Privacy Policy

AICKYWAY (hereinafter referred to as the "Company") complies with personal information protection regulations under relevant laws such as the "Personal Information Protection Act" and strives to protect users' personal information and rights. The Company informs users through this Privacy Policy about how the personal information provided by users is used, and what measures are being taken to protect personal information.

This Privacy Policy may be amended according to changes in laws and internal operating policies, and when amended, it will be announced through website notices (or individual notices).

Article 1 (Items and Purposes of Personal Information Collection)

The Company collects the following personal information within the minimum scope necessary for service provision.

Collected Items
- Required Items (Upon Registration): Email address, password, nickname
- Social Login: Member identification information and profile information (nickname, profile picture, etc.) provided by social account providers (Google, Kakao, etc.)
- Automatically Generated and Collected During Service Use: Service usage records, access logs, cookies, access IP information, device information (OS, browser type, etc.), AI prompts and generated image data
- Paid Service Use: Payment records (processed through payment processors; the Company does not directly store sensitive information such as card numbers)
Purpose of Use
- Member Management: Identity verification for membership services, confirmation of registration and withdrawal intent, prevention of unauthorized use by bad members, record preservation for dispute resolution
- Service Provision: Providing core functions such as AI image generation and sharing, content posting, personalized service recommendations
- New Service Development and Marketing: Service analysis based on demographic characteristics, access frequency tracking, providing customized advertising and information using service usage statistics
- Customer Support: Processing inquiries and complaints, delivering announcements

Article 2 (Processing and Retention Period of Personal Information)

The Company processes and retains personal information within the retention and use period required by law or the retention and use period agreed upon when collecting personal information from users. In principle, after the purpose of personal information collection and use is achieved, the information is destroyed without delay.

Member Information: Until member withdrawal. However, retained for 30 days after withdrawal for fraud prevention and dispute resolution before destruction.
Information Retained by Law:
- Records on contracts or withdrawal of subscription: 5 years (Act on Consumer Protection in Electronic Commerce)
- Records on payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce)
- Records on consumer complaints or dispute handling: 3 years (Act on Consumer Protection in Electronic Commerce)
- Website visit records: 3 months (Protection of Communications Secrets Act)

Article 3 (Provision of Personal Information to Third Parties)

The Company processes users' personal information only within the scope specified in Article 1 (Items and Purposes of Personal Information Collection), and in principle does not use it beyond this scope or disclose it externally without users' prior consent. However, the following cases are exceptions:

When the user has given prior consent to third-party provision
When required by law or when there is a request from an investigative agency following the procedures and methods prescribed by law for investigation purposes

Article 4 (Outsourcing of Personal Information Processing)

The Company may outsource personal information processing to external parties as follows for smooth service provision.

Trustee

Outsourced Task

Retention and Use Period

[Cloud Service Provider e.g., AWS, GCP]

Data storage and system operation

Until member withdrawal or termination of outsourcing contract

[Payment Processor e.g., KG Inicis, Toss Payments]

Payment processing

Until retention period required by relevant laws

The Company clearly stipulates compliance with personal information protection regulations, confidentiality of personal information, prohibition of third-party provision, and liability in case of incidents when concluding outsourcing contracts, and supervises whether trustees safely process personal information.

Article 5 (Rights of Users and Legal Representatives and How to Exercise Them)

Users may view or modify their registered personal information at any time, and may also request withdrawal (consent withdrawal). Viewing, modifying, and withdrawing personal information can be processed directly through the 'My Page' or 'Member Information Edit' function within the site, and if you contact the Personal Information Protection Officer in writing, by phone, or email, we will take action without delay.

Article 6 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

The Company uses 'cookies' to provide personalized services to users. Cookies are small text files that the server used to operate the website sends to the user's browser and are stored on the user's computer.

Purpose of Cookie Use: Analyzing users' access frequency and visit times to understand users' preferences and interests, and using them as a measure for service reorganization and personalized advertising.
Cookie Installation Rejection: Users have the option to install cookies. By setting web browser options, you can allow all cookies, verify each time a cookie is saved, or refuse to save all cookies. (Example setting method: For Chrome → Settings in upper right corner of web browser > Privacy and security > Cookies and other site data)

In particular, the Company may use cookies for personalized advertising provided by third-party advertisers such as Google AdSense. Users can disable personalized advertising in Google Ad Settings.

Article 7 (Procedure and Method of Personal Information Destruction)

The Company destroys personal information without delay when it becomes unnecessary, such as expiration of the personal information retention period or achievement of processing purposes.

Destruction Procedure: Select personal information for which destruction reasons have occurred, and destroy personal information after approval by the Personal Information Protection Officer.
Destruction Method: Personal information recorded and stored in electronic file format is deleted using technical methods that make records unrecoverable, and personal information recorded and stored in paper documents is destroyed by shredding or incineration.

Article 8 (Measures to Ensure Security of Personal Information)

The Company takes the following technical and administrative measures to ensure security so that personal information is not lost, stolen, leaked, altered, or damaged when processing users' personal information.

Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.
Technical Measures: Access authority management for personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs
Physical Measures: Access control to computer rooms, data storage rooms, etc.

Article 9 (Personal Information Protection Officer)

The Company designates the following Personal Information Protection Officer who is responsible for all personal information processing work and handles complaints and damage relief related to personal information processing.

[Personal Information Protection Officer (CPO)]

Name: Seunghoon Lim
Position: AICKYWAY / CEO
Email: [email protected]
Contact method: Use the 1:1 inquiry form on the site

If you need to report or consult about personal information infringement, please contact the following organizations:

Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
Supreme Prosecutors' Office Cyber Investigation Division (www.spo.go.kr / 1301 without area code)
National Police Agency Cyber Safety Guard (police.go.kr / 182 without area code)

Article 10 (Changes to Privacy Policy)

This Privacy Policy shall be effective from the implementation date, and when there are additions, deletions, or corrections of changes according to laws and policies, they will be announced through notices 7 days before the implementation of changes.

Addendum

Announcement Date: September 1, 2025

Effective Date: September 1, 2025