Privacy Policy | TagStock

1. Items and Methods of Personal Information Collection

1.1 Items of Personal Information Collected

The company collects the following personal information to provide services:

Required Items:

Email Address
Password (Stored encrypted)
Name or Nickname

Optional Items:

Profile Picture
Phone Number
Company Name (for corporate members)

Automatically Collected Items:

IP Address
Cookies
Service Usage Records
Access Logs
Device Information (Browser type, OS, etc.)

1.2 Methods of Personal Information Collection

Direct input by users during sign-up and service use
Automatic collection through generated information collection tools
Collection during consultation through the customer center

2. Purpose of Collection and Use of Personal Information

The company uses the collected personal information for the following purposes:

Service Provision:

AI-based image analysis and metadata generation
Provision of customized services to members
Content provision and management
Credit management and payment processing

Member Management:

Identity verification and member identification
Prevention of unauthorized use and unauthorized access
Confirmation of intention to join
Preservation of records for dispute meditation

Service Improvement and Marketing:

Development of new services and provision of customized services
Statistics on service use
Provision of event and advertising information (only for consenting members)

3. Retention and Use Period of Personal Information

In principle, the company destroys the information without delay after the purpose of collecting and using personal information is achieved. However, the following information is preserved for the period specified below for the reasons stated:

Upon Membership Withdrawal:

Personal information destroyed immediately upon withdrawal
However, email addresses are hashed and stored for 1 year to prevent unauthorized use

Retention According to Relevant Laws:

Records on contracts or withdrawal of subscription: 5 years (Electronic Commerce Act)
Records on payment and supply of goods: 5 years (Electronic Commerce Act)
Records on consumer complaints or dispute handling: 3 years (Electronic Commerce Act)
Website visit records: 3 months (Protection of Communications Secrets Act)

4. Destruction Procedure and Method of Personal Information

Destruction Procedure:

Information entered by the user is stored for a certain period according to internal policies and relevant laws after the purpose is achieved, and then destroyed. This personal information will not be used for any purpose other than retention unless required by law.

Destruction Method:

Electronic files: Permanently deleted so they cannot be recovered or reproduced
Personal information printed on paper: Shredded with a shredder or incinerated

5. Provision of Personal Information to Third Parties

In principle, the company does not provide users' personal information to third parties. However, exceptions are made in the following cases:

When users have consented in advance
When required by law or requested by investigative agencies according to procedures and methods prescribed by law for investigative purposes

Payment Services:

Recipient: Payment gateway providers (e.g., Stripe, Toss Payments)
Purpose: Payment processing and identity verification
Items provided: Name, email, payment information
Retention and use period: 5 years after the transaction ends

6. Entrustment of Personal Information Processing

The company entrusts personal information as follows to improve services, and prescribes necessary matters so that personal information can be safely managed during trust contracts according to relevant laws:

• Supabase: Database and authentication services

• Amazon Web Services (AWS): Cloud server hosting

• Google Cloud Platform: AI model services

• Stripe: Payment and subscription management

7. Rights of Users and Legal Representatives and How to Exercise Them

Users can exercise the following rights at any time:

Request to view personal information
Request Correction of errors in personal information
Request deletion of personal information
Request suspension of personal information processing

Rights can be exercised in writing or by email, and the company will take action without delay.

8. Technical/Managerial Measures for Personal Information Protection

Technical Measures:

Encryption of personal information (passwords, sensitive information, etc.)
Installation of security programs to protect against hacking or computer viruses
Periodic security updates and inspections
Encrypted communication through SSL/TLS

Managerial Measures:

Minimization and regular training of employees handling personal information
Operation of a dedicated department for personal information protection
Access right management and access record keeping
Establishment and implementation of internal management plans

9. Operation of Cookies

The company uses cookies to provide individualized customized services to users.

Purpose of Cookie Use:

Maintaining login status
Providing user-specific customized services
Analyzing service usage statistics

How to Refuse Cookie Settings:

You can refuse to store cookies through browser settings. However, if you refuse to store cookies, you may have difficulty using some services.

10. Personal Information Protection Officer

The company is responsible for overall tasks related to personal information processing and designates a personal information protection officer as follows to handle user complaints and remedy damages related to personal information processing:

Personal Information Protection Officer

Name: TagStock Admin
Position: Privacy Team Lead
Email: privacy@tagstock
Phone: +82-2-1234-5678

11. Changes to the Privacy Policy

This Privacy Policy will be applied from January 13, 2026. If there are additions, deletions, or corrections to the content according to laws and policies, they will be notified through announcements 7 days before the implementation of the changes.

Announcement Date: January 13, 2026
Effective Date: January 13, 2026