Privacy Policy

AILIKE.ME Inc. (hereinafter referred to as 'the Company') establishes and discloses the following privacy policy to protect the personal information of data subjects in accordance with the Personal Information Protection Act and to handle related complaints promptly and smoothly.

Article 1 Purpose of Collecting and Using Personal Information
  1. The personal information collected by the Company is used for the following purposes and is not used for purposes other than the following:
    2.
    1. Member management: Confirmation of intention to join, identification and authentication of members for providing membership services, maintaining and managing membership, preventing fraudulent use of services, and various notifications.
      2.
    2. Provision of messaging services: Providing message sending and receiving services and identifying users within the service, verifying age, connecting with accounts created through other services or intermediaries, inviting friends, and providing other content and additional services.
      3.
    3. Provision of AI chatbot services: The Company's AI chatbot service includes chatbot services that can freely converse with users through web or new application messengers. Basically, conversations about users in the chat application are used for experiencing and using the Company's services, enhancing understanding of the services, and analyzing collected chat data (excluding personal information). However, even if the conversation is in the existing chat application, if the user agrees to the collection and use of personal information by the Company and voluntarily inputs personal information in the messenger chat, the personal information input by the user can be processed to provide appropriate responses and content, and personalized content (including messages, audio, video, gifts, etc.) to the user if necessary.
      4.
    4. Provision of other application services: Providing services such as conversation summaries and cumulative statistics.
      5.
    5. Improvement of AI model conversation algorithms: Conversations exchanged by users in the messenger may be used to improve the conversation algorithms of AI model. Here, the AI model includes AI models provided by other companies to the company's platform. In other words, in order to improve the conversation algorithm of other companies' AI models deployed on the company's platform, the company may provide the usage data of the corresponding AI model to other companies. However, conversations exchanged by users are used only within the scope of the Personal Information Protection Act after strict de-identification measures (pseudonymization, anonymization, etc.) have been taken.
      6.
    6. Service performance improvement: Understanding usage records of users such as error occurrence records, improper usage records, and utilizing them to improve the usage environment through user surveys for service improvement purposes.
      7.
    7. Development of new services and utilization in marketing and advertising: Developing new character chatbots, researching and developing language-based AI technologies including chatbot algorithms, providing customized services, providing services and advertising based on statistical characteristics, verifying service effectiveness, providing and participating in events and advertising information, understanding access frequency, and providing statistics on service usage by members.
      8.
Article 2 Items of Personal Information Collected and Collection Methods
  1. Items of personal information collected
    The Company collects the following information to process conversations with users and provide basic messaging and conversation content and functions. The collected information is also used to understand improper usage records and improve AI conversation algorithms.
    2.
    1. Member information: Name, nickname, gender, date of birth, phone number, email, device information (including model name, mobile carrier, OS, unique device identifier, advertisement ID, time information, etc.), application information (version, etc.), linked account information (information such as identifiers provided by relevant services such as KakaoTalk and SNS for social login functions, etc.), payment information, credit card information, payment amount
      2.
    2. Information on messages exchanged with AI chatbots or other users (message transmission time, message content (including multimedia materials such as emoticons, stickers, images, videos, voices, etc.)), user reactions, status information displayed to others, gift information exchanged (including all information related to payment information, gift items, date, address, phone number, etc.)
      3.
    3. Other service usage records of users (including improper usage records)
      4.
  2. Methods of collecting personal information
    The Company collects personal information through the following methods:
    3.
    1. Collection through the input of personal information during the membership registration process
      2.
    2. Collection through voluntary provision by users during service use
      3.
    3. Collection generated and automatically collected during the service use process
      4.
    4. Collection received from SNS, etc., for providing linked services
      5.
Article 3 Period for Processing and Retaining Personal Information
  1. The Company processes and retains personal information within the period agreed upon when collecting personal information from data subjects or within the period prescribed by law. Each personal information processing and retention period is as follows:
    2.
    1. Membership registration and management on the website: Until the business operator/organization withdraws from the website
      2.
    2. Related to service use: Until the specific use purpose of each service is achieved (it is difficult to specify the end point of achieving the use purpose due to the nature of the chat service)
      3.
    3. However, in cases falling under the following reasons, until the end of the relevant reasons:
      4.
      1. If investigations, etc., are in progress due to violations of related laws, until the end of the relevant investigations
        2.
      2. If there are outstanding debts or obligations arising from the use of the service, until the settlement of such debts or obligations
        3.
    4. Retention of information based on company internal policies
      5.
      1. Retention period for records of fraudulent use: 3 years for preventing fraudulent use of personal information
        2.
      2. Blocking fraudulent acts such as repeated arbitrary cancellations, illegal receipt of economic benefits such as discount coupons, free services provided by the Company, and event benefits, and identity theft: Name and contact connection information until 6 months after membership withdrawal
        3.
      3. Retention of service usage records: Until the purpose of improving user experience and enhancing service performance research is achieved
        4.
      4. Retention of de-identified service usage records: Until the purpose of research for improving AI conversation algorithms is achieved
        5.
    5. Retention of information in accordance with related laws
      In accordance with the provisions of the Commercial Act, the Act on Consumer Protection in Electronic Commerce, etc., and related laws, the Company retains member information for a certain period as stipulated by the related laws. In this case, the Company uses the retained information only for the purpose of retention, and the retention periods are as follows:
      6.
      1. Retention of records related to contracts or withdrawal of subscription: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
        2.
      2. Retention of records related to payment and supply of goods, etc.: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
        3.
      3. Retention of records related to consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
        4.
      4. Retention of communication confirmation data:
        In accordance with the "Protection of Communications Secrets Act", 1 year for subscriber telecommunication date and time, start and end time, counterparty subscriber number, usage frequency, location tracking data of the base station
        3 months for computer communication, internet log records, access tracking data
        5.
Article 4 Provision of Personal Information to Third Parties
  1. The Company processes personal information within the scope specified for the purpose of processing personal information, and provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as with the consent of the data subject or as specifically provided by law, and does not provide personal information to third parties beyond this scope.
  2. For smooth service provision, the Company obtains the consent of the data subject and provides the minimum necessary information within the scope required. The Company uses personal information within the scope notified in the "Purpose of Collecting and Using Personal Information" and, in principle, does not use or disclose the user's personal information to external parties without prior consent from the user. However, in the following cases, personal information can be used and provided with caution:
    3.
    1. If users have given prior consent to disclosure: Before collecting or providing information, users will be informed of the business partner, the purpose of collection/provision, and the period and method of protection/management, and will go through a procedure to obtain consent. If the user does not agree, additional information will not be collected or shared with business partners.
      2.
    2. According to the "Guidelines for Processing Pseudonymized Information" announced by the Personal Information Protection Commission in September 2020, after de-identification and appropriateness assessment have been completed, if it is judged as pseudonymized or anonymized information.
      3.
    3. If there is a legal provision or if there is a request from an investigation agency in accordance with the procedures and methods prescribed by the law for investigation purposes.
      4.
    4. In case of an emergency such as a disaster, infectious disease, urgent life-threatening incident, or significant property loss, in accordance with the "Guidelines for Processing and Protecting Personal Information in Emergency Situations" jointly announced by the relevant government departments.
      5.
Article 5 Outsourcing of Personal Information Processing
  1. The Company outsources personal information processing tasks as follows for smooth personal information processing.
    Trustee (Recipient) Outsourced Tasks Retention and Usage Period
    Amazon Web Services Data and infrastructure management for service provision and analysis Until the purpose of using personal information is achieved or the outsourcing contract ends
    Google Cloud Platform Data and infrastructure management for service provision and analysis Until the purpose of using personal information is achieved or the outsourcing contract ends
    OpenAI Data and infrastructure management for service provision and analysis Until the purpose of using personal information is achieved or the outsourcing contract ends
    Sentry Data and infrastructure management for service provision and analysis Until the purpose of using personal information is achieved or the outsourcing contract ends
    Firebase Data and infrastructure management for service provision and analysis Until the purpose of using personal information is achieved or the outsourcing contract ends
    Appsflyer Data and infrastructure management for service provision and analysis Until the purpose of using personal information is achieved or the outsourcing contract ends
  2. When concluding an outsourcing contract, the Company specifies matters concerning the prohibition of personal information processing for purposes other than the performance of entrusted tasks, technical and managerial protective measures, restrictions on re-entrustment, management and supervision of the trustee, compensation for damages, etc., in accordance with Article 26 of the Personal Information Protection Act, and supervises whether the trustee processes personal information safely.
    3.
  3. If the content or trustee of the outsourced tasks changes, the Company will promptly disclose it through this privacy policy.
    4.
Article 6 Procedure and Method of Personal Information Destruction
  1. The Company promptly destroys personal information when it becomes unnecessary due to the expiration of the retention period, achievement of processing purposes, etc.
    2.
  2. If the retention period of personal information consented by the data subject has expired or the processing purpose has been achieved, but the Company is required to continue retaining personal information according to other laws, the Company moves the personal information to a separate database (DB) or changes the storage location to retain it.
    3.
  3. The procedure and method of personal information destruction are as follows:
    4.
    1. Destruction procedure: The Company selects personal information for which the destruction reason has occurred and destroys the personal information with the approval of the Company's personal information protection officer.
      2.
    2. Destruction method: Personal information printed on paper is destroyed by shredding or incineration. Electronic files are destroyed using technical methods that prevent the records from being restored.
      3.
Article 7 Rights and Obligations of Data Subjects and Legal Representatives and How to Exercise Them
  1. Data subjects can exercise their rights to request access, correction, deletion, and suspension of processing of personal information to the Company at any time.
    2.
  2. The exercise of rights under Paragraph 1 can be made to the Company through written documents, e-mail, fax, etc., in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take prompt action.
    3.
  3. The exercise of rights under Paragraph 1 can be made through a legal representative of the data subject or a person authorized by the data subject. In this case, a power of attorney must be submitted in accordance with the form of Annex No. 11 of the "Notice on the Processing Method of Personal Information (No. 2020-7)".
    4.
  4. The request for access and suspension of processing of personal information may be restricted according to Articles 35, Paragraph 4, and 37, Paragraph 2 of the Personal Information Protection Act.
    5.
  5. The request for correction and deletion of personal information cannot be made if other laws specify that the personal information must be collected.
    6.
  6. The Company verifies whether the person requesting access, correction, deletion, or suspension of processing is the data subject or a legitimate representative when a request is made in accordance with the data subject's rights.
    7.
Article 8 Measures to Ensure the Safety of Personal Information
  1. The Company takes the following measures to ensure the safety of personal information:
    2.
    1. Managerial measures: Establishment and implementation of internal management plans and regular employee training
      2.
    2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, and installation and updates of security programs
      3.
    3. Physical measures: Access control to computer rooms and data storage rooms
      4.
Article 9 Criteria for Judging Additional Use and Provision
  1. The Company may additionally use and provide personal information without the consent of the data subject, considering the matters specified in Article 14-2 of the Enforcement Decree of the Personal Information Protection Act, in accordance with Article 15, Paragraph 3, and Article 17, Paragraph 4 of the Personal Information Protection Act. Accordingly, the Company has considered the following matters to additionally use and provide personal information without the consent of the data subject:
    2.
    1. Whether the purpose of additional use and provision of personal information is related to the original purpose of collection
      2.
    2. Whether the additional use and provision can be foreseen in light of the circumstances under which the personal information was collected or processing practices
      3.
    3. Whether the additional use and provision unfairly infringe on the interests of the data subject
      4.
    4. Whether necessary measures such as pseudonymization or encryption have been taken to ensure safety
      5.
    5. The criteria for judging additional use and provision may be independently written and disclosed by the Company.
      6.
Article 10 Processing of Pseudonymized and Anonymized Information
  1. The Company takes technical, managerial, and physical measures necessary for ensuring safety, such as establishing and implementing internal management plans, separating storage of pseudonymized information and additional information, separating access rights, and creating and retaining processing records, to safely manage pseudonymized information in accordance with the Personal Information Protection Act. The Company processes pseudonymized information as follows for purposes such as statistics, scientific research, and public record preservation:
    2.
    1. Matters concerning the processing of pseudonymized information
      Category Purpose of Processing Processing Items Retention and Usage Period
      Research for improving service quality Enhancing the appropriateness of responses to chats, improving algorithms, etc. Data generated during the service usage process (chat records, feedback, etc.) Until data analysis and research purposes are achieved
    2. Matters concerning the outsourcing of pseudonymized information processing
      Trustee (Recipient) Outsourced Tasks Retention and Usage Period
      Amazon Web Services Data and infrastructure management for service provision and analysis Until the purpose of using personal information is achieved or the outsourcing contract ends
      Google Cloud Platform Data and infrastructure management for service provision and analysis Until the purpose of using personal information is achieved or the outsourcing contract ends
      OpenAI Data and infrastructure management for service provision and analysis Until the purpose of using personal information is achieved or the outsourcing contract ends
      Sentry Data and infrastructure management for service provision and analysis Until the purpose of using personal information is achieved or the outsourcing contract ends
      Firebase Data and infrastructure management for service provision and analysis Until the purpose of using personal information is achieved or the outsourcing contract ends
      Appsflyer Data and infrastructure management for service provision and analysis Until the purpose of using personal information is achieved or the outsourcing contract ends
Article 11 Matters Concerning the Personal Information Protection Officer
  1. The Company designates the following person as the personal information protection officer to take overall responsibility for the processing of personal information and to handle complaints and remedies related to personal information processing. Data subjects can request access to personal information under Article 35 of the Personal Information Protection Act to the department below. The Company will strive to promptly process data subjects' requests for access to personal information.
    Personal Information Protection Officer
    Person in charge: Harhim Park
    Position: CEO
    Contact: webmaster@ailike.me
Article 12 Remedies for Infringement of Data Subject's Rights
  1. Data subjects can seek dispute resolution or consultation from the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center of the Korea Internet & Security Agency, etc., for remedies for personal information infringement. For other reports and consultations regarding personal information infringement, please contact the following institutions.
    2.
    1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
      2.
    2. Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
      3.
    3. Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
      4.
    4. Cyber Investigation Bureau of the National Police Agency: 182 (ecrm.cyber.go.kr)
      5.
  2. Persons whose rights or interests have been infringed upon by the disposition or omission of a public institution's head in response to requests under Articles 35 (Access to Personal Information), 36 (Correction or Deletion of Personal Information), and 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act can request an administrative appeal in accordance with the Administrative Appeals Act.
    ※ For details on administrative appeals, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr).
    3.
Supplementary Provisions
This Privacy Policy is effective from August 12, 2024.