Frivino (hereinafter referred to as the 'Service') complies with the Personal Information Protection Act and relevant laws to protect the freedom and rights of users, processing personal information lawfully and managing it safely. In accordance with Article 30 of the Personal Information Protection Act, we establish and disclose this Privacy Policy to guide users on the procedures and standards for processing personal information and to handle related grievances promptly and smoothly.
Article 1 (Purpose of Processing Personal Information)
The Service processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act, will be implemented.
- Membership Registration and Management: Confirmation of intention to register, identity verification for providing membership services, prevention of fraudulent use, various notices/notifications, grievance handling.
- Service Provision: Visual novel content creation, storage, posting and sharing features, customized service provision.
- Service Improvement: New service development, providing services based on demographic characteristics, grasping access frequency, or statistics on members' service usage.
Article 2 (Items of Personal Information Processed and Method of Collection)
The Service collects the following minimum personal information at the time of initial membership registration for membership registration, smooth customer consultation, and provision of various services.
1. Required Collection Items (Social Login): Social service (Kakao, Google) member unique identifier (Provider ID), Email address, Nickname, Profile picture.
2. Items automatically generated and collected during service use: IP address, cookies, service usage records, access logs, bad usage records, device info (OS, browser environment, etc.).
Article 3 (Processing and Retention Period of Personal Information)
① The Service processes and retains personal information within the retention and use period agreed upon when collecting personal information from the data subject or in accordance with the law.
② The processing and retention period for each personal information is as follows:
- Membership Registration and Management: Destroyed without delay upon the user's request to withdraw. However, records of fraudulent use are kept for 30 days from the date of withdrawal and then destroyed.
- Retention according to relevant laws:
- Login records under the Protection of Communications Secrets Act: 3 months
- Records on consumer complaints or dispute resolution under the Act on the Consumer Protection in Electronic Commerce, etc.: 3 years
Article 4 (Provision of Personal Information to Third Parties)
The Service processes the data subject's personal information only within the scope specified in Article 1, and provides personal information to third parties only when it falls under Articles 17 and 18 of the Personal Information Protection Act, such as with the consent of the data subject or special provisions of the law. Currently, the Service does not provide users' personal information to third parties.
Article 5 (Entrustment and Overseas Transfer of Personal Information Processing)
① For smooth service provision and infrastructure operation, the Service entrusts personal information processing tasks to overseas specialized companies as follows. By using the service, you are deemed to have consented to the following overseas transfer.
| Entrusted Company (Country) | Content of Task & Transfer Method | Time of Transfer & Retention Period |
|---|---|---|
| Supabase, Inc. (Mumbai Region, India) | - Purpose: Member DB management, Auth system operation, media file storage - Method: Encrypted transmission via public cloud network | Upon signup Destroyed upon withdrawal |
| Vercel, Inc. (US & Global) | - Purpose: Web service hosting, frontend deployment, and Edge Network operation - Method: Auto transmission via network | Upon service use Destroyed immediately after purpose achieved |
| Kakao Corp. (South Korea) | - Purpose: OAuth 2.0 based social login authentication - Method: Identifier encrypted transmission via API integration | Upon login Destroyed upon withdrawal |
| Google LLC (US) | - Purpose: OAuth 2.0 based social login authentication and identity verification - Method: Information transmission via API during authentication (HTTPS encryption) | Upon login Destroyed upon withdrawal |
※ Users may refuse the overseas transfer of personal information through the customer center (support@frivino.com), but in this case, service use may be restricted.
Article 6 (Rights and Obligations of Data Subjects and Methods of Exercise)
① Data subjects can exercise rights such as requesting access, correction, deletion, and suspension of processing of personal information at any time.
② The exercise of rights under Paragraph 1 can be done through the 'Settings > Withdraw' menu within the service or via email (support@frivino.com), and the Service will take action without delay.
③ If a data subject requests correction or deletion of personal information errors, the Service will not use or provide the personal information until the correction or deletion is completed.
Article 7 (Procedure and Method of Destroying Personal Information)
In principle, the Service destroys the personal information without delay when the purpose of processing has been achieved. The procedure, deadline, and method of destruction are as follows:
- Destruction Procedure: Information entered by the user is stored for a certain period according to internal policies and relevant laws after the purpose is achieved, or it is destroyed immediately.
- Destruction Method: Personal information recorded and stored in electronic file format is permanently deleted using technical methods such as Low Level Format so that the records cannot be reproduced.
Article 8 (Measures to Ensure the Safety of Personal Information)
The Service takes the following measures to ensure the safety of personal information.
- Administrative Measures: Minimization of personal information handling and access rights management.
- Technical Measures: Communication section encryption (HTTPS), database security (RLS policies), encrypted storage of critical data, cloud security architecture against hacking.
Article 9 (Installation, Operation, and Refusal of Automatic Data Collection Devices)
① The Service uses 'cookies' that store and frequently retrieve user information to provide individualized customized services.
② A cookie is a small amount of information sent to the user's computer browser by the server used to operate the website and is also stored on the hard disk within the user's PC.
- Purpose of Use of Cookies: Maintaining login sessions, security, understanding user access frequency and usage patterns.
- Installation, Operation, and Refusal of Cookies: You can refuse to save cookies by setting options in the Tools > Internet Options > Privacy menu at the top of the web browser. (However, refusing cookies may cause difficulties in using login-based services.)
Article 10 (Data Privacy Officer)
The Service is responsible for overall personal information processing tasks, and designates a Data Privacy Officer as follows for complaint handling and damage relief related to personal information processing.
Article 11 (Changes to Privacy Policy)
This Privacy Policy is applied from the effective date, and if there are additions, deletions, or corrections of changes according to laws and policies, they will be notified through the service announcement at least 7 days before the implementation of the changes.