Providing Aico (the "Service"), ReturnZero (the "Company") considers the protection of the user’s personal data very important and in order to comply with relevant laws, such as the "Act on Promotion of Information and Communications Network Utilization and Information Protection," and the "Personal data Protection Act," the Privacy policy (hereinafter "the policy") is enacted and complied with.
This privacy policy can be revised due to changes in related laws and guidelines or changes in the company's internal operation policy. Having any inquiries regarding the current policy, you can provide feedback through the customer inquiry channel on our service’s website or company’s website.
1. Items of personal data collected and purposes of use
- The company collects the following minimum amount of personal data in order to provide the service.
- The company aims to verify the user's willingness to sign up for a membership, verify identity, personal identification, limit the number of subscriptions, confirm the consent of the legal representative when collecting personal information for children under the age of 14, verify the legal representative's identity later, confirm the intention to withdraw from the membership, etc. When signing up for a membership, the company collects and processes your name, email address, and password.
- The company collects the name and e-mail address of the legal representative in the process of confirming whether or not the legal representative agrees when registering for a user under the age of 14.
- The company collects Client IDs for user analysis and service improvement purposes. Client IDs are anonymous IDs used to identify devices in which programs installed cannot be used for personal identification purposes.
- For the purpose of service consultation to provide better services, the company collects the minimum amount of personal data, such as e-mail address, to identify and reply to customer inquiries. Customers can also send error data that occurred during the use of the service to the company for a more accurate error diagnosis. This is not a mandatory collection and the company does not use the personal data for any purposes other than those specified below.
- To provide speech analytics service, the company collects audio information files only from those who wish to use the service. In this case, the audio file may contain unstructured personal data that can identify a specific individual. The company processes the information only for speech analytics and caption file creation purposes applied by the user. The information is deleted within 24 hours of completion of speech analytics and caption file creation.
- The company collects payment information (credit card information, personal identification information) only from those who wish to make a payment for the paid services. The collection and processing of payment information are carried out by the payment agency, and the company does not store any specific information about the user's payment method.
- In addition, during the user's use of the service or business processing, the company can collect automatically generated information such as use of service records, OS types and versions, connection logs, advertisement identification information, and terminal information, also, the company can use this formation for user analysis and service improvement purposes.
2. Methods of collection of personal data
The company collects personal data specified in Article 1 of this policy in the following ways to provide a smooth delivery of the service.
- Collection upon members signing up and entering the data directly through the membership page in the mobile application or desktop program
- Collection during installation and use of the service. Collection by generated information collection tools (including cookies).
- Collection through voluntary provision by members during use, etc.
3. Retention and use period of personal data
- The company basically destroys the personal data of the users without delay after the purposes of use and collection are achieved. However, if preservation of the contents is necessary under the relevant laws, such as the "Protection of Communications Secrets Act," these will be preserved during that period. In this case, the company uses this information for preservation purposes only.
- Notwithstanding paragraph 1, if there is a need to preserve it in accordance with relevant laws such as the 「Communication Secret Protection Act」, it will be preserved for that period. In this case, the company uses the information it keeps for the purpose of storage only.
- personal data history processed to comply with the obligations provided in other laws can be kept for the period of time to prove its responsibility.
4. Consignment of personal data processing
In order to improve services, the company consigns the members' personal data to external businesses after obtaining the consent of the users in accordance with the relevant laws or after disclosing or notifying the relevant subject. The company enters into a consignment contract with a document containing the contents of each subparagraph of Article 26 (1) of the Personal Information Protection Act and supervises the consignee to ensure that personal information is processed safely. Current information regarding the consignee and their tasks are as follows.
Type | Consignee | Consigned tasks |
Service usage analytics | Amazon Web Services, Inc. | Manage original footage and project-related files for speech analysis, subtitle extraction, and link creation and operation for sharing |
Service usage analytics | Amplitude | Statistical analysis |
Payments | Paddle | Payment gateways |
Using the API | Google LLC | Account system usage and user analytics |
Using the API | Channel Corp. | Using the user support system |
Using the API | OpenAI | Generate and summarize text based on given information |
Using the API | Supabase | Use of Personal Information Processing Systems |
The service does not provide personal information to overseas business operators. However, for the fulfillment of contracts related to the provision of information and communication services and user convenience, the company entrusts personal information processing tasks to overseas entities as follows:
Name | Location | Time and method | Transfer purpose | Contact information | Consigned items |
Amazon Web Services, Inc. | USA | Transmitted through servers from time to time when using the Service | Provide a service operating environment and archive data | Aws-korea-privacy@amazon.com
| ID (email address), name, password, profile information (nickname/profile photo), device information (device model, OS, device ID), IP address, cookie, service access date and time, service usage history, bad service usage history, video file, audio file, file attributes (name (file name) / playback period (length) / last modified date) |
Amplitude, Inc. | USA | Transmitted through servers from time to time when using the Service | Analyze user service usage data | privacy@amplitude.com | User identifier, date and time of visit, service usage history, device information, etc. |
Paddle
| UK | Transmitted through servers from time to time when using the Service | Payments | privacy@paddle.com | ID (email address) |
OpenAI, LLC
| USA | Transmitted through servers from time to time when using the Service | Content summaries | info@openai.com
| Video Audio |
Supabase | USA | Transmitted through servers from time to time when using the Service | Provide a service operating environment and archive data | support@supabase.com | ID (email address), name, password, profile information (nickname/profile photo), device information (device model, OS, device ID), IP address, cookie, service access date and time, service usage history, bad service usage history, video file, audio file, file attributes (name (file name) / playback period (length) / last modified date) |
The service uses a third-party AI platform (Open AI) to summarize content and generate shorts, and extracts only audio information from users' YouTube videos and shares it with the third-party platform.
5. Provision of personal data to a third party
- The company uses the user's personal data within the scope as notified by Article 1 and does not use it beyond that scope or provide to other companies or organizations. However, exceptions are made in the following cases.
- In case the investigation agencies request the provision of personal data according to the procedure and method prescribed by the relevant law for investigation purposes
- In case it is provided to advertisers, business partners or research groups, in a form that an individual cannot be identified, for statistical purposes, academic research or market research
- In case there is a request in accordance with the provisions of other relevant laws
- Besides, in the event that personal data is required to be provided to a third party, it can be provided to the third party with the user's consent by notifying the purpose of collection and use, collected items, and retention period.
6. Process and method of destruction of personal data
The company basically destroys the information immediately after the purpose of collecting and using personal data is achieved. Specific destruction procedures and methods are as follows.
- Procedure of destruction
Personal data collected by the company shall be preserved for the period specified in this Agreement and other related laws and destroyed after the purpose of the collection has been achieved. Such personal data will not be used for purposes other than the agreed retention purpose unless it is provided by law.
- Methods of destruction
- personal data printed on paper is shredded with a shredder or destroyed through incineration.
- personal data stored in electronic file format is deleted by a technical method that does not allow reproduction of the same.
7. Rights and obligations of the user
- A user (if younger than 14 years of then his or her legal representative) shall have the right to access or request a modification of his/her registered personal data at any time and may withdraw consent to the use of his/her personal data notifying to the company. However, the email address of the member entered at the time of registration cannot be modified.
- The user has a duty to protect the user's personal data and not to infringe that of others. Please be careful not to leak personal data, such as e-mail address, and not to infringe others personal data.
- The user shall always keep his/her personal data up to date and is also responsible for any problems caused by entering any incorrect information.
8. Protection of personal data for overseas users
The company's service is provided and operated in accordance with the Korean statutes and this personal data processing policy is based on the personal data processing policy written in Korean which is the original copy. This policy may be translated into English and Japanese, and if there is any contradiction between the translated version and the Korean version, the Korean version will take precedence. The company complies with the personal data protection regulations applicable to the user's jurisdiction and the laws of each country.
9. Operation of automatic collecting device for personal data and Rights of option
- The company operates cookies on the service website. Cookies identify your browser and are used to provide useful and convenient services, such as usage patterns analysis, to the user.
- The user has the right of option regarding the installation and use cookies. Through options settings in the web browser, the user can permit saving all cookies, each time verifies whether cookies are saved, or refuse the storage of all cookies. Refusal to the storage of cookies may restrict the use of some services.
- Google Analytics
- The Company aims to provide better service to its customers. Google, Inc. Improve and personalize services and products by analyzing and evaluating how customers use the company's services and understanding customer needs using Google Analytics (hereinafter referred to as "GA"), a web analytics service provided by (Google). To provide efficient services.
- GA analyzes the user's service usage method using'cookies', which are text files stored on mobile or desktop devices. The use of GA can be denied through the setting of the web browser or program.
- In order to analyze cookie information, Google transmits 'cookie' information without personal identification possibility to Google servers in the United States. For more information about Google's processing of information, please visit www.google/com/analytics/learn/privacy.html.
11. Technical/Administrative protection measures for personal data
The company has prepared the following technical/Administrative measures to ensure that personal data is not lost, stolen, leaked, tampered with or damaged while processing it.
- Technical protection
- To prevent leakage or damage to the users' personal data by hacking or computer viruses, the company enables secure transmission of personal data on the network through encrypted communication.
- The firewall prevents unauthorized access from outside and all possible technical devices are installed to ensure systematic security.
- The company double stores the information of the members collected at the time of signing up in the database of AWS and Firebase.
- Administrative protection
- The company designates management of personal data only to those in charge, and through frequent education, the company always emphasizes compliance with the personal data protection policy.
- To immediately solve any problems detected, implementation of the policy and compliance of the person in charge is checked through the company’s personal data protection organization.
- The company will not take responsibility for problems related to personal data caused by any mistakes of an individual or third parties without reasons attributable to the company.
- Chief Privacy Officer
The company does its best to provide the best service by using personal data safely. However, the company is not liable for damage to information due to unexpected accidents caused by hacking or other basic risks in networking, despite the company has taken technical complementary measures, and does not take responsibilities for disputes caused by users and third-party postings.
Information about the Chief Privacy Officer is as follows. We are rapidly and fully responding to inquiries regarding personal data.
Name | Hyungjun Moon |
Team | Privacy Team |
E-Mail | |
Tel. | +82 (02) 555-1271 |
If you need to report or consult for infringement of personal data, please contact the following organizations.
- KISA (privacy.kisa.or.kr / without area code 118)
- Internet Crime Investigation Center in the Supreme Prosecutors' Office (www.spo.go.kr / without area code 1301)
- Korean National Police Agency Cyber Bureau (cyberbureau.police.go.kr / without area code 182)
End of Document