:00 PM)

2) Closed: Saturdays, Sundays, and public holidays

3. Reporting and Consultation on Personal Information Infringement

If users wish to report or consult regarding personal information breaches, they may contact the following institutions:

1) Personal Information Infringement Report Center (Website, Phone: 118)

2) Cyber Crime Investigation Division, Supreme Prosecutors’ Office (Website, Phone: +82-2-3480-2000)

3) Cybercrime Report Center, National Police Agency (Website, Phone: 112)

Article 14 (Amendments to the Privacy Policy)

1. If the Company revises this Privacy Policy, the reasons for the revision and the effective date will be specified and notified through the Service’s announcements. This notice will be provided at least seven (7) days prior to the effective date. However, if the revision includes significant changes that may affect users' rights or obligations, the Company will provide notice at least thirty (30) days in advance.

2. If the Company notifies users of changes in accordance with Clause 1 and explicitly states that failure to express objection before the effective date will be regarded as consent, users who do not explicitly express rejection will be deemed to have agreed to the changes.

3. Notwithstanding Clause 2, if the Company intends to collect additional personal information or share personal information with third parties, a separate consent procedure will be conducted with the user. This Privacy Policy is effective as of January 21, 2025.

Article 15 (Business Information)

The Company's name, address, and contact details are as follows:

- Company Name: Another Door Inc. (㈜어나더도어)

- Representative: Daewook Jung

- Address: 4th Floor, Unit 4183, 28-11 Teheran-ro 1-gil, Gangnam-gu, Seoul, South Korea

- Email: support@anotherdoor.io

- Personal Information Protection Officer: Jinhyun Kim

- Business Registration Number: 684-87-03432

- Hosting Service Provider: Amazon Web Services, Inc.

- Effective Date: January 21, 2025