Wrtn Technologies Privacy Policy

Wrtn Technologies Privacy Policy

Wrtn Technologies Inc. (hereinafter referred to as the “Company”) operates “Wrtn” and has established and is operating the following privacy policy to protect users' personal information and rights in accordance with Article 30 of the Personal Information Protection Act, and to promptly address related complaints and issues. Our Company strives to comply with and implement the responsibilities and obligations stipulated by relevant laws and regulations.

Effective Date: 2023-12-11

Article 1 (Collection and Use of Personal Information)

  1. The Company collects the minimum amount of personal information necessary for service use.
  1. The Company processes users’ personal information as follows:
    • Collection and Use of Personal Information

      The Company may collect additional personal information from users with consent to provide various services.

      • Registration and Use of Services:
      • Purpose of Collection
        • Password recovery
        • Membership registration and user identification to provide the Wrtn services
        • Inquiry and complaint handling
        • Provision and performance improvement of Wrtn AI services, including algorithm enhancements
      • Mandatory Information for Registration
        • Email
        • Name/nickname, password, email
        • Mobile phone number
        • Chat information exchanged with AI (including image and video content), service usage behavior (input information and results)
        • Social (SNS) Registration: (Kakao/Naver) name/email, (Google) name/email/profile image/locale (usage region and language), (Apple) name/email
      • Optional Information
        • Gender, age, interests, occupation
        • (Kakao/Naver) age range/gender, (Google/Apple) user-selected values
      • Retention and Use Period

        Until membership withdrawal or up to 3 years in accordance with relevant laws.

      • Marketing:
      • Purpose of Collection
        • Sending information on Wrtn and partner events and benefits, service updates, and related notifications.
      • Mandatory Information
        • Email
        • Name/nickname
      • Optional Information
        • Gender
        • Age
        • Interests
        • Occupation
      • Retention and Use Period

        Until consent withdrawal.

      • Service Operation and Management:
      • Purpose of Collection
        • Wrtn provides services to all users. However, users under 14 years of age can only use the service with the consent of a guardian (including teachers for educational purposes), and only minimal information is collected in such cases.
        • Wrtn Plugin Waitlist Registration and Related Guidance
        • Payment Card Registration and Payment Processing
      • Mandatory Information
        • Email, password
        • Name, email
        • Card number, expiration date, first two digits of the password, date of birth/business registration number, email address
      • Optional Information

        Name/nickname, interests, gender, age

      • Retention and Use Period
        • Until membership withdrawal or up to 5 years in accordance with relevant laws.
      • Processing of Personal Information Without Consent:

        The Company informs users of items that can be processed without consent and the legal grounds for such processing through email or other methods specified by the Presidential Decree.

      • Use of User Information Obtained Through Google Workspace API:

        The Company does not use or retain any user information (including personal information) obtained through the Google Workspace API to develop, improve, or train generalized artificial intelligence or machine-learning models.

Article 2 (Handling of Sensitive Information)

The Company does not collect sensitive personal information from users.

Article 3 (Handling of Personal Information for Children Under 14)

  1. When collecting personal information from children under 14, the Company obtains consent from their legal guardian and collects only the minimum personal information necessary to perform the service.
    • Purpose and Items for Collecting Personal Information from Children Under 14
    • Purpose of Collection

      Certification for usage under the guardian's guidance

    • Mandatory Information

      Email

    • Optional Information

      None

    • Retention and Use Period

      Until the period specified by relevant laws

  1. If the Company intends to use a child's personal information for promotional purposes, separate consent will be obtained from the legal guardian.
  1. When collecting personal information from children under 14, the Company may collect the minimum necessary information directly from the child without the guardian’s consent to obtain that consent.
    • The guardian’s mobile phone number is collected to confirm their consent and for consent verification.
  1. The Company verifies the validity of the guardian's consent through the following methods:
    • Displaying the consent details on an internet site and allowing the guardian to indicate consent, then confirming this consent via a text message to the guardian’s mobile phone.
    • Displaying the consent details on an internet site, allowing the guardian to indicate consent, and verifying the guardian’s identity using their credit/debit card information.
    • Displaying the consent details on an internet site, allowing the guardian to indicate consent, and confirming identity through mobile phone authentication.
    • Providing consent details on a document issued directly to the guardian, or sent via mail or fax, and having the guardian sign and return the document.
    • Sending an email with the consent details and receiving a response email from the guardian indicating consent.
    • Informing the guardian of the consent details by phone and obtaining consent during a call, followed by guidance on confirming the consent details via an internet address or other means and obtaining consent in a subsequent call.
    • Other methods equivalent to the above to notify the guardian of the consent details and confirm their consent.

Article 4 (Processing of Pseudonymized Information)

The Company processes pseudonymized information for the following purposes. Pseudonymized information refers to data that cannot identify an individual without the use or combination of additional information needed to restore it to its original state.

  • Purpose of Processing Pseudonymized Information
    • Analysis of speech data and enhancement of functionality.
  • Items Processed as Pseudonymized Information
    • Chat information exchanged with AI (including image and video content), tool usage information (input information and results).
  • Retention and Processing Period of Pseudonymized Information
    • Up to 5 years from the date of pseudonymization.
  • Provision of Pseudonymized Information to Third Parties
    • Recipients: Plugin service integration partners.
    • Purpose of Provision: Compiling statistics for providing quantity and keyword information.
    • Items Provided: Chat information exchanged with AI (including image and video content), tool usage information (input information and results).
    • Retention and Use Period: Up to 5 years from the date of collection.
  • Measures for Ensuring the Safety of Pseudonymized Information
    • The Company takes steps to ensure the safety of pseudonymized information and any additional information that could restore it to its original state (as used in this section, “additional information”).
    • Pseudonymized information and additional information are stored separately. Additional information is destroyed if it becomes unnecessary.
    • Access rights to pseudonymized information and additional information are separated and controlled, with the minimum required access rights granted. Access records are maintained.
    • The Company strictly prohibits processing pseudonymized information to identify specific individuals.
    • If information capable of identifying individuals is generated during pseudonymized data processing, the Company will immediately cease processing and retrieve or destroy the information without delay.

Article 5 (Installation/Operation of Automatic Information Collection Devices and Behavioral Information Processing)

  1. The Company uses ‘cookies’ to store and retrieve user information as needed to provide personalized services.
  1. Cookies are small pieces of information sent from the server to the user's browser and stored on the user's computer hard drive.
  1. The Company collects and uses behavioral information to provide optimized personalized services, benefits, and online advertisements during service use.
    • Purpose of Use for Automatically Collected Information
      1. Compliance with Relevant Laws: The Company is obligated to retain users' access records (login) to comply with relevant regulations.
      1. Web Usability Analysis and Improvement: Information such as visit time, service usage records, and Cookie ID is collected and retained for up to 5 years, after which it is deleted immediately.
    • Methods for Refusing Automatic Information Collection
      1. The Company collects and analyzes users' key behaviors (behavioral information) using the following analytical tools. The collected information has a low likelihood of identifying specific individuals.

        > Mixpanel

        > Google LLC

        > Airbridge

      1. Users can refuse to save cookies or collect behavioral information using the following settings:

        [Web]

        Changing cookie settings may affect the use of some services, such as automatic login.

        • Internet Explorer (Windows 10 Internet Explorer 11)
          • Select the Tools button, then select Internet Options.
          • Select the Privacy tab and click Advanced to choose to block or allow cookies.
        • Microsoft Edge
          • Click the '...' icon at the top right, then select Settings.
          • Click ‘Privacy, search, and services’ on the left, then select the level of ‘Tracking Prevention’.
          • Select whether to use "Strict" tracking prevention when browsing InPrivate.
          • Under the ‘Privacy’ section, choose whether to send "Do Not Track" requests.
        • Chrome Browser
          • Click the ‘⋮’ icon at the top right, then select Settings.
          • Click ‘Show advanced settings’ at the bottom, then click Content Settings under the Privacy section.
          • Check the box next to ‘Block third-party cookies and site data’.

        [App Settings]

        1. Android

          Settings > Privacy > Ads > Reset Advertising ID or Delete Advertising ID.

        1. iPhone

          Settings > Privacy > Tracking > Turn off ‘Allow Apps to Request to Track’.

          ※ Menu and methods may vary slightly depending on the mobile OS version.

    • Other
      1. The Company collects only the minimum behavioral information needed for online personalized advertising and does not collect sensitive behavioral information such as ideology, beliefs, family or kinship relationships, academic or medical history, or other personal information that could clearly infringe on individual rights or privacy.
      1. The Company does not collect behavioral information for personalized advertising from children known to be under 14 or primarily using services intended for those under 14 and does not provide personalized advertisements to them.
    • Inquiries and Exercise of Rights Regarding Behavioral Information

      Contact: [email protected]

Article 6 (Retention, Use Period, and Disposal of Personal Information)

The Company promptly disposes of personal information when the retention period expires, or the processing purpose is achieved.

  • User Information
    1. If a user withdraws from membership, the Company retains the following information for 30 days to prevent misuse. Personal information is stored in a non-identifiable state, making re-registration under the same ID impossible.
      • Email
    1. Inactive User Policy: User information is destroyed 5 years after the last access date.
    1. Preservation of Information by Law: Certain personal information must be preserved according to relevant legal requirements, including records on transactions, consumer complaints, disputes, and access. Retention periods vary based on the purpose, ranging from 3 months to a maximum of 5 years.
  • Mandatory Retention Periods According to Relevant Laws

    The following personal information items must be retained based on legal grounds specified by relevant laws:

    • Retention Items:

      Payment records, IP addresses, browser, and device information.

    • Retention Purposes:
      • Records related to contracts or cancellation of subscriptions.
      • Records of payment and supply of goods or services.
      • Records of consumer complaints or dispute resolution.
      • Records related to advertising and display.
      • All transaction books and supporting documents as required by tax laws.
      • Access records.
    • Legal Grounds for Retention:
      • Act on the Consumer Protection in Electronic Commerce, etc.
      • Framework Act on National Taxes.
      • Protection of Communications Secrets Act.
    • Retention Period:
      • Depending on the purpose, the retention period ranges from 3 months to a maximum of 5 years.

Article 7 (Member's Obligations)

The Company outsources certain personal information processing tasks to ensure smooth management of personal information. When entering into outsourcing contracts, the Company supervises the subcontractors to ensure they securely handle personal information in compliance with relevant laws and regulations. If the details of the outsourcing tasks or the subcontractors change, the Company will promptly inform users in advance according to legal requirements or disclose the changes through this privacy policy.

  • Details of Outsourced Personal Information Processing Tasks and Subcontractors
    1. Channel Corporation

      Task: Identity verification and complaint handling related to membership services.

    1. Kakao Corporation

      Task: Identity verification, complaint handling related to membership services, operation of Wrtn and partner events, transmission of benefits information, and service-related updates.

    1. HubSpot

      Task: Storing data within the website database.

    1. Typeform

      Task: Collecting data using forms.

    1. Stibee Corporation

      Task: Operation of Wrtn and partner events, transmission of benefits information, and service-related updates.

    1. Bucketlist Corporation

      Task: Operation of Wrtn and partner events, transmission of benefits information, and service-related updates.

    1. Google Firebase (FCM)

      Task: Transmission of information related to Wrtn and partner events and benefits.

    1. Mixpanel

      Task: Web usability analysis and improvement.

    1. Google LLC

      Task: Web usability analysis and improvement.

    1. Airbridge

      Task: Web usability analysis and improvement.

    1. Toss Payments Co., Ltd.

      Task: Payment processing for paid services.

    1. Amazon Web Services

      Task: Data storage and operation/management of IT systems.

    1. Google Cloud Platform

      Task: Data storage and operation/management of IT systems.

    1. One People (Catchsecu)

      Task: Management of personal information collected via Catchform by Catchsecu, including identity verification and electronic signature services provided through Catchform.

Article 8 (Provision of Personal Information to Third Parties)

The Company processes personal information within the scope specified in ‘Article 1: Collection and Use of Personal Information’. Personal information is provided to third parties only when the user gives prior consent or when specifically required by relevant laws.

  • Provision of Information to Third Parties Without Prior Consent in Accordance with Relevant Laws:
    1. When necessary for statistical purposes, academic research, or market research in a form that does not identify specific individuals.
    1. When requested by national institutions in accordance with relevant laws.
    1. For the purpose of criminal investigations or upon request from the Information and Communications Ethics Committee.
    1. Other cases as required by procedures specified in relevant laws.
  • Provision of Personal Information in Emergency Situations:

    In cases of emergencies such as disasters, infectious diseases, incidents or accidents that pose imminent threats to life or physical safety, or sudden property losses, personal information may be provided to relevant institutions without the user’s consent.

    Emergencies are determined based on the "Guidelines for Personal Information Processing and Protection in Emergency Situations" announced jointly by relevant government departments.

Article 9 (Transfer of Personal Information Overseas)

The Company does not provide personal information to foreign businesses. However, to fulfill contracts related to the provision of information and communication services and to enhance user convenience, the Company transfers personal information overseas for processing under the following conditions:

  • Details of Overseas Transfer of Personal Information:
  • Purpose of Transfer:
    1. Storing data within the website database
    1. Collecting data using forms
    1. Operation and transmission of information related to Wrtn and partner events and benefits
    1. Web usability analysis and improvement
    1. Data storage and IT system operation/management
  • Information Transferred:

    Name/nickname, mobile phone number, email, gender, age, interests, occupation, visit date and time, service usage records, Cookie ID, chat information exchanged with AI (including images and videos), service usage behavior (input information and results), (Kakao/Naver) name/email, (Google) name/email/profile image/locale (region and language of use), (Apple) name/email, (Kakao/Naver) age range/gender, (Google/Apple) user-selected values, job title and department, company name, contact information, email address, job title, card number, expiration date, first two digits of the password, date of birth/business registration number.

  • Transmission Time and Method:

    Data is transmitted via encrypted networks during service provision.

  • Retention Period:
    1. Until the earliest of contract termination, membership withdrawal, or up to 3 years as per relevant laws.
    1. Until the earliest of contract termination, consent withdrawal, or up to 5 years from the date of collection.
    1. Until the earliest of consent withdrawal or termination of the outsourcing contract.
  • Service Providers and Countries:
    1. HubSpot / USA
    1. Typeform / Spain
    1. Google Firebase (FCM) / USA
    1. Mixpanel / USA
    1. Google LLC / USA
    1. Google Cloud Platform / USA
  • How to Refuse the Transfer of Personal Information, Procedures, and Effects of Refusal:

    For details on users' rights and the methods of exercising them, please refer to the relevant section on user rights.

Article 10 (Measures to Ensure the Security of Personal Information)

The Company takes all necessary technical, administrative, and physical measures to securely manage users' personal information, preventing its loss, theft, leakage, alteration, or damage.

  • Minimization and Training of Personal Information Handling Staff

    The Company minimizes the number of employees who handle personal information and implements management measures by providing regular personal information protection training.

  • Establishment and Implementation of an Internal Management Plan

    An internal management plan has been established and is being implemented to ensure the secure processing of personal information.

  • Retention and Protection Against Tampering of Access Records

    The Company retains and manages access records (web logs, summary information, etc.) to personal information processing systems for at least one year to facilitate responses in case of personal information breaches. Security features are employed to prevent tampering, theft, or loss of access records.

  • Encryption of Personal Information

    Users' personal information is encrypted for secure storage and management.

  • Technical Measures Against Hacking and Other Threats

    The Company installs and regularly updates security programs to prevent the leakage and damage of personal information due to hacking, computer viruses, and other threats. Systems are installed in restricted access areas, and technical and physical surveillance and blocking measures are in place.

  • Access Control Restrictions on Personal Information

    The Company takes measures to control access to personal information by granting, changing, or deleting access rights to the personal information processing system.

Article 11 (Rights of Users and Legal Representatives and Methods of Exercise)

The Company has established the following methods to protect the rights of users (or their legal representatives) regarding their personal information.

  • User Rights and Methods of Exercise:
    1. View/Modify Information:

      Go to Profile > Settings > Account Information.

    1. Withdrawal from Membership:

      Go to Profile > Settings > Account Information > Membership Withdrawal.

    1. Refusal of Transfer of Personal Information:

      Users can refuse the transfer of their personal information by withdrawing their membership or contacting customer service.

      Effect of Refusal: Membership withdrawal and cessation of the personal information processing by the Company, especially for automatically collected information.

    1. Request to Stop Processing or Delete Personal Information:

      Users can request to stop the processing of their personal information or request deletion via written request, email, etc.

    1. Error Correction or Deletion of Personal Information:

      If users request correction or deletion of erroneous personal information, the Company will not use or provide the information until the correction or deletion is completed.

    1. Limitations on Deletion Requests:

      Requests for deletion of personal information may not be fulfilled if the information is specified as a target for collection under other legal provisions.

    1. Verification of Identity:

      When users exercise their rights to view, correct, delete, or stop the processing of their personal information, the Company will verify the identity of the requestor.

  • Rights and Methods of Exercise for Legal Representatives:
    1. Exercising Rights on Behalf of the User:

      If a legal representative or authorized agent wishes to exercise the user’s rights (view, correct, stop processing, delete), they must submit a power of attorney using the form specified in "Attachment 11 of the Personal Information Protection Act Enforcement Rules."

    1. Verification of Authorized Agents:

      The Company verifies the legitimacy of the authorized agent when responding to requests to view, correct, delete, or stop processing personal information.

Article 12 (Personal Information Protection Officer and Remedies for User Rights Infringement)

  1. The Company is responsible for overseeing personal information processing tasks and has designated the following Personal Information Protection Officer to handle user complaints and provide remedies related to personal information processing.
  1. Users have the right to request access to their personal information. The Company will strive to promptly process such requests.
    • Personal Information Protection Officer

      Name: Seyoung Lee

      Position: CEO

      Contact: [email protected]

    • Role of the Personal Information Protection Officer

      Users can contact the Personal Information Protection Officer with any inquiries, complaints, or concerns related to the protection of personal information while using the service. The Company will respond to and address user inquiries promptly.

    • Institutions for Assistance with Rights Infringement

      For detailed assistance regarding rights infringement related to personal information, users may contact the following institutions:

      1. Personal Information Infringement Report Center (operated by the Korea Internet & Security Agency)

        Role: Report and consult on personal information infringement incidents.

        Website: privacy.kisa.or.kr

        Phone: 118 (no area code)

        Address: 3rd Floor, 301-2, Jinheung-gil, Naju-si, Jeollanam-do, 58324, South Korea.

      1. Personal Information Dispute Mediation Committee

        Role: Mediation of personal information disputes and group dispute resolution (civil settlement).

        Website: www.kopico.go.kr

        Phone: 1833-6972 (no area code)

        Address: 4th Floor, Government Seoul Building, 209 Sejong-daero, Jongno-gu, Seoul, 03171, South Korea.

      1. Supreme Prosecutors' Office Cybercrime Investigation Division

        Phone: 1301 (no area code)

        Website: www.spo.go.kr

      1. Cyber Bureau of the Korean National Police Agency

        Phone: 182

        Website: cyberbureau.police.go.kr

  1. Additionally, if a user’s rights or interests are infringed due to the actions or inactions of a public institution regarding requests for access, correction, deletion, or suspension of processing of personal information, they may file an administrative appeal as outlined in the Administrative Appeals Act. For details, refer to the Central Administrative Appeals Commission at www.simpan.go.kr.

Article 13 (Changes to the Privacy Policy)

This privacy policy is effective from the date of implementation. If there are any additions, deletions, or modifications due to changes in relevant laws or internal policies, the Company will promptly notify users through the website.