Privacy Policy

Inabooth Inc. ("Inabooth," "we," "us," or "our") complies with the Personal Information Protection Act and other applicable laws to protect the freedoms and rights of data subjects, and lawfully processes and securely manages personal information. In accordance with Article 30 of the Personal Information Protection Act, we establish and publish this Privacy Policy to inform data subjects of our procedures and standards for processing personal information and to handle related grievances promptly and smoothly.

1. Purposes of Collection and Use, Items Collected, and Retention Periods

Inabooth processes personal information only within the scope of the purposes of collection and use stated below.

Service	Purpose of Collection and Use	Items Collected	Retention and Use Period
Membership registration and management; service provision	Confirm membership intent, identify and authenticate users for member services, verify age, maintain and manage membership, provide services, prevent unauthorized service use, verify legal guardian consent for children under 14, send notices and notifications, handle grievances	[Required] Name, nickname, date of birth, mobile phone number, email address, ID, password, gender, DI (duplicate registration verification information), CI (encrypted personal identification information), service usage records, information collected through automatic personal information collection tools, device information (OS/screen size, device ID), [for users under 14] guardian information (name, date of birth, gender, mobile phone number, CI, DI)	Until membership withdrawal. However, if an investigation or inquiry related to a violation of applicable law is ongoing after withdrawal, until the investigation or inquiry is completed
Payment services	Send contracts and invoices, process and settle payments, collect debts	[Required] Name, date of birth, credit card information (card number, password, expiration date), bank account information (bank name, account number), email address	Until goods/services are supplied and payment/settlement is completed. However, retained as required by statutory retention periods
Tax invoice issuance	Issue tax invoices	[Optional] Tax invoice recipient information: name (individual or corporation), business address, email, contact person's mobile phone number, business registration number	Until membership withdrawal. However, retained as required by statutory retention periods
Performance statistics and new service development	Compile product/service usage statistics and develop new services	[Required] Automatically generated information and service usage records created during service use, posts or other content written by the data subject, device information (OS/screen size, device ID), IP address, information collected through automatic personal information collection tools	Until consent withdrawal or membership withdrawal. However, retained as required by statutory retention periods
Error and inconvenience reports	Verify reporter, identify and resolve the cause of the reported matter, reply to reports	[Required] Name, ID, mobile phone number	Until membership withdrawal. However, retained as required by statutory retention periods
Customer inquiries	Verify requester and respond to inquiries	[Required] Name, email address, mobile phone number, order number, inquiry details	Until membership withdrawal
Events	Event entry/winner management, prize delivery	[Optional] Name, address, mobile phone number, ID, email address	Until consent withdrawal or membership withdrawal
Personalized services	Provide customer-personalized services	[Required] Name, ID, mobile phone number, service usage history (app usage history, search history, abusive-use records, access logs), IP address, advertising identifier	Until membership withdrawal. However, retained as required by statutory retention periods
Promotion and marketing	Provide personalized advertising and marketing information	[Optional] ID, password, name, email address, mobile phone number, service usage history (app usage history, search history, abusive-use records, access logs), information collected through automatic personal information collection tools, IP address, advertising identifier	Until consent withdrawal or membership withdrawal
SNS performance analysis and information provision	Disclose, within the service platform, follower/subscriber counts and post performance metrics from SNS accounts connected by the member (Instagram, YouTube, Facebook, X, TikTok), or information generated by Inabooth through analysis and processing of such metrics. (Not shared or transmitted to third parties outside Inabooth.)	[Optional] YouTube: account ID, user name, channel name, channel description, custom URL, subscriber count (including public/private status), total views, number of videos, recent monthly uploads, OAuth tokens (Access/Refresh Token) for data updates. Instagram: account ID, user name, follower and following counts, total media count, account-level reach and impression metrics, likes/comments/views/reach metrics for individual media, recent monthly content count, OAuth tokens (Access/Refresh Token) for data updates. Facebook: account ID, page user name, follower count, page reach and impression metrics by period (daily/weekly/28-day, unique reach), recent post reaction totals, recent monthly post count, OAuth tokens (Access/Refresh Token) for data updates. X (Twitter): account ID, user name, profile description, location, verified status, follower and following counts, tweet count, listed count, recent monthly tweet count, OAuth tokens (Access/Refresh Token) for data updates. TikTok: account ID, user name, display name, verified status, follower and following counts, total likes, video count, recent monthly video count, OAuth tokens (Access/Refresh Token) for data updates.	Until consent withdrawal or membership withdrawal

Information retained for a certain period under statutory retention obligations is destroyed after the applicable period below.

Legal Basis	Retained Items	Retention Period
Article 6 of the Act on the Consumer Protection in Electronic Commerce, Etc. and Article 6(1) of its Enforcement Decree	Records of contracts or withdrawal of offers, payments, and supply of goods, etc.	5 years
Article 6 of the Act on the Consumer Protection in Electronic Commerce, Etc. and Article 6(1) of its Enforcement Decree	Records of consumer complaints or dispute handling	3 years
Article 6 of the Act on the Consumer Protection in Electronic Commerce, Etc. and Article 6(1) of its Enforcement Decree	Records of labeling/advertising	6 months
Framework Act on National Taxes	Books and evidentiary documents concerning all transactions prescribed by tax laws	5 years
Article 22(1) of the Electronic Financial Transactions Act and Article 12(1) of its Enforcement Decree	Electronic financial transaction records	5 years
Article 15-2 of the Protection of Communications Secrets Act and Article 41(2)2 of its Enforcement Decree	Service visit records	3 months
Article 20(2) of the Credit Information Use and Protection Act	Records concerning collection, processing, and use of credit information	3 years

2. Methods of Collection and Consent

A. Inabooth collects personal information through methods such as direct provision by the data subject, acquisition of information generated during service use, and acquisition from external platform providers where the member has consented to Inabooth's collection of SNS activity information.

B. When collecting and using personal information based on consent, Inabooth provides procedures by which the data subject may indicate agreement or disagreement to the "collection and use of personal information," such as by checking a box, pressing a button, or using an equivalent method.

C. Data subjects have the right to refuse consent to the collection and use of personal information and will not suffer disadvantage for refusing consent. However, depending on the case, service use may be unavailable or service provision may be restricted.

3. Processing Personal Information of Children Under 14

A. When Inabooth collects personal information from children under 14, it obtains consent from their legal guardian. For this purpose, Inabooth collects the following information about the legal guardian.

[Required] Legal guardian's name, relationship, and contact information

B. If Inabooth collects a child's personal information for service-related promotions, it obtains separate consent from the legal guardian.

C. When collecting personal information from children under 14, Inabooth may request the minimum information necessary from the child, such as the legal guardian's name, relationship, and contact information, and verifies lawful guardian consent by one of the following methods.

Posting the consent details on a website, having the legal guardian indicate consent, and notifying the guardian by mobile text message that the indication has been confirmed
Posting the consent details on a website, having the legal guardian indicate consent, and verifying identity by receiving credit/debit card information or similar card information from the guardian
Posting the consent details on a website, having the legal guardian indicate consent, and verifying identity through mobile phone identity verification or similar method
Providing a written document containing the consent details directly, by mail, or by fax, and receiving the guardian's signed/sealed submission
Sending an email containing the consent details and receiving an email from the guardian expressing consent
Informing the guardian of the consent details by telephone and obtaining consent, or providing a method such as an internet address for confirming the consent details and obtaining consent through a follow-up telephone call
Any other method equivalent to the above that informs the legal guardian of the consent details and confirms the expression of consent

4. Provision of Personal Information to Third Parties

A. Inabooth provides personal information to third parties only where applicable under Articles 17 and 18 of the Personal Information Protection Act, such as with consent from the data subject or under special provisions of law. Otherwise, Inabooth does not provide personal information to third parties.

B. In accordance with the "Guidelines for Processing and Protecting Personal Information in Emergency Situations" jointly announced by relevant government ministries, Inabooth may provide personal information to relevant agencies without the data subject's consent in emergency situations such as disasters, infectious diseases, incidents or accidents causing urgent risk to life or body, or urgent property loss. In such cases, Inabooth provides only the minimum personal information necessary under applicable law and will not provide it for purposes different from those grounds.

5. Entrustment of Personal Information Processing

A. To provide services smoothly, Inabooth entrusts personal information processing as follows.

Entrusted Party	Entrusted Work
CJ Logistics Corporation	Product delivery
BusinessOn Communication Co., Ltd.	Execution of service contracts
Glosign Co., Ltd.	Execution of service contracts
Channel Corporation	Operation of customer consultation system (Channel Talk)
AWS (Amazon Web Services)	Data storage and service operation
Imweb Corp.	Data storage and operation of Inner Factory service
KG INICIS Co., Ltd.	Credit card payment, account transfer, virtual account payment processing, cash receipt issuance

B. When entering into entrustment contracts with processors, Inabooth specifies in documents such as contracts matters required under Article 26 of the Personal Information Protection Act, including prohibition of processing personal information for purposes other than entrusted work, technical and managerial safeguards, restrictions on re-entrustment, management and supervision of processors, and liability for damages, and supervises whether processors handle personal information securely.

C. If the entrusted work or processor changes, Inabooth will disclose the change without delay through this Privacy Policy.

6. Destruction of Personal Information

A. Inabooth destroys personal information without delay when the retention period expires or the processing purpose has been achieved.

B. If personal information must continue to be preserved under other laws even after the retention period consented to by the data subject has expired or the processing purpose has been achieved, Inabooth transfers the personal information to a separate database or stores it in a different location.

C. Destruction procedures and methods are as follows.

Destruction procedure: Inabooth selects personal information for which a destruction reason has occurred and destroys it with approval from Inabooth's personal information protection officer.
Destruction method: Electronic files are destroyed so that records cannot be restored, and paper documents are shredded or incinerated.

7. Measures for Destruction of Personal Information of Inactive Users (Separate Storage)

A. Users who have not used the service for one year are converted to dormant accounts, and their personal information is stored separately. Separately stored personal information is retained for one year and then destroyed without delay.

B. At least 30 days before dormancy conversion, Inabooth notifies the user of the separate storage, scheduled dormancy date, and personal information items to be separately stored by email, text message, or another available notification method.

C. Users who do not wish to be converted to dormant accounts may log in before the conversion. If a dormant account is converted and the user later logs in, the account may be restored with the user's consent for normal service use.

8. Rights and Obligations of Data Subjects and Legal Guardians, and How to Exercise Them

A. Data subjects may request access to, correction of, deletion of, or suspension of processing of personal information from Inabooth at any time.

※ Requests concerning personal information of children under 14 must be made directly by the legal guardian. Data subjects who are minors aged 14 or older may exercise their rights themselves or through their legal guardian.

B. Rights may be exercised against Inabooth in writing, by email, by fax, or other methods under Article 41(2) of the Enforcement Decree of the Personal Information Protection Act, and Inabooth will take action without delay.

C. Rights may also be exercised through an agent such as the data subject's legal guardian or authorized representative. In this case, a power of attorney in the form prescribed by Annex Form 11 of the "Notification on Methods of Processing Personal Information (No. 2020-7)" must be submitted.

D. Requests for access to or suspension of processing of personal information may be restricted under Articles 35(4) and 37(2) of the Personal Information Protection Act.

E. If other laws specify that the personal information is subject to collection, deletion may not be requested.

F. Inabooth verifies whether the person making a request for access, correction, deletion, or suspension of processing is the data subject or a legitimate representative.

9. Measures to Ensure Security of Personal Information

Inabooth takes the following measures to ensure the security of personal information.

Managerial measures: Establishing and implementing internal management plans, operating dedicated organizations, regular employee training
Technical measures: Managing access rights to personal information processing systems, installing access control systems, encrypting personal information, installing and updating security programs
Physical measures: Access control for computer rooms, document storage rooms, and similar facilities

10. Installation, Operation, and Refusal of Automatic Personal Information Collection Tools

A. Inabooth uses cookies, which store and retrieve usage information on the user's PC, to provide individually customized services.

B. Cookies are small data files stored on the user's PC through the user's web browser by the server of the website the user accesses.

Purpose of cookies: Used to identify visit and usage patterns for each service and website visited by users, popular search terms, secure access status, and similar information to provide optimized information.
Cookie installation/operation and refusal: Users may refuse cookie storage by changing options in the web browser menu, such as Tools > Internet Options > Privacy.
If cookie storage is refused, difficulties may arise in using personalized services.

11. Collection, Use, and Refusal of Behavioral Information

A. Inabooth collects and uses behavioral information generated during service use to provide optimized personalized services, benefit notifications, and online personalized advertising.

B. Inabooth collects behavioral information as follows.

Behavioral Information Collected	Collection Method	Collection Purpose	Retention and Use Period
Service usage history (app usage history, search history, abusive-use records, access logs), IP address, advertising identifier	Automatically collected when users visit the website	Provide personalized product recommendation services, including advertising, based on user interests and preferences	Until membership withdrawal

C. Inabooth allows the following online personalized advertising providers to collect and process behavioral information.

Advertising providers collecting and processing behavioral information: Google LLC, Meta Platforms Inc.
Collection method: Automatically collected when users visit and use our website
Behavioral information collected and processed: Web visit history, search history, purchase history, etc.

D. Inabooth collects only the minimum behavioral information necessary for online personalized advertising and does not collect sensitive behavioral information that may clearly infringe individual rights, interests, or privacy, such as ideology, beliefs, family and relatives, education/medical history, or other social activity history.

E. Inabooth does not collect behavioral information for personalized advertising from children known to be under 14 or from online services mainly used by children under 14, and does not provide personalized advertising to children known to be under 14.

F. Inabooth collects and uses advertising identifiers for online personalized advertising in mobile apps. Data subjects may block or allow app personalized advertising by changing mobile device settings.

‣ Blocking/allowing advertising identifiers on smartphones

(1) Android: Settings → Privacy → Ads → Reset advertising ID or delete advertising ID

(2) iPhone: Settings → Privacy → Tracking → Turn off "Allow Apps to Request to Track"

※ Menus and methods may differ depending on mobile OS version.

G. Users may collectively block or allow online personalized advertising by changing cookie settings in their web browser. However, changing cookie settings may affect the use of some services, such as automatic login.

‣ Blocking/allowing personalized advertising through web browsers

(1) Internet Explorer (Internet Explorer 11 for Windows 10)

In Internet Explorer, select the Tools button, then Internet Options
Select the Privacy tab, choose Advanced under Settings, then choose whether to block or allow cookies

(2) Microsoft Edge

Click the "..." icon in the upper right of Edge, then click Settings.
On the left side of the Settings page, click "Privacy, search, and services," then select whether and how to use Tracking prevention.
Choose whether to always use "Strict" tracking prevention when browsing InPrivate.
In the Privacy section, choose whether to send "Do Not Track" requests.

(3) Chrome browser

In Chrome, click the "⋮" icon (Customize and control Chrome) in the upper right, then click Settings.
Click "Show advanced settings" at the bottom of the Settings page and click Content settings in the Privacy section.
In the Cookies section, select "Block third-party cookies and site data."

H. Users may contact the following department for questions, refusal rights, damage reports, and other matters related to behavioral information.

‣ Personal Information Protection Department

Person in charge: Yoorim Kim

Department: Strategic Planning Team

Contact: 1811-2839, product@inabooth.io

12. Personal Information Protection Officer and Requests for Access

A. Inabooth designates the following personal information protection officer and department to oversee personal information processing and handle complaints and remedies related to personal information processing.

Category	Name	Contact
Personal Information Protection Officer / Personal Information Protection Department	Name: Yoorim Kim	Email: product@inabooth.io Phone: 1811-2839

B. Data subjects may request access to personal information under the Personal Information Protection Act from the responsible department. Inabooth will make efforts to process requests promptly.

C. Data subjects may contact the above officer and department for all inquiries, complaints, and remedies related to personal information protection that arise while using Inabooth's service or business. Inabooth will respond to and process inquiries without delay.

13. Remedies for Infringement of Rights

A. Inabooth strives to guarantee data subjects' right to self-determination over personal information and to provide consultation and remedies for personal information infringement. If reporting or consultation is needed, please contact the department below.

‣ Grievance Handling Department

Person in charge: Yoorim Kim

Department: Strategic Planning Team

Contact: 1811-2839, product@inabooth.io

B. Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, and other institutions. For other personal information infringement reports and consultations, please contact the following institutions.

Personal Information Dispute Mediation Committee: 1833-6972 (kopico.go.kr)
Personal Information Infringement Report Center: 118 (kisa.or.kr)
Supreme Prosecutors' Office: 1301 (spo.go.kr)
Korean National Police Agency: 182 (cyber.go.kr)

14. Video Information Processing Device Installation and Operation Policy

Inabooth installs and operates video information processing devices as follows.

Grounds and purpose of installation: Facility safety and fire prevention
Number, location, and filming scope: Four devices installed in the warehouse; filming covers the inside and outside of the warehouse
Manager, department, and persons authorized to access video information: Byunghoon Lee, Executive Director
Filming time, retention period, storage location, and processing method
Filming time: 24 hours
Retention period: 30 days from filming
Storage location and processing method: Stored and processed in the operations team video information processing device control room
Method and place for checking video information: Request to the manager
Measures for requests to access video information: Requests must be made using an application for access/existence confirmation of personal video information. Access is permitted only when the data subject is filmed or when clearly necessary for the data subject's life, body, or property interests.
Technical, managerial, and physical measures for video information protection: Internal management plan, access control and access authority restrictions, secure storage and transmission technology, processing record retention and anti-forgery measures, storage facilities and locking devices
Entrustment of installation and management: Inabooth entrusts installation and management of video information processing devices and specifies necessary matters in entrustment contracts so personal information can be securely managed under applicable law.
Changes to the video information processing device operation and management policy: If this policy changes due to laws, policies, or security technology, Inabooth will announce the reasons and details of the change on the website without delay.

15. Changes to this Privacy Policy

A. This Privacy Policy takes effect on June 1, 2026.

B. Previous versions of this Privacy Policy can be found below.

Privacy Policy

1. Purposes of Collection and Use, Items Collected, and Retention Periods

Inabooth processes personal information only within the scope of the purposes of collection and use stated below.

Service	Purpose of Collection and Use	Items Collected	Retention and Use Period
Membership registration and management; service provision	Confirm membership intent, identify and authenticate users for member services, verify age, maintain and manage membership, provide services, prevent unauthorized service use, verify legal guardian consent for children under 14, send notices and notifications, handle grievances	[Required] Name, nickname, date of birth, mobile phone number, email address, ID, password, gender, DI (duplicate registration verification information), CI (encrypted personal identification information), service usage records, information collected through automatic personal information collection tools, device information (OS/screen size, device ID), [for users under 14] guardian information (name, date of birth, gender, mobile phone number, CI, DI)	Until membership withdrawal. However, if an investigation or inquiry related to a violation of applicable law is ongoing after withdrawal, until the investigation or inquiry is completed
Payment services	Send contracts and invoices, process and settle payments, collect debts	[Required] Name, date of birth, credit card information (card number, password, expiration date), bank account information (bank name, account number), email address	Until goods/services are supplied and payment/settlement is completed. However, retained as required by statutory retention periods
Tax invoice issuance	Issue tax invoices	[Optional] Tax invoice recipient information: name (individual or corporation), business address, email, contact person's mobile phone number, business registration number	Until membership withdrawal. However, retained as required by statutory retention periods
Performance statistics and new service development	Compile product/service usage statistics and develop new services	[Required] Automatically generated information and service usage records created during service use, posts or other content written by the data subject, device information (OS/screen size, device ID), IP address, information collected through automatic personal information collection tools	Until consent withdrawal or membership withdrawal. However, retained as required by statutory retention periods
Error and inconvenience reports	Verify reporter, identify and resolve the cause of the reported matter, reply to reports	[Required] Name, ID, mobile phone number	Until membership withdrawal. However, retained as required by statutory retention periods
Customer inquiries	Verify requester and respond to inquiries	[Required] Name, email address, mobile phone number, order number, inquiry details	Until membership withdrawal
Events	Event entry/winner management, prize delivery	[Optional] Name, address, mobile phone number, ID, email address	Until consent withdrawal or membership withdrawal
Personalized services	Provide customer-personalized services	[Required] Name, ID, mobile phone number, service usage history (app usage history, search history, abusive-use records, access logs), IP address, advertising identifier	Until membership withdrawal. However, retained as required by statutory retention periods
Promotion and marketing	Provide personalized advertising and marketing information	[Optional] ID, password, name, email address, mobile phone number, service usage history (app usage history, search history, abusive-use records, access logs), information collected through automatic personal information collection tools, IP address, advertising identifier	Until consent withdrawal or membership withdrawal
SNS performance analysis and information provision	Disclose, within the service platform, follower/subscriber counts and post performance metrics from SNS accounts connected by the member (Instagram, YouTube, Facebook, X, TikTok), or information generated by Inabooth through analysis and processing of such metrics. (Not shared or transmitted to third parties outside Inabooth.)	[Optional] YouTube: account ID, user name, channel name, channel description, custom URL, subscriber count (including public/private status), total views, number of videos, recent monthly uploads, OAuth tokens (Access/Refresh Token) for data updates. Instagram: account ID, user name, follower and following counts, total media count, account-level reach and impression metrics, likes/comments/views/reach metrics for individual media, recent monthly content count, OAuth tokens (Access/Refresh Token) for data updates. Facebook: account ID, page user name, follower count, page reach and impression metrics by period (daily/weekly/28-day, unique reach), recent post reaction totals, recent monthly post count, OAuth tokens (Access/Refresh Token) for data updates. X (Twitter): account ID, user name, profile description, location, verified status, follower and following counts, tweet count, listed count, recent monthly tweet count, OAuth tokens (Access/Refresh Token) for data updates. TikTok: account ID, user name, display name, verified status, follower and following counts, total likes, video count, recent monthly video count, OAuth tokens (Access/Refresh Token) for data updates.	Until consent withdrawal or membership withdrawal

Information retained for a certain period under statutory retention obligations is destroyed after the applicable period below.

Legal Basis	Retained Items	Retention Period
Article 6 of the Act on the Consumer Protection in Electronic Commerce, Etc. and Article 6(1) of its Enforcement Decree	Records of contracts or withdrawal of offers, payments, and supply of goods, etc.	5 years
Article 6 of the Act on the Consumer Protection in Electronic Commerce, Etc. and Article 6(1) of its Enforcement Decree	Records of consumer complaints or dispute handling	3 years
Article 6 of the Act on the Consumer Protection in Electronic Commerce, Etc. and Article 6(1) of its Enforcement Decree	Records of labeling/advertising	6 months
Framework Act on National Taxes	Books and evidentiary documents concerning all transactions prescribed by tax laws	5 years
Article 22(1) of the Electronic Financial Transactions Act and Article 12(1) of its Enforcement Decree	Electronic financial transaction records	5 years
Article 15-2 of the Protection of Communications Secrets Act and Article 41(2)2 of its Enforcement Decree	Service visit records	3 months
Article 20(2) of the Credit Information Use and Protection Act	Records concerning collection, processing, and use of credit information	3 years

2. Methods of Collection and Consent

3. Processing Personal Information of Children Under 14

[Required] Legal guardian's name, relationship, and contact information

B. If Inabooth collects a child's personal information for service-related promotions, it obtains separate consent from the legal guardian.

Posting the consent details on a website, having the legal guardian indicate consent, and notifying the guardian by mobile text message that the indication has been confirmed
Posting the consent details on a website, having the legal guardian indicate consent, and verifying identity by receiving credit/debit card information or similar card information from the guardian
Posting the consent details on a website, having the legal guardian indicate consent, and verifying identity through mobile phone identity verification or similar method
Providing a written document containing the consent details directly, by mail, or by fax, and receiving the guardian's signed/sealed submission
Sending an email containing the consent details and receiving an email from the guardian expressing consent
Informing the guardian of the consent details by telephone and obtaining consent, or providing a method such as an internet address for confirming the consent details and obtaining consent through a follow-up telephone call
Any other method equivalent to the above that informs the legal guardian of the consent details and confirms the expression of consent

4. Provision of Personal Information to Third Parties

5. Entrustment of Personal Information Processing

A. To provide services smoothly, Inabooth entrusts personal information processing as follows.

Entrusted Party	Entrusted Work
CJ Logistics Corporation	Product delivery
BusinessOn Communication Co., Ltd.	Execution of service contracts
Glosign Co., Ltd.	Execution of service contracts
Channel Corporation	Operation of customer consultation system (Channel Talk)
AWS (Amazon Web Services)	Data storage and service operation
Imweb Corp.	Data storage and operation of Inner Factory service
KG INICIS Co., Ltd.	Credit card payment, account transfer, virtual account payment processing, cash receipt issuance

C. If the entrusted work or processor changes, Inabooth will disclose the change without delay through this Privacy Policy.

6. Destruction of Personal Information

A. Inabooth destroys personal information without delay when the retention period expires or the processing purpose has been achieved.

C. Destruction procedures and methods are as follows.

Destruction procedure: Inabooth selects personal information for which a destruction reason has occurred and destroys it with approval from Inabooth's personal information protection officer.
Destruction method: Electronic files are destroyed so that records cannot be restored, and paper documents are shredded or incinerated.

7. Measures for Destruction of Personal Information of Inactive Users (Separate Storage)

8. Rights and Obligations of Data Subjects and Legal Guardians, and How to Exercise Them

A. Data subjects may request access to, correction of, deletion of, or suspension of processing of personal information from Inabooth at any time.

D. Requests for access to or suspension of processing of personal information may be restricted under Articles 35(4) and 37(2) of the Personal Information Protection Act.

E. If other laws specify that the personal information is subject to collection, deletion may not be requested.

F. Inabooth verifies whether the person making a request for access, correction, deletion, or suspension of processing is the data subject or a legitimate representative.

9. Measures to Ensure Security of Personal Information

Inabooth takes the following measures to ensure the security of personal information.

Managerial measures: Establishing and implementing internal management plans, operating dedicated organizations, regular employee training
Technical measures: Managing access rights to personal information processing systems, installing access control systems, encrypting personal information, installing and updating security programs
Physical measures: Access control for computer rooms, document storage rooms, and similar facilities

10. Installation, Operation, and Refusal of Automatic Personal Information Collection Tools

A. Inabooth uses cookies, which store and retrieve usage information on the user's PC, to provide individually customized services.

B. Cookies are small data files stored on the user's PC through the user's web browser by the server of the website the user accesses.

Purpose of cookies: Used to identify visit and usage patterns for each service and website visited by users, popular search terms, secure access status, and similar information to provide optimized information.
Cookie installation/operation and refusal: Users may refuse cookie storage by changing options in the web browser menu, such as Tools > Internet Options > Privacy.
If cookie storage is refused, difficulties may arise in using personalized services.

11. Collection, Use, and Refusal of Behavioral Information

A. Inabooth collects and uses behavioral information generated during service use to provide optimized personalized services, benefit notifications, and online personalized advertising.

B. Inabooth collects behavioral information as follows.

Behavioral Information Collected	Collection Method	Collection Purpose	Retention and Use Period
Service usage history (app usage history, search history, abusive-use records, access logs), IP address, advertising identifier	Automatically collected when users visit the website	Provide personalized product recommendation services, including advertising, based on user interests and preferences	Until membership withdrawal

C. Inabooth allows the following online personalized advertising providers to collect and process behavioral information.

Advertising providers collecting and processing behavioral information: Google LLC, Meta Platforms Inc.
Collection method: Automatically collected when users visit and use our website
Behavioral information collected and processed: Web visit history, search history, purchase history, etc.

‣ Blocking/allowing advertising identifiers on smartphones

(1) Android: Settings → Privacy → Ads → Reset advertising ID or delete advertising ID

(2) iPhone: Settings → Privacy → Tracking → Turn off "Allow Apps to Request to Track"

※ Menus and methods may differ depending on mobile OS version.

‣ Blocking/allowing personalized advertising through web browsers

(1) Internet Explorer (Internet Explorer 11 for Windows 10)

In Internet Explorer, select the Tools button, then Internet Options
Select the Privacy tab, choose Advanced under Settings, then choose whether to block or allow cookies

(2) Microsoft Edge

Click the "..." icon in the upper right of Edge, then click Settings.
On the left side of the Settings page, click "Privacy, search, and services," then select whether and how to use Tracking prevention.
Choose whether to always use "Strict" tracking prevention when browsing InPrivate.
In the Privacy section, choose whether to send "Do Not Track" requests.

(3) Chrome browser

In Chrome, click the "⋮" icon (Customize and control Chrome) in the upper right, then click Settings.
Click "Show advanced settings" at the bottom of the Settings page and click Content settings in the Privacy section.
In the Cookies section, select "Block third-party cookies and site data."

H. Users may contact the following department for questions, refusal rights, damage reports, and other matters related to behavioral information.

‣ Personal Information Protection Department

Person in charge: Yoorim Kim

Department: Strategic Planning Team

Contact: 1811-2839, product@inabooth.io

12. Personal Information Protection Officer and Requests for Access

Category	Name	Contact
Personal Information Protection Officer / Personal Information Protection Department	Name: Yoorim Kim	Email: product@inabooth.io Phone: 1811-2839

B. Data subjects may request access to personal information under the Personal Information Protection Act from the responsible department. Inabooth will make efforts to process requests promptly.

13. Remedies for Infringement of Rights

‣ Grievance Handling Department

Person in charge: Yoorim Kim

Department: Strategic Planning Team

Contact: 1811-2839, product@inabooth.io

Personal Information Dispute Mediation Committee: 1833-6972 (kopico.go.kr)
Personal Information Infringement Report Center: 118 (kisa.or.kr)
Supreme Prosecutors' Office: 1301 (spo.go.kr)
Korean National Police Agency: 182 (cyber.go.kr)

14. Video Information Processing Device Installation and Operation Policy

Inabooth installs and operates video information processing devices as follows.

Grounds and purpose of installation: Facility safety and fire prevention
Number, location, and filming scope: Four devices installed in the warehouse; filming covers the inside and outside of the warehouse
Manager, department, and persons authorized to access video information: Byunghoon Lee, Executive Director
Filming time, retention period, storage location, and processing method
Filming time: 24 hours
Retention period: 30 days from filming
Storage location and processing method: Stored and processed in the operations team video information processing device control room
Method and place for checking video information: Request to the manager
Measures for requests to access video information: Requests must be made using an application for access/existence confirmation of personal video information. Access is permitted only when the data subject is filmed or when clearly necessary for the data subject's life, body, or property interests.
Technical, managerial, and physical measures for video information protection: Internal management plan, access control and access authority restrictions, secure storage and transmission technology, processing record retention and anti-forgery measures, storage facilities and locking devices
Entrustment of installation and management: Inabooth entrusts installation and management of video information processing devices and specifies necessary matters in entrustment contracts so personal information can be securely managed under applicable law.
Changes to the video information processing device operation and management policy: If this policy changes due to laws, policies, or security technology, Inabooth will announce the reasons and details of the change on the website without delay.

15. Changes to this Privacy Policy

A. This Privacy Policy takes effect on June 1, 2026.

B. Previous versions of this Privacy Policy can be found below.

Privacy Policy

1. Purposes of Collection and Use, Items Collected, and Retention Periods

Inabooth processes personal information only within the scope of the purposes of collection and use stated below.

Service	Purpose of Collection and Use	Items Collected	Retention and Use Period
Membership registration and management; service provision	Confirm membership intent, identify and authenticate users for member services, verify age, maintain and manage membership, provide services, prevent unauthorized service use, verify legal guardian consent for children under 14, send notices and notifications, handle grievances	[Required] Name, nickname, date of birth, mobile phone number, email address, ID, password, gender, DI (duplicate registration verification information), CI (encrypted personal identification information), service usage records, information collected through automatic personal information collection tools, device information (OS/screen size, device ID), [for users under 14] guardian information (name, date of birth, gender, mobile phone number, CI, DI)	Until membership withdrawal. However, if an investigation or inquiry related to a violation of applicable law is ongoing after withdrawal, until the investigation or inquiry is completed
Payment services	Send contracts and invoices, process and settle payments, collect debts	[Required] Name, date of birth, credit card information (card number, password, expiration date), bank account information (bank name, account number), email address	Until goods/services are supplied and payment/settlement is completed. However, retained as required by statutory retention periods
Tax invoice issuance	Issue tax invoices	[Optional] Tax invoice recipient information: name (individual or corporation), business address, email, contact person's mobile phone number, business registration number	Until membership withdrawal. However, retained as required by statutory retention periods
Performance statistics and new service development	Compile product/service usage statistics and develop new services	[Required] Automatically generated information and service usage records created during service use, posts or other content written by the data subject, device information (OS/screen size, device ID), IP address, information collected through automatic personal information collection tools	Until consent withdrawal or membership withdrawal. However, retained as required by statutory retention periods
Error and inconvenience reports	Verify reporter, identify and resolve the cause of the reported matter, reply to reports	[Required] Name, ID, mobile phone number	Until membership withdrawal. However, retained as required by statutory retention periods
Customer inquiries	Verify requester and respond to inquiries	[Required] Name, email address, mobile phone number, order number, inquiry details	Until membership withdrawal
Events	Event entry/winner management, prize delivery	[Optional] Name, address, mobile phone number, ID, email address	Until consent withdrawal or membership withdrawal
Personalized services	Provide customer-personalized services	[Required] Name, ID, mobile phone number, service usage history (app usage history, search history, abusive-use records, access logs), IP address, advertising identifier	Until membership withdrawal. However, retained as required by statutory retention periods
Promotion and marketing	Provide personalized advertising and marketing information	[Optional] ID, password, name, email address, mobile phone number, service usage history (app usage history, search history, abusive-use records, access logs), information collected through automatic personal information collection tools, IP address, advertising identifier	Until consent withdrawal or membership withdrawal
SNS performance analysis and information provision	Disclose, within the service platform, follower/subscriber counts and post performance metrics from SNS accounts connected by the member (Instagram, YouTube, Facebook, X, TikTok), or information generated by Inabooth through analysis and processing of such metrics. (Not shared or transmitted to third parties outside Inabooth.)	[Optional] YouTube: account ID, user name, channel name, channel description, custom URL, subscriber count (including public/private status), total views, number of videos, recent monthly uploads, OAuth tokens (Access/Refresh Token) for data updates. Instagram: account ID, user name, follower and following counts, total media count, account-level reach and impression metrics, likes/comments/views/reach metrics for individual media, recent monthly content count, OAuth tokens (Access/Refresh Token) for data updates. Facebook: account ID, page user name, follower count, page reach and impression metrics by period (daily/weekly/28-day, unique reach), recent post reaction totals, recent monthly post count, OAuth tokens (Access/Refresh Token) for data updates. X (Twitter): account ID, user name, profile description, location, verified status, follower and following counts, tweet count, listed count, recent monthly tweet count, OAuth tokens (Access/Refresh Token) for data updates. TikTok: account ID, user name, display name, verified status, follower and following counts, total likes, video count, recent monthly video count, OAuth tokens (Access/Refresh Token) for data updates.	Until consent withdrawal or membership withdrawal

Information retained for a certain period under statutory retention obligations is destroyed after the applicable period below.

Legal Basis	Retained Items	Retention Period
Article 6 of the Act on the Consumer Protection in Electronic Commerce, Etc. and Article 6(1) of its Enforcement Decree	Records of contracts or withdrawal of offers, payments, and supply of goods, etc.	5 years
Article 6 of the Act on the Consumer Protection in Electronic Commerce, Etc. and Article 6(1) of its Enforcement Decree	Records of consumer complaints or dispute handling	3 years
Article 6 of the Act on the Consumer Protection in Electronic Commerce, Etc. and Article 6(1) of its Enforcement Decree	Records of labeling/advertising	6 months
Framework Act on National Taxes	Books and evidentiary documents concerning all transactions prescribed by tax laws	5 years
Article 22(1) of the Electronic Financial Transactions Act and Article 12(1) of its Enforcement Decree	Electronic financial transaction records	5 years
Article 15-2 of the Protection of Communications Secrets Act and Article 41(2)2 of its Enforcement Decree	Service visit records	3 months
Article 20(2) of the Credit Information Use and Protection Act	Records concerning collection, processing, and use of credit information	3 years

2. Methods of Collection and Consent

3. Processing Personal Information of Children Under 14

[Required] Legal guardian's name, relationship, and contact information

B. If Inabooth collects a child's personal information for service-related promotions, it obtains separate consent from the legal guardian.

Posting the consent details on a website, having the legal guardian indicate consent, and notifying the guardian by mobile text message that the indication has been confirmed
Posting the consent details on a website, having the legal guardian indicate consent, and verifying identity by receiving credit/debit card information or similar card information from the guardian
Posting the consent details on a website, having the legal guardian indicate consent, and verifying identity through mobile phone identity verification or similar method
Providing a written document containing the consent details directly, by mail, or by fax, and receiving the guardian's signed/sealed submission
Sending an email containing the consent details and receiving an email from the guardian expressing consent
Informing the guardian of the consent details by telephone and obtaining consent, or providing a method such as an internet address for confirming the consent details and obtaining consent through a follow-up telephone call
Any other method equivalent to the above that informs the legal guardian of the consent details and confirms the expression of consent

4. Provision of Personal Information to Third Parties

5. Entrustment of Personal Information Processing

A. To provide services smoothly, Inabooth entrusts personal information processing as follows.

Entrusted Party	Entrusted Work
CJ Logistics Corporation	Product delivery
BusinessOn Communication Co., Ltd.	Execution of service contracts
Glosign Co., Ltd.	Execution of service contracts
Channel Corporation	Operation of customer consultation system (Channel Talk)
AWS (Amazon Web Services)	Data storage and service operation
Imweb Corp.	Data storage and operation of Inner Factory service
KG INICIS Co., Ltd.	Credit card payment, account transfer, virtual account payment processing, cash receipt issuance

C. If the entrusted work or processor changes, Inabooth will disclose the change without delay through this Privacy Policy.

6. Destruction of Personal Information

A. Inabooth destroys personal information without delay when the retention period expires or the processing purpose has been achieved.

C. Destruction procedures and methods are as follows.

Destruction procedure: Inabooth selects personal information for which a destruction reason has occurred and destroys it with approval from Inabooth's personal information protection officer.
Destruction method: Electronic files are destroyed so that records cannot be restored, and paper documents are shredded or incinerated.

7. Measures for Destruction of Personal Information of Inactive Users (Separate Storage)

8. Rights and Obligations of Data Subjects and Legal Guardians, and How to Exercise Them

A. Data subjects may request access to, correction of, deletion of, or suspension of processing of personal information from Inabooth at any time.

D. Requests for access to or suspension of processing of personal information may be restricted under Articles 35(4) and 37(2) of the Personal Information Protection Act.

E. If other laws specify that the personal information is subject to collection, deletion may not be requested.

F. Inabooth verifies whether the person making a request for access, correction, deletion, or suspension of processing is the data subject or a legitimate representative.

9. Measures to Ensure Security of Personal Information

Inabooth takes the following measures to ensure the security of personal information.

Managerial measures: Establishing and implementing internal management plans, operating dedicated organizations, regular employee training
Technical measures: Managing access rights to personal information processing systems, installing access control systems, encrypting personal information, installing and updating security programs
Physical measures: Access control for computer rooms, document storage rooms, and similar facilities

10. Installation, Operation, and Refusal of Automatic Personal Information Collection Tools

A. Inabooth uses cookies, which store and retrieve usage information on the user's PC, to provide individually customized services.

B. Cookies are small data files stored on the user's PC through the user's web browser by the server of the website the user accesses.

Purpose of cookies: Used to identify visit and usage patterns for each service and website visited by users, popular search terms, secure access status, and similar information to provide optimized information.
Cookie installation/operation and refusal: Users may refuse cookie storage by changing options in the web browser menu, such as Tools > Internet Options > Privacy.
If cookie storage is refused, difficulties may arise in using personalized services.

11. Collection, Use, and Refusal of Behavioral Information

A. Inabooth collects and uses behavioral information generated during service use to provide optimized personalized services, benefit notifications, and online personalized advertising.

B. Inabooth collects behavioral information as follows.

Behavioral Information Collected	Collection Method	Collection Purpose	Retention and Use Period
Service usage history (app usage history, search history, abusive-use records, access logs), IP address, advertising identifier	Automatically collected when users visit the website	Provide personalized product recommendation services, including advertising, based on user interests and preferences	Until membership withdrawal

C. Inabooth allows the following online personalized advertising providers to collect and process behavioral information.

Advertising providers collecting and processing behavioral information: Google LLC, Meta Platforms Inc.
Collection method: Automatically collected when users visit and use our website
Behavioral information collected and processed: Web visit history, search history, purchase history, etc.

‣ Blocking/allowing advertising identifiers on smartphones

(1) Android: Settings → Privacy → Ads → Reset advertising ID or delete advertising ID

(2) iPhone: Settings → Privacy → Tracking → Turn off "Allow Apps to Request to Track"

※ Menus and methods may differ depending on mobile OS version.

‣ Blocking/allowing personalized advertising through web browsers

(1) Internet Explorer (Internet Explorer 11 for Windows 10)

In Internet Explorer, select the Tools button, then Internet Options
Select the Privacy tab, choose Advanced under Settings, then choose whether to block or allow cookies

(2) Microsoft Edge

Click the "..." icon in the upper right of Edge, then click Settings.
On the left side of the Settings page, click "Privacy, search, and services," then select whether and how to use Tracking prevention.
Choose whether to always use "Strict" tracking prevention when browsing InPrivate.
In the Privacy section, choose whether to send "Do Not Track" requests.

(3) Chrome browser

In Chrome, click the "⋮" icon (Customize and control Chrome) in the upper right, then click Settings.
Click "Show advanced settings" at the bottom of the Settings page and click Content settings in the Privacy section.
In the Cookies section, select "Block third-party cookies and site data."

H. Users may contact the following department for questions, refusal rights, damage reports, and other matters related to behavioral information.

‣ Personal Information Protection Department

Person in charge: Yoorim Kim

Department: Strategic Planning Team

Contact: 1811-2839, product@inabooth.io

12. Personal Information Protection Officer and Requests for Access

Category	Name	Contact
Personal Information Protection Officer / Personal Information Protection Department	Name: Yoorim Kim	Email: product@inabooth.io Phone: 1811-2839

B. Data subjects may request access to personal information under the Personal Information Protection Act from the responsible department. Inabooth will make efforts to process requests promptly.

13. Remedies for Infringement of Rights

‣ Grievance Handling Department

Person in charge: Yoorim Kim

Department: Strategic Planning Team

Contact: 1811-2839, product@inabooth.io

Personal Information Dispute Mediation Committee: 1833-6972 (kopico.go.kr)
Personal Information Infringement Report Center: 118 (kisa.or.kr)
Supreme Prosecutors' Office: 1301 (spo.go.kr)
Korean National Police Agency: 182 (cyber.go.kr)

14. Video Information Processing Device Installation and Operation Policy

Inabooth installs and operates video information processing devices as follows.

Grounds and purpose of installation: Facility safety and fire prevention
Number, location, and filming scope: Four devices installed in the warehouse; filming covers the inside and outside of the warehouse
Manager, department, and persons authorized to access video information: Byunghoon Lee, Executive Director
Filming time, retention period, storage location, and processing method
Filming time: 24 hours
Retention period: 30 days from filming
Storage location and processing method: Stored and processed in the operations team video information processing device control room
Method and place for checking video information: Request to the manager
Measures for requests to access video information: Requests must be made using an application for access/existence confirmation of personal video information. Access is permitted only when the data subject is filmed or when clearly necessary for the data subject's life, body, or property interests.
Technical, managerial, and physical measures for video information protection: Internal management plan, access control and access authority restrictions, secure storage and transmission technology, processing record retention and anti-forgery measures, storage facilities and locking devices
Entrustment of installation and management: Inabooth entrusts installation and management of video information processing devices and specifies necessary matters in entrustment contracts so personal information can be securely managed under applicable law.
Changes to the video information processing device operation and management policy: If this policy changes due to laws, policies, or security technology, Inabooth will announce the reasons and details of the change on the website without delay.

15. Changes to this Privacy Policy

A. This Privacy Policy takes effect on June 1, 2026.

B. Previous versions of this Privacy Policy can be found below.