LINKSUP, Inc. (the "Company") manages members' personal information in accordance with the Personal Information Protection Act and other applicable laws. This policy describes the categories of personal information collected, purposes of use, retention periods, and methods for exercising your rights.
Article 1. Principles of Personal Information Processing
The Company adheres to the following principles in accordance with applicable personal information laws: · Personal information is collected through lawful and fair methods. · Only the minimum personal information necessary for the purpose of collection is gathered. · Personal information is used only within the scope of the purpose of collection and is not used beyond that purpose. · The Company endeavors to maintain the accuracy and currency of personal information. · Matters concerning personal information processing are disclosed, and members' rights are guaranteed.
Article 2. Personal Information Collected and Collection Methods
The Company collects the following personal information: [Required] · Email address, name (collected during registration) · Password (email registration only; stored as a one-way cryptographic hash) [Optional] · Profile picture (provided via Google OAuth or uploaded directly by the member) · Mobile phone number · Company name, department, job title · Country · Job role (importer, exporter, distributor, etc.) · Items of interest, countries of interest, companies of interest (for personalization) [Collected During Service Use] · Inquiry content (title, body, category) · AI chatbot conversation history · Favorites and saved search criteria [Automatically Collected] · IP address, cookies, service usage logs, device information (browser type, OS) · IP address at the time of consent to Terms and Privacy Policy (for consent record management) [Collection Methods] · Direct input of email and password during registration, or collection through Google OAuth authentication · Direct input by the member during service use (profile editing, inquiry submission, etc.) · Automatic collection through cookies and logs during service use
Article 3. Purposes of Use
Collected personal information is used for the following purposes: · Member identification and login services · Identity verification (email verification code delivery, password reset) · Personalized dashboards and content recommendations · AI chatbot query processing (chat content is transmitted to AI provider servers) · Receiving and processing inquiries, collecting feedback for service improvement · Error monitoring and service stability (error tracking via Sentry) · Service usage analysis and quality improvement · Investigating and responding to violations of the Terms · Delivering notices and responding to inquiries · Restricting use by members who violate laws or the Terms
Article 4. Retention and Destruction
Personal information is retained until the member deletes their account, after which it is destroyed without delay. However, where retention is required by applicable laws, data is retained for the following periods: · Records of contracts or subscription withdrawal: 5 years (Act on Consumer Protection in Electronic Commerce) · Records of payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce) · Records of consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce) · Records of labeling and advertising: 6 months (Act on Consumer Protection in Electronic Commerce) · Website access logs: 3 months (Protection of Communications Secrets Act) [Destruction Procedures and Methods] Personal information for which the reason for destruction has arisen is destroyed after approval by the Privacy Officer. Electronic files are deleted using technical methods that prevent recovery, and paper documents are shredded or incinerated.
Article 5. Third-Party Sharing and Processing Entrustment
The Company does not share personal information with third parties without consent, except in the following cases: · When the member has given prior consent · When required by law or by a lawful request from an investigative authority The Company entrusts the processing of personal information for service operations as follows: · Sentry (Functional Software, Inc.) — Error monitoring and service stability. Collected items: access information, device information, and usage records at the time of errors. Session replay is enabled, which may record user screen interactions when errors occur. · Anthropic / OpenAI — AI chatbot query processing. Collected items: chat message content. Content entered by members in the AI chatbot is transmitted to the AI provider's servers. · Amazon Web Services (AWS) — Profile picture storage and delivery (S3, CloudFront). Collected items: profile image files uploaded by members. · Amazon Simple Email Service (AWS SES) — Verification code delivery, inquiry notifications, etc. Collected items: email address, message content. · Cloud infrastructure provider — Service hosting and database operations Changes to entrusted tasks or processors will be disclosed through this policy.
Article 6. Member Rights
Members may request access, correction, deletion, or suspension of processing of their personal information at any time. · Use the account deletion feature in My Page, or contact us at the address below. · If a correction is requested, the personal information in question will not be used or provided until the correction is completed. · If incorrect personal information has already been provided to a third party, the correction results will be promptly communicated to that third party. · The Company will process requests within 10 business days and inform the member of the results. Members are responsible for keeping their personal information up to date. Liability for problems arising from inaccurate information rests with the member. Members who register using another person's personal information may lose their membership or face penalties under applicable laws.
Article 7. Security Measures
The Company implements the following measures to protect personal information: · Encryption in transit (HTTPS/TLS) · One-way cryptographic hashing of passwords (email registration members). Google OAuth members' passwords are not collected or stored by the Company. · Access control for file storage including profile pictures · Access control and audit logging · Periodic security reviews · Access control for personal information processing systems · Rate limiting on authentication attempts (brute-force prevention)
Article 8. Cookies
The Service uses cookies (httpOnly, SameSite=Lax, 30-day validity) to maintain login sessions. Cookies are small pieces of information sent by the server to the member's web browser and may be stored on the member's device. Members can manage cookie settings through their browser: · Chrome: Settings > Privacy and security > Cookies and other site data · Safari: Preferences > Privacy > Cookies and website data · Firefox: Settings > Privacy & Security > Cookies and Site Data · Edge: Settings > Cookies and site permissions > Manage and delete cookies and site data Disabling cookies may limit the use of certain services that require login.
Article 9. Commercial Advertising
The Company does not currently send commercial advertising messages. If commercial advertising is introduced in the future, the Company will obtain explicit prior consent from members and comply with the following: · The Company's name and contact information will be included in all advertising. · Opt-out methods will be provided, and transmission will cease immediately upon opt-out. · Separate prior consent will be obtained for messages sent between 9 PM and 8 AM.
Article 10. Response to Personal Information Breaches
Upon becoming aware of a loss, theft, or leak of personal information, the Company shall promptly notify the affected members (within 72 hours) and report the incident to the Personal Information Protection Commission or the Korea Internet & Security Agency, including the following details: · Categories of personal information leaked · Time of the breach · Measures members can take · The Company's response measures · Department and contact information for member consultations If the member's contact information is unknown or other legitimate reasons exist, the notification may be substituted by posting on the Company's website for at least 30 days.
Article 11. Changes to This Policy
If this policy is changed, notice will be posted within the Service at least 7 days before the effective date. Material changes (addition of collected items, changes to purposes of use, third-party sharing, etc.) will be announced at least 30 days in advance with separate notification.
Article 12. Privacy Officer
The Company has designated the following Privacy Officer to protect members' personal information and handle related complaints: · Name: Gunho Song · Title: CEO · Email: info@linksup.co.kr · Phone: 051-626-9952
Article 13. Remedies for Rights Infringement
Members may file complaints or seek consultation with the following organizations for remedies related to personal information infringement: · Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr) · Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr) · Supreme Prosecutors' Office Cyber Investigation Division: 1301 (www.spo.go.kr) · National Police Agency Cyber Bureau: 182 (ecrm.cyber.go.kr)
Supplementary Provisions
This Privacy Policy shall take effect on May 8, 2026. All previous versions of this policy shall cease to have effect upon the effective date of this policy.