Privacy Policy

1. Personal Information Collected

The Company collects the following personal information to provide its Services:

• Name
• Email address
• Login information (ID, Password)
• Service usage records (IP address, login time, access time, etc.)
• (When using social login) Email, name, and profile picture provided by Google/Facebook and other social login providers

2. Purpose of Processing Personal Information

Collected personal information is used for the following purposes:

• Customer support and inquiries (responses, error handling, etc.)
• User account management and authentication for service use
• Management of "My Information/Profile" features within the Services
• Service security and detection of abnormal activity

3. Retention and Processing Period

Personal information is retained and used in principle until the termination of service use, and is destroyed after the retention period required by relevant laws has expired.

• Records on contracts or withdrawal of offers: 5 years
• Records on payment and supply of goods, etc.: 5 years
• Records on consumer complaints or dispute resolution: 3 years
• Records on advertisements: 6 months

(Source: Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce, etc., Article 6)

4. Provision of Personal Information to Third Parties

The Company does not provide users' personal information to external parties, except in the following cases:

• When the user has given prior consent
• When required by law

※ Social login does not constitute "provision to third parties" but rather collection from third parties. (Through the OAuth consent screen, Google/Facebook provide email, name, and profile picture to the Company.)

5. Outsourcing of Personal Information Processing

For stable service provision, the Company entrusts certain tasks to external service providers, as follows:

• Amazon Web Services (AWS): Database operation, backup and recovery, security management
• Supabase: Authentication and data management
• Paddle: Payment processing (Merchant of Record)

6. Procedures and Methods for Destruction of Personal Information

When the retention period has expired or the purpose of processing has been achieved, the Company destroys the information without delay.

• Electronic files: Deleted permanently by overwriting to prevent recovery
• Paper documents: Destroyed by shredding or incineration

7. Rights and Obligations of Data Subjects and Exercise Methods

Users may exercise the following rights at any time:

• Right to request access to personal information
• Right to request correction or deletion
• Right to request suspension of processing (use/provision)
• Right to withdraw consent
• Right to refuse consent to provision to third parties
• Right to claim damages

How to Exercise Rights

Email: jinyong.kim@chainshift.co

Mail: Attn: Privacy Officer, 4F, 8-gil Teheran-ro, Gangnam-gu, Seoul, Republic of Korea (Postal Code 06148)

Requests will be processed within 10 days of receipt and are free of charge. If dissatisfied, users may file an objection within 14 days.

8. Personal Information Protection Officer and Contact

• Privacy Officer: Chief Technology Officer (CTO)
• Privacy Manager: Development Team
• Contact: jinyong.kim@chainshift.co

9. Measures to Ensure the Security of Personal Information

The Company takes the following technical and administrative measures to protect personal information:

• Access rights management and access control
• Encryption of passwords and other sensitive data
• Retention and management of access logs for at least 6 months
• Data backup and disaster recovery systems

10. Overseas Transfer of Personal Information

In the course of service operation, personal information may be stored on overseas cloud servers (e.g., AWS, Supabase). In such cases, the Company implements necessary safeguards in accordance with Article 29 of the Personal Information Protection Act of Korea to ensure the security of personal information.