Privacy Policy
Notice Date: July 22, 2025
Effective Date: July 22, 2025
STEPHOW Inc. (hereinafter referred to as the "Company") strictly complies with the Personal Information Protection Act and all relevant privacy regulations and guidelines to ensure the secure protection of personal information.
The term "Privacy Policy" refers to the guidelines the Company must follow to protect users’ valuable personal information, thereby enabling them to use the services with peace of mind.
This Privacy Policy applies to the Wissly AI Service provided by the Company.
1. Collection of Personal Information
The Company collects only the minimum personal information necessary during the membership registration and service usage process.
Category | Collected Items | Purpose of Use |
|---|---|---|
Membership Registration | Email, Password, Name, Contact Information, Company Name, Affiliation/Department | Verify intent to register, identify users and prevent duplicate sign-ups, deliver notices, marketing utilization |
Account Recovery | Verify identity for ID or password recovery | |
1:1 Inquiries | Email, Company Name, Name, Contact Information | Customer support reception and processing, issue handling, error verification |
Service Provision | Provide optimized services, introduce new services, offer service guidance based on user characteristics, analyze access frequency and service usage statistics | |
Event Participation | Email, Company Name, Contact Person’s Name, Contact Information | Event operation, announcement of winners, prize delivery |
Service Contract and Fee Settlement (Institutions) | Organization Name, Representative User’s Name, Representative User’s Mobile Number, Sub-user Email Accounts, Affiliation Verification Documents | Paid service usage, issuance of tax invoices |
Automatically Collected During Service Usage | Service usage records, misuse records, visit time, access logs, cookies, IP address, device information (OS, screen size, device ID, mobile model) | User verification, service usage statistics, prevention of fraudulent use |
2. Methods of Collecting Personal Information
The Company notifies users in advance and seeks consent before collecting personal information. However, in certain cases permitted by law, information may be collected and used without consent:
When necessary to perform a contract with the data subject or take steps at the request of the data subject prior to entering into a contract.
When obtaining additional consent during the use of supplementary services or event participation.
Personal information may also be collected in the following ways:
Automatically generated and collected during PC web/app and mobile web/app usage (e.g., device information, IP address, cookies, visit time, misuse records, usage records).
Through web forms or similar methods for identity verification and user authentication.
3. Provision of Personal Information to Third Parties
The Company does not provide personal information to third parties without the user’s consent, unless required by law.
4. Outsourcing of Personal Information Processing
① The Company outsources certain tasks to third-party service providers as follows:
Delegatee (Service Provider) | Outsourced Task | Retention Period |
|---|---|---|
AWS | Information system operation | Until membership withdrawal or termination of the outsourcing agreement |
Toss Payments | Purchase and fee settlement (domestic) | Until membership withdrawal or termination of the outsourcing agreement |
ChannelTalk | Customer support, sales, and marketing | Until membership withdrawal or termination of the outsourcing agreement |
Login services | Until membership withdrawal or termination of the outsourcing agreement | |
Stibee | Email delivery services | Until membership withdrawal or termination of the outsourcing agreement |
② If there are any changes to the delegatees or outsourcing details, the Company will promptly disclose such updates via this Privacy Policy.
5. Overseas Transfer of Personal Information
Recipient | Country | Transfer Time & Method | Transferred Data | Purpose & Retention Period |
|---|---|---|---|---|
Amazon Web Services, Inc.(Contact: aws-korea-privacy@amazon.com) | Japan (Tokyo Region) | Transmitted via network upon membership registration and during service usage | Personal information collected during service usage | Provision of StepHouse services; until membership withdrawal or termination of the outsourcing agreement |
Users may refuse overseas transfers; however, certain services may be restricted in such cases.
6. Use of Cookies
Cookies are small text files sent by the web server to the user’s browser to store user preferences, visit history, and usage behavior, making the website faster and more convenient. Cookies do not store personally identifiable information.
Users can choose whether to allow cookie storage.
Cookie rejection settings:
Internet Explorer: [Tools > Internet Options > Privacy > Settings]
Chrome: [Settings > Advanced Settings > Privacy > Content Settings > Cookies]
7. Retention and Use Period of Personal Information
In principle, personal information is destroyed without delay once its purpose has been achieved or the retention period has expired.
To prevent repeated re-registration for improper benefits, user data (name, email, contact, company) is retained for 6 months after withdrawal.
Device ID and IP address are retained for 12 months.
Certain records are retained under applicable laws:
Retained Information | Legal Basis | Retention Period |
|---|---|---|
Records related to contracts or withdrawal of subscription | Act on Consumer Protection in E-Commerce, etc. | 5 years |
Records related to payment and supply of goods | Act on Consumer Protection in E-Commerce, etc. | 5 years |
Records related to consumer complaints or dispute resolution | Act on Consumer Protection in E-Commerce, etc. | 3 years |
Website visit records | Communications Secrets Protection Act | 3 months |
Event participation records | Consent of the data subject | Within the transaction period based on the prize fulfillment contract |
Inactive accounts (no login for 1 year) will be marked dormant and stored in a separate database.
8. Destruction of Personal Information
When retention periods expire or information becomes unnecessary, the Company promptly destroys personal information.
Electronic data: deleted using technical methods to make recovery impossible.
Printed documents: shredded.
9. Rights of Users and Legal Representatives
Users may exercise rights under the Personal Information Protection Act, including access, correction, deletion, and suspension of processing.
If a correction request is made, data will not be used or shared until completion.
If incorrect data has already been shared, the Company will notify third parties without delay.
Users may withdraw consent or terminate membership at any time.
These rights may also be exercised through a legal representative.
The Company will verify the requester’s identity and promptly take necessary actions in accordance with the law.
10. Measures for Security of Personal Information
① Technical Measures
Password-protected accounts, encryption, and file locking.
SSL encryption for data transmission.
Regular updates of antivirus software.
Firewalls, intrusion detection, and vulnerability scanning tools.
② Managerial Measures
Access restricted to the minimum number of personnel (e.g., marketing, customer support, data protection staff).
Regular compliance checks.
Clear responsibilities during employee onboarding and offboarding.
③ Physical Measures
Access control systems in offices and server rooms.
Storage facilities located in restricted security zones with access logs.
Note: The Company is not responsible for damages caused by user negligence (e.g., leaked IDs/passwords).
11. Privacy Officers
For inquiries, complaints, or suggestions related to privacy, please contact:
Service | Role / Department | |
|---|---|---|
Wissly AI Service | Chief Privacy Officer: Seongwook Hwang (CEO) | |
Wissly AI Service | Responsible Department: Jihyung Cha (CTO) |
External consultation is also available via:
Organization | Website | Phone Number |
|---|---|---|
Personal Information Infringement Report Center | 118 (no area code) | |
Supreme Prosecutors’ Office Cyber Investigation Division | 1301 (no area code) | |
Korean National Police Agency Cyber Bureau | 182 (no area code) |
12. Scope of Application
This Privacy Policy applies to the Wissly AI Service. If redirected to other websites, their respective privacy policies apply. Users should review each website’s policies.
13. Amendments to the Privacy Policy
This Privacy Policy is publicly available for easy access. Updates may be made to reflect legal or service changes.
Minor changes: effective 7 days after posting.
Significant changes (e.g., new data collected or new purposes): notified at least 30 days in advance.
Previous versions will remain available for reference.