Privacy Policy
Notice Date: July 22, 2025
Effective Date: July 22, 2025
STEPHOW Inc. (hereinafter referred to as the "Company") strictly complies with the Personal Information Protection Act and all relevant privacy regulations and guidelines to ensure the secure protection of personal information.
The term "Privacy Policy" refers to the guidelines the Company must follow to protect users’ valuable personal information, thereby enabling them to use the services with peace of mind.
This Privacy Policy applies to the Wissly AI Service provided by the Company.
1. Collection of Personal Information
The Company collects only the minimum personal information necessary during the membership registration and service usage process.
CategoryCollected ItemsPurpose of UseMembership RegistrationEmail, Password, Name, Contact Information, Company Name, Affiliation/DepartmentVerify membership intent, identify users and prevent duplicate sign-ups, deliver notifications, marketing utilizationAccount RecoveryEmailVerify identity for ID or password recovery1:1 InquiriesEmail, Company Name, Name, Contact InformationCustomer support, issue handling, error checkingService ProvisionEmailProvide optimized services, introduce new services, offer personalized service guides, analyze frequency and usage statisticsEvent ParticipationEmail, Company Name, Contact Person’s Name, Contact InformationEvent management, announcement of winners, prize deliveryService Contract / Fee Settlement (for institutions)Organization Name, Representative User’s Name, Representative User’s Mobile Number, Sub-user Email Accounts, Affiliation Verification DocumentsPaid service usage, issuance of tax invoicesAutomatically Collected During Service UsageService usage records, misuse records, visit time, access logs, cookies, IP address, device information (OS, screen size, device ID, mobile model)User verification, usage statistics, fraud prevention
2. Methods of Collecting Personal Information
The Company notifies users in advance and seeks consent before collecting personal information. However, in certain cases permitted by law, information may be collected and used without consent:
When necessary to perform a contract with the data subject or take steps at the request of the data subject prior to entering into a contract.
When obtaining additional consent during the use of supplementary services or event participation.
Personal information may also be collected in the following ways:
Automatically generated and collected during PC web/app and mobile web/app usage (e.g., device information, IP address, cookies, visit time, misuse records, usage records).
Through web forms or similar methods for identity verification and user authentication.
3. Provision of Personal Information to Third Parties
The Company does not provide personal information to third parties without the user’s consent, unless required by law.
4. Outsourcing of Personal Information Processing
① The Company outsources certain tasks to third-party service providers as follows:
DelegateeOutsourced TaskRetention PeriodAWSInformation system operationUntil membership withdrawal or end of outsourcing contractToss PaymentsPurchase and fee settlement (domestic)Same as aboveChannelTalkCustomer support, sales, and marketingSame as aboveGoogleLogin servicesSame as aboveStibeeEmail deliverySame as above
② If there are any changes to the delegatees or outsourcing details, the Company will promptly disclose such updates via this Privacy Policy.
5. Overseas Transfer of Personal Information
RecipientCountryTransfer Time/MethodTransferred DataPurpose & RetentionAmazon Web Services, Inc. (aws-korea-privacy@amazon.com)Japan (Tokyo Region)Transmitted via network upon sign-up and during service usageCollected personal informationService provision until membership withdrawal or end of outsourcing contract
Users may refuse overseas transfers; however, certain services may be restricted in such cases.
6. Use of Cookies
Cookies are small text files sent by the web server to the user’s browser to store user preferences, visit history, and usage behavior, making the website faster and more convenient. Cookies do not store personally identifiable information.
Users can choose whether to allow cookie storage.
Cookie rejection settings:
Internet Explorer: [Tools > Internet Options > Privacy > Settings]
Chrome: [Settings > Advanced Settings > Privacy > Content Settings > Cookies]
7. Retention and Use Period of Personal Information
In principle, personal information is destroyed without delay once its purpose has been achieved or the retention period has expired.
To prevent repeated re-registration for improper benefits, user data (name, email, contact, company) is retained for 6 months after withdrawal.
Device ID and IP address are retained for 12 months.
Certain records are retained under applicable laws:
Data TypeLegal BasisRetention PeriodRecords of contracts/cancellationsAct on Consumer Protection in E-Commerce5 yearsRecords of payment & supply of goodsSame Act5 yearsRecords of consumer complaints/disputesSame Act3 yearsWebsite access logsCommunications Secrets Protection Act3 monthsEvent participation recordsUser consentDuration of prize contract
Inactive accounts (no login for 1 year) will be marked dormant and stored in a separate database.
8. Destruction of Personal Information
When retention periods expire or information becomes unnecessary, the Company promptly destroys personal information.
Electronic data: deleted using technical methods to make recovery impossible.
Printed documents: shredded.
9. Rights of Users and Legal Representatives
Users may exercise rights under the Personal Information Protection Act, including access, correction, deletion, and suspension of processing.
If a correction request is made, data will not be used or shared until completion.
If incorrect data has already been shared, the Company will notify third parties without delay.
Users may withdraw consent or terminate membership at any time.
These rights may also be exercised through a legal representative.
The Company will verify the requester’s identity and promptly take necessary actions in accordance with the law.
10. Measures for Security of Personal Information
① Technical Measures
Password-protected accounts, encryption, and file locking.
SSL encryption for data transmission.
Regular updates of antivirus software.
Firewalls, intrusion detection, and vulnerability scanning tools.
② Managerial Measures
Access restricted to the minimum number of personnel (e.g., marketing, customer support, data protection staff).
Regular compliance checks.
Clear responsibilities during employee onboarding and offboarding.
③ Physical Measures
Access control systems in offices and server rooms.
Storage facilities located in restricted security zones with access logs.
Note: The Company is not responsible for damages caused by user negligence (e.g., leaked IDs/passwords).
11. Privacy Officers
For inquiries, complaints, or suggestions related to privacy, please contact:
ServiceRoleContactWissly AI ServicePrivacy Officer: Seongwook Hwang (CEO)ceo@stephow.meWissly AI ServiceResponsible Department: CTO Jihyung Chacto@stephow.me
External consultation is also available via:
Personal Information Infringement Report Center: http://privacy.kisa.or.kr / 118
Supreme Prosecutors’ Office Cybercrime Division: http://www.spo.go.kr / 1301
Korean National Police Agency Cyber Bureau: http://cyberbureau.police.go.kr / 182
12. Scope of Application
This Privacy Policy applies to the Wissly AI Service. If redirected to other websites, their respective privacy policies apply. Users should review each website’s policies.
13. Amendments to the Privacy Policy
This Privacy Policy is publicly available for easy access. Updates may be made to reflect legal or service changes.
Minor changes: effective 7 days after posting.
Significant changes (e.g., new data collected or new purposes): notified at least 30 days in advance.
Previous versions will remain available for reference.