Privacy Policy
Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes: The personal information collected is not used for purposes other than those specified below. Should the purpose of use change, the Company will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the [Personal Information Protection Act].
| Category | Purpose |
|---|---|
| Member Identification and Management |
|
| Newsletter Subscription Service |
|
| Customer Support and Complaint Handling |
|
| Advertising and Marketing |
|
| Game Publishing Partner Management |
|
| Other |
|
Article 2 (Personal Information Items Collected)
In accordance with the [Personal Information Protection Act], the Company collects and uses personal information to the minimum extent necessary to provide its services.
| Category | Purpose | Personal Information Items Collected | |
|---|---|---|---|
| Member Identification and Management | Member identification and management | Required | Email address, country |
| Use account linked with authentication provider | Required | Facebook, Google, or Apple Game Center identifiers - Unique user key, email address, name (nickname set in linked account) | |
| Game Service Usage | Required | User’s mobile and PC device information (model name, OS type and version, Android ID), gameplay and access records, authentication records, payment history, abuse/misuse history, game version, cookies | |
| Optional | ADID, IDFA | ||
| Newsletter Subscription Service | Optional | Email address ※ Items specified on the individual newsletter subscription page take precedence | |
| Customer Support and Complaint Handling | Customer support and handling of complaints | Required | Email address, user ID or game nickname, device information (device name, OS info) |
| Optional | Information necessary to confirm and respond to the inquiry | ||
| Payment/Refund Services | Required | Email address, purchase history details. For cases involving minors or persons with disabilities: legal name/family relationship, supporting documentation of disability for refund verification | |
| Advertising and Marketing | Events and promotions | Required | Mobile phone number [For prize delivery]: Name, mobile phone number, address ※ Items specified on individual event pages take precedence |
| Legal guardian consent verification | Required | Guardian’s information (mobile phone number) | |
| Tax and fee processing | Required | Personally identifiable information, copy of ID, copy of bank account (name, account number, bank name) | |
| Game Publishing Partner Management | Game publishing proposals | Required | Company (organization) name, proposer’s name, phone number, email address |
| Optional | Department, job title, website URL | ||
| Automatically Collected Information | - | IP address, cookies, service usage records, visit records, records of misuse or violations | |
Article 3 (Handling of Personal Information of Children Under the Age of 14)
① When the Company needs to process the personal information of a child under the age of 14, it obtains consent from the child’s legal guardian. ② When obtaining such consent, the Company may request only the minimum necessary information from the child, such as the legal guardian’s name and contact details.
Article 4 (Retention and Processing Period of Personal Information)
① The Company retains and processes personal information within the period required by relevant laws or the period agreed upon by the data subject at the time of collection. ② The retention and processing periods for each category of personal information are as follows:
| Category | Details | Retention Period | Legal Basis |
|---|---|---|---|
| Member Identification and Management | Member identification information | Deleted 14 days after withdrawal | Personal Information Protection Act, Article 15(1)(1) (Consent of the data subject) |
| Newsletter Subscription Service | Email address | Until the subscriber unsubscribes or the newsletter service ends | Personal Information Protection Act, Article 15(1)(1) (Consent of the data subject) |
| Customer Support and Complaint Handling | Customer support and complaint handling information | 3years | Act on the Consumer Protection in Electronic Commerce, Article 6 |
| Payment/refund-related information | 5years | ||
| Advertising and Marketing | Events and promotions | Period specified on each event page | Personal Information Protection Act, Article 15(1)(1) (Consent of the data subject) |
| Information collected for legal guardian consent | Upon completion of guardian consent ※ Retained until the purpose of collecting the child’s personal information is fulfilled, for record-keeping purposes | ||
| Tax processing | 5 years | Framework Act on National Taxes, Article 85-3; Income Tax Act, Articles 145 and 164 | |
| Consent history for receiving promotional information | 18 months | Act on Promotion of Information and Communications Network Utilization and Information Protection, Article 50 | |
| Records on display and advertising | 6 months | Act on the Consumer Protection in Electronic Commerce, Article 6 | |
| Game Publishing Partner Management | Game publishing proposal information | 1 month after review completion | Personal Information Protection Act, Article 15(1)(1) (Consent of the data subject) |
| Communication Logs (Under the Protection of Communications Secrets Act) | Internet log records and user access location data | 3 months | Protection of Communications Secrets Act, Article 15-2 |
| Other communication confirmation data | 1year |
Article 5 (Procedures and Methods for Destroying Personal Information)
① The Company promptly destroys personal information when it is no longer necessary, such as upon expiration of the retention period or fulfillment of the processing purpose. ② In addition, personal information will be immediately deleted if: - The Company no longer needs to provide app experiences or services (e.g., when the information is deemed non-essential for functionality), - A linked Social Media account is deleted, - The third-party service linked to the account requests its removal, or - Deletion is required by laws or regulations. ③ Even if the retention period consented to by the data subject has expired or the purpose of processing has been achieved, if other laws require continued retention, the relevant information will be transferred to a separate database(DB) or stored in a different location. ※ For details on the items and legal basis of personal information retained under other laws, refer to Article 4 (Retention and Processing Period of Personal Information). ④ The procedures and methods of destroying personal information are as follows: 1. Destruction Procedure The Company retains and uses personal information only for the period agreed upon and notified to the user. Once the purpose of collection and use has been fulfilled, the retention period has expired, or the member has withdrawn from the service, the Company promptly destroys the relevant personal information. For users who withdraw from the service, personal information is temporarily retained for 14 days to allow account recovery and to protect potential victims of identity theft. After this period, the information is permanently deleted using an irrecoverable method. 2. Destruction Method Personal information stored in electronic file formats is permanently deleted using methods that ensure the data cannot be recovered. Personal information recorded or stored on paper is destroyed through shredding or incineration.
Article 6 (Provision of Personal Information to Third Parties)
① The Company processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information), and provides it to third parties only with the data subject’s consent or in cases permitted by law, such as under Articles 17 and 18 of the Personal Information Protection Act. Except for such cases, personal information will not be shared with third parties. ② For the smooth provision of services, the Company may share personal information to the minimum necessary extent, with the data subject’s consent, in accordance with Article 17(1)(1) of the Personal Information Protection Act.
| Recipient | Purpose | Information Provided | Retention and Use Period |
|---|---|---|---|
| None at present. | |||
③ For information regarding the provision of personal information to overseas third parties, please refer to Article 8 (Transfer of Personal Information Overseas).
Article 7 (Outsourcing of Personal Information Processing)
① The Company outsources certain personal information processing tasks for efficient service operation. - None at present. ② When entering into an outsourcing agreement, the Company includes clauses in written contracts—pursuant to Article 26 of the Personal Information Protection Act—that prohibit the handling of personal information for purposes other than the contracted services, mandate technical and administrative safeguards, restrict subcontracting, require management and supervision of the contractor, and assign liability for damages. The Company also monitors whether the contractor is processing personal information securely. ③ In accordance with Article 26(6) of the Personal Information Protection Act, if a contractor further subcontracts the outsourced personal information processing tasks, they must obtain prior consent from the Company. ④ Any changes to the outsourced tasks or contractors will be promptly disclosed through this Privacy Policy. ⑤ For cases involving the outsourcing of personal information processing to entities outside of Korea, refer to Article 8 (Transfer of Personal Information Overseas).
Article 8 (Transfer of Personal Information Overseas)
To ensure stable game service operations, the Company may provide or outsource personal information processing to entities located outside of Korea. - None at present
Article 9 (Measures to Ensure the Security of Personal Information)
The Company takes the following measures to ensure the security and protection of personal information: ① Administrative Measures: Establishment and implementation of an internal management plan, training for employees and personnel handling personal information, operation of a dedicated personal information protection team ② Technical Measures: Access control for personal information processing systems, installation and regular updates of security software, deployment of access control systems, encryption of personally identifiable information (e.g., unique identification numbers) ③ Physical Measures: Access restrictions for data centers and storage rooms, implementation of entry and exit control procedures
Article 10 (Use of Automatic Data Collection Devices and Opt-Out Options)
[Use of Automatic Personal Information Collection Devices] ① The Company uses cookies to store and retrieve user information in order to provide personalized services and convenience. ② Cookies are small data files sent by the server used to operate the website, stored on the data subject’s PC or mobile device. ③ Users can manage their cookie settings through their browser options to allow or block cookies. However, blocking cookies may result in difficulty using some personalized services. [How to Enable/Disable Cookier] ▶ Enable or Disable Cookies by Browser - Microsoft Edge: See browser settings - Safari: See browser settings - FireFox: See browser settings - Chrome: See browser settings [Collection, Use, and Provision of Behavioral Information] ① The Company collects and uses behavioral information in an identifiable format using cookies to provide optimized services, benefits, and online targeted advertisements. ② Behavioral information is collected through the Company’s websites as follows:
| Legal Basis | Items Collected | Collection Method | Purpose | Retention Period |
|---|---|---|---|---|
| Personal Information Protection | - Website visit history | Automatically collected when visiting the website | Analysis of service usage patterns and frequency, statistical analysis, service optimization | Deleted 14 months after collection |
③ To provide more precise benefits, the Company shares behavioral information with third-party partners as shown below:
| Legal Basis | Recipient | Information Provided | Purpose | Retention Period |
|---|---|---|---|---|
| Personal Information Protection Act, Article 15(1)(1) | StoryTaco Inc. | ADID | Personalized services and benefits, online targeted advertising based on user interests | Until account deletion or consent withdrawal |
④ The Company collects only the minimum behavioral information necessary for customized services and does not collect sensitive behavioral data (e.g., political views, beliefs, academic or medical records) that could infringe upon users’ rights or privacy. ⑤ To provide better services to users, the Company utilizes Google Analytics, a web analytics tool provided by Google. In this process, the Company uses only anonymized data that does not identify individual users. Users can opt out of Google Analytics by using the Google Analytics Opt-out Browser Add-on or by adjusting their browser’s cookie settings to reject cookies. For more information on how Google uses data, please refer to the following link: - How to uses data:Go to ⑥ The Company does not collect behavioral information from users under the age of 14 for targeted advertising, nor does it provide such ads to children. ⑦ Users can opt in or out of targeted advertising via browser settings. Note that blocking cookies may affect the use of certain services. ▶ Browser-Based Opt-Out of Targeted Advertising (1) Chrome - Click the three-dot menu (︙) at the top right corner of the Chrome browser, then click "Settings." - On the settings page, click "Privacy and security" on the left-hand menu, then click "Clear browsing data" to choose whether to delete your browsing history. - Likewise, under "Privacy and security," click "Third-party cookies" to choose whether to block third-party cookies. (2) Edge - Click the three-dot menu (…) at the top right corner of the Edge browser, then select "Settings." - On the settings page, click "Privacy, search, and services" from the left-hand menu, then adjust the "Tracking prevention" options, including whether to enable it and which level to apply. - You can also choose whether to "Always use 'Strict' tracking prevention when browsing InPrivate." ⑧ The Company collects and uses advertising identifiers on mobile devices to provide personalized services, benefits, and advertisements within the app. Data subjects may allow or block personalized ads by changing the settings on their mobile device. ▶ Managing Advertising Identifiers on Mobile Devices
| AOS | iOS |
|---|---|
| ① Settings → ② Security & Privacy → ③ Privacy → ④ Advanced Privacy Settings → ⑤ Ads → ⑥ Reset or Delete Ad ID | ① Settings → ② Privacy & Security → ③ Tracking → ④ Disable App Tracking |