Privacy Policy
Notice Date: July 22, 2025
Effective Date: July 22, 2025
STEPHOW Inc. (hereinafter referred to as the "Company") strictly complies with the Personal Information Protection Act and all relevant privacy regulations and guidelines to ensure the secure protection of personal information.
The term "Privacy Policy" refers to the guidelines the Company must follow to protect users’ valuable personal information, thereby enabling them to use the services with peace of mind.
This Privacy Policy applies to the Ryntra AI Service provided by the Company.
1. Collection of Personal Information
The Company collects only the minimum personal information necessary during the membership registration and service usage process.
Category | Collected Items | Purpose of Use |
|---|---|---|
Membership Registration | Email, Password, Name, Contact Information, Company Name, Affiliation/Department | Verify membership intent, identify users and prevent duplicate sign-ups, deliver notifications, marketing utilization |
Account Recovery | Verify identity for ID or password recovery | |
1:1 Inquiries | Email, Company Name, Name, Contact Information | Customer support, issue handling, error checking |
Service Provision | Provide optimized services, introduce new services, offer personalized service guides, analyze frequency and usage statistics | |
Event Participation | Email, Company Name, Contact Person’s Name, Contact Information | Event management, announcement of winners, prize delivery |
Service Contract / Fee Settlement (for institutions) | Organization Name, Representative User’s Name, Representative User’s Mobile Number, Sub-user Email Accounts, Affiliation Verification DocumentsPaid service usage, issuance of tax invoicesAutomatically Collected During Service UsageService usage records, misuse records, visit time, access logs, cookies, IP address, device information (OS, screen size, device ID, mobile model) | User verification, usage statistics, fraud prevention |
2. Methods of Collecting Personal Information
The Company notifies users in advance and seeks consent before collecting personal information. However, in certain cases permitted by law, information may be collected and used without consent:
When necessary to perform a contract with the data subject or take steps at the request of the data subject prior to entering into a contract.
When obtaining additional consent during the use of supplementary services or event participation.
Personal information may also be collected in the following ways:
Automatically generated and collected during PC web/app and mobile web/app usage (e.g., device information, IP address, cookies, visit time, misuse records, usage records).
Through web forms or similar methods for identity verification and user authentication.
3. Provision of Personal Information to Third Parties
The Company does not provide personal information to third parties without the user’s consent, unless required by law.
4. Outsourcing of Personal Information Processing
① The Company outsources certain tasks to third-party service providers as follows:
Delegatee | Outsourced Task | Retention Period |
|---|---|---|
AWS | Information system operation | Until membership withdrawal or end of outsourcing contract |
Toss Payments | Purchase and fee settlement (domestic) | Same as above |
ChannelTalk | Customer support, sales, and marketing | Same as above |
Login services | Same as above | |
Stibee | Email delivery | Same as above |
② If there are any changes to the delegatees or outsourcing details, the Company will promptly disclose such updates via this Privacy Policy.
5. Overseas Transfer of Personal Information
Recipient | Country | Transfer Time/Method | Transferred Data | Purpose & Retention |
|---|---|---|---|---|
Amazon Web Services, Inc. (aws-korea-privacy@amazon.com) | Japan (Tokyo Region) | Transmitted via network upon sign-up and during service usage | Collected personal information | Service provision until membership withdrawal or end of outsourcing contract |
Users may refuse overseas transfers; however, certain services may be restricted in such cases.
6. Use of Cookies
Cookies are small text files sent by the web server to the user’s browser to store user preferences, visit history, and usage behavior, making the website faster and more convenient. Cookies do not store personally identifiable information.
Users can choose whether to allow cookie storage.
Cookie rejection settings:
Internet Explorer: [Tools > Internet Options > Privacy > Settings]
Chrome: [Settings > Advanced Settings > Privacy > Content Settings > Cookies]
7. Retention and Use Period of Personal Information
In principle, personal information is destroyed without delay once its purpose has been achieved or the retention period has expired.
To prevent repeated re-registration for improper benefits, user data (name, email, contact, company) is retained for 6 months after withdrawal.
Device ID and IP address are retained for 12 months.
Certain records are retained under applicable laws:
Data Type | Legal Basis | Retention Period |
|---|---|---|
Records of contracts/cancellations | Act on Consumer Protection in E-Commerce | 5 years |
Records of payment & supply of goods | Act on Consumer Protection in E-Commerce | 5 years |
Records of consumer complaints/disputes | Act on Consumer Protection in E-Commerce | 3 years |
Website access logs | Communications Secrets Protection Act | 3 months |
Event participation records | User consent | Duration of prize contract |
Inactive accounts (no login for 1 year) will be marked dormant and stored in a separate database.
8. Destruction of Personal Information
When retention periods expire or information becomes unnecessary, the Company promptly destroys personal information.
Electronic data: deleted using technical methods to make recovery impossible.
Printed documents: shredded.
9. Rights of Users and Legal Representatives
Users may exercise rights under the Personal Information Protection Act, including access, correction, deletion, and suspension of processing.
If a correction request is made, data will not be used or shared until completion.
If incorrect data has already been shared, the Company will notify third parties without delay.
Users may withdraw consent or terminate membership at any time.
These rights may also be exercised through a legal representative.
The Company will verify the requester’s identity and promptly take necessary actions in accordance with the law.
10. Measures for Security of Personal Information
① Technical Measures
Password-protected accounts, encryption, and file locking.
SSL encryption for data transmission.
Regular updates of antivirus software.
Firewalls, intrusion detection, and vulnerability scanning tools.
② Managerial Measures
Access restricted to the minimum number of personnel (e.g., marketing, customer support, data protection staff).
Regular compliance checks.
Clear responsibilities during employee onboarding and offboarding.
③ Physical Measures
Access control systems in offices and server rooms.
Storage facilities located in restricted security zones with access logs.
Note: The Company is not responsible for damages caused by user negligence (e.g., leaked IDs/passwords).
11. Privacy Officers
For inquiries, complaints, or suggestions related to privacy, please contact:
Service | Role | Contact |
|---|---|---|
Ryntra AI Service | Privacy Officer: Seongwook Hwang (CEO) | ceo@stephow.me |
Ryntra AI Service | Responsible Department: CTO Jihyung Cha | cto@stephow.me |
External consultation is also available via:
Personal Information Infringement Report Center: http://privacy.kisa.or.kr / 118
Supreme Prosecutors’ Office Cybercrime Division: http://www.spo.go.kr / 1301
Korean National Police Agency Cyber Bureau: http://cyberbureau.police.go.kr / 182
12. Scope of Application
This Privacy Policy applies to the Ryntra AI Service. If redirected to other websites, their respective privacy policies apply. Users should review each website’s policies.
13. Amendments to the Privacy Policy
This Privacy Policy is publicly available for easy access. Updates may be made to reflect legal or service changes.
Minor changes: effective 7 days after posting.
Significant changes (e.g., new data collected or new purposes): notified at least 30 days in advance.
Previous versions will remain available for reference.