Article 1 (Purpose)

These terms and conditions stipulate matters related to the security and privacy of data collected, processed, and shared when using the services provided by [kmindr] (hereinafter referred to as the 'Company'). And the Company prioritizes the protection of users' personal information.

Article 2 (Definitions)

The definitions of terms used in this Terms and Conditions in relation to data security are as follows.
1. "Third-party" means an external individual or enterprise that is not directly related to a transaction or contract between the company and the user.
2. "Personal Information" means information about surviving individuals that can be identified by name, social security number and video (including those that can be easily combined with other information, even if that information alone cannot identify a specific individual).
3. 'Health information' means information related to an individual's health status.
4. "Use Data" means data generated by users in the process of using the service.
5. Sensitive information refers to information on ideas, beliefs, union and political party membership, political views, health, and sex life that may significantly infringe on the privacy of information subjects.

Article 3 (Importance of Data Security)

The company is clearly aware of how data is collected and shared, and prioritizes user privacy and security.

Article 4 (Data types collected by the website)

• 1. Privacy: Name (optional), Email address (optional), User ID
• 2. Device information: abnormal termination log, diagnostic data, other app performance data, IP address
• 3. Results of a survey to find out the type of meditation and health information of users
• 4. Other data needed: Other data needed to provide and improve services.

Article 5 (Data Sharing)

• 1. The Company shares data with third parties only when legally required or with the user’s explicit consent.
• 2. The types of data that are shared may include personal information and other necessary data.
• 3. The company complies with relevant laws and regulations when sharing data, and provides it in an anonymous form or with the consent of the user.
• 4. If the kmindr membership is provided through an employer, the Company may share personal data with the employer only after obtaining the user's explicit consent.
• 5. The company will share the session-related information only in an anonymous format if the kmindr service is purchased by the employer.

Article 6 (Purpose of Data Utilization)

• 1. Service delivery and improvement: website feature analysis, customization, website performance improvement
• 2. Advertising and Marketing: Advertising/Marketing, User Interest-Based Analysis
• 3. Account Management: Account Management, Developer Communication
• 4. Others: website optimization, stability guarantees, fraud prevention, inquiry handling

Article 7 (Data Encryption and Transmission)

The company encrypts the data over a secure connection to transfer it securely.

Article 8 (Data archiving and deletion)

• 1. The Company retains data for the minimum period necessary based on applicable laws or the purpose of collection, and deletes it promptly after the retention period expires.
• 2. Users can request the company to delete the data, and the company deletes it without delay unless there is a good reason.

Article 9 (Rights of Users)

Users can exercise the following rights.

• 1. Users may exercise their rights by contacting the Company via email [e.g., support@kmindr.com], and the Company will respond within 30 days.
• 2. Request for access to personal information: You may request access to the user's personal information held by the company.
• 3. Request for correction or deletion of personal information: You may request correction or deletion of the user's personal information held by the company.
• 4. Request to stop processing personal information: You may request to stop processing your personal information held by the company.
• 5. Withdrawal of Consent: You may withdraw your consent to collect, use, or provide personal information.

Article 10 (Using Third-Party Providers)

The company processes data using a variety of third-party providers to provide a functional and user-friendly website, and contracts with them to ensure an appropriate level of data protection.

Article 1 (General Rules)

1. This personal information processing policy was enacted to protect the personal information of users who use the services provided by kmindr (hereinafter referred to as the 'Service') and to protect the rights and interests of users related to personal information.
2. The Company shall comply with relevant laws and regulations, such as the Act on Promotion of Information and Communication Network Utilization and Information Protection, and the Act on the Protection of Personal Information in Korea, and will provide detailed information on the items of personal information collected through this personal information processing policy, the purpose of use, the period of possession and use, and the procedure for destruction. The Company complies with relevant data protection laws of the Republic of Korea, as well as applicable privacy regulations of the user’s country of residence (such as the GDPR or CCPA). In the case of mandatory legal provisions in the user’s jurisdiction, those provisions shall take precedence.
3. When the Company amends this Privacy Policy, it will notify users at least seven (7) days prior to enforcement via website announcements or appropriate channels such as email. If the changes materially affect users’ rights or obligations, the Company may seek renewed consent where required by applicable law.

Article 2 (Collection and Use of Personal Information)

1. The Company collects the minimum amount of personal information necessary for the following purposes.

• Membership registration and management: membership registration, identification, prevention of defective use, withdrawal of membership, etc
• Service delivery and operation: Content provision, customized service provision, payment and settlement of paid services, service usage records management, etc
• Customer consultation and inquiry handling: Complaint reception, complaint handling, etc
• Service improvement and marketing utilization: developing new services, providing customized services, statistical analysis of service usage, providing event and advertising information, etc

• Upon membership:
• When you sign up for social login: Social media account (including email address format), name (or nickname), profile image, social login unique identification number
• When you sign up for email membership: email address, password, name (or nickname)
• Auto-generated information: device information (model name, OS information, device token of mobile phone and smart OS device), advertising identifier (Google ADID, Apple IDFA), IP address, cookie, date and time of visit, bad usage record, service usage record
• When paying for paid services: Credit card information, deposit information without a bankbook, carrier information, prepaid number, and other payment-related information
• When inquiring about the sending of events, promotions, prizes, and services: Additional information can be collected with consent after informing the purpose of collection and the storage period in advance

• If the user enters it directly: In the process of signing up for membership and using the service, enter it directly
• Collection through partnerships and partners: Supplied by partners when using partnership services
• Automatic collection: Automatic creation and collection while using the website
• Voluntary provision of users: Voluntary provision and consent in the process of using other services

Article 3 (Period of possession and use of personal information)

1. The Company retains personal data only for the minimum period necessary to fulfill the purpose of collection or to comply with legal obligations. After this period, data will be securely deleted without undue delay. Users may request the deletion of their personal data, and unless the Company has a legitimate legal reason to retain it, the data will be deleted within 30 days of the request.
2. In principle, the retention period of personal information is as follows.

• Membership and management: until membership withdrawal request
• Service provision: Until the completion of service use and payment and settlement of charges are completed
• Purpose of advertising and marketing: Until withdrawal of consent or withdrawal of membership
• However, even if a member deletes the website, his or her personal information may not be deleted if he or she does not request withdrawal, so if he or she wants to delete it completely, he or she must request withdrawal.

• Records on Electronic Financial Transactions: 5 years under the Electronic Financial Transactions Act of Korea
• Contracts, withdrawal of subscription, payment and records of supply of goods: 5 years in accordance with the Act on the Protection of Consumers in Korea in Electronic Commerce, etc
• Record of Consumer Complaints and Disputes: 3 years in accordance with the Korean Act on Consumer Protection in Electronic Commerce, etc
• Record of display and advertisement: 6 months in accordance with the Act of the Republic of Korea on Consumer Protection in Electronic Commerce, etc
• Website Visits Record: 3 Months Under Korea's Communications Secret Protection Act

• Where an investigation or investigation is in progress in violation of laws and regulations of the Republic of Korea: Until the relevant investigation or investigation is completed
• Where there is a bond-debt relationship, such as a refund or refund: Until the settlement is completed

Article 4 (Cross-border Data Transfers and Safeguards)

1. In order to improve services, the company entrusts personal information to an external contractor or service for processing, and the entrusted personal information is safely destroyed as soon as the relevant work is completed.
2. The Company may store or process personal data on servers located outside of the user's country, including through services such as Amazon Web Services or Google Cloud. In such cases, the Company takes appropriate technical and organizational measures in accordance with applicable laws (e.g., GDPR) to ensure the data is securely protected. If personal data is transferred to a country without an adequacy decision, the Company ensures the protection of data through mechanisms such as Standard Contractual Clauses (SCCs) or equivalent safeguards.

Article 5 (Installation, operation, and rejection of automatic personal information collection devices)

1. Definition and Purpose of Use of Cookies
*Companies can automatically collect and utilize information through cookies and similar technologies to provide users with improved customized services.
*A cookie is a small text file that a website server sends to a user's browser and stores on a computer, recording the user's website access information and usage patterns.
*The company utilizes cookies and similar technologies for the following purposes.
-User-friendly, efficient and secure operation of the website
-Analysis of access frequency and visit time
-Provide customized services and advertisements by identifying user preferences and interests
-Target marketing through event participation rate and number of visits
-Detects abnormal activities such as illegal access, spam, malicious code, etc
-Analyzing user preferences and improving websites
2. Types of cookies
-Mandatory Cookies: Cookies that are essential for the normal operation of the website and the maintenance of user logins, are used based on legitimate interests to provide basic functions of the website and do not require user consent.
-Advanced Cookies: Cookies used to analyze user preferences and improve websites, for the purpose of providing customized services and advertisements and requiring user consent.
3. Managing Cookies
-The company provides a pop-up of instructions on the use of cookies on users' first visit to their website.
-Users can change cookie settings through the 'Cookie Management' page on the website or through web browser settings.
-Users can choose whether to save cookies by themselves in the following ways.
Internet Explorer: [Tools] → [Internet Options] → [Personal Information] → Adjust the cookie acceptance level
Chrome: [Settings] → [Personal Information and Security] → [Cookie and Other Site Data]
Safari: [Settings] → [Privacy] → [Block All Cookies]
4. Disabling cookies and limiting services
-If users refuse or disable cookie saving, some features of the website may be restricted.
-The company is not responsible for restrictions on the use of the service due to cookie deactivation.
5. Processing Personal Information
-Personal information collected through cookies is safely managed according to the company's personal information processing policy. For more information, please refer to the company's personal information processing policy.
6. Change Terms and Conditions
-The company may change the terms and conditions of this cookie according to the relevant laws and services. When changing the terms and conditions, the changes and the date of application will be notified on the website.

Article 6 (Procedures and Methods for Destruction of Personal Information)

1. When the purpose of collecting and using personal information is achieved, the company destroys it without delay.
2. The destruction procedure is as follows.
-The information entered by the user is moved to a separate DB or mailbox after the purpose is achieved and destroyed after the storage period according to internal policies and laws.
-Personal information stored in a separate DB will not be used for any other purpose unless required by law.
3. The method of destruction is as follows.
-Electronic files: unrecoverable technical deletion
-Paper document: shredding or incineration
-Storage media (disk, etc): format processing
4. Accounts that have not been logged in for more than a year will be converted into dormant accounts and managed separately, and users will be notified by e-mail one month before the dormant processing. Personal information of dormant accounts will be immediately destroyed three years after the start of separate storage. However, personal information that has not been destroyed will be provided again when users request service resumption.

Article 7 (Safety Measures for the Protection of Personal Information)

1. The company takes the following safety measures to ensure that users' personal information is not lost, stolen, leaked, forged, altered or damaged.
-Administrative action: Establish and execute internal management plans, minimize personal information handling staff, and train regular security
-Technical measures: Systematic management of access rights to personal information processing systems, operation of security systems for access control, encryption of unique identification information or application of equivalent protection measures, installation of security programs and regular updates, storage of access records, and implementation of measures to prevent forgery and alteration
2. In principle, the company does not provide the user's personal information to the outside world. However, it may be provided in accordance with the procedures and methods set forth in the relevant laws and regulations if required under the Korean law or upon the official request of an investigative agency.

Article 8 (The rights and methods of exercise of users and legal representatives)

1. Users may exercise the following rights related to the protection of personal information at any time.
-Request to view personal information
-Request for error correction
-Request to delete
-Request to suspend processing
2. Users have the right to request access to, correction of, deletion of, or restriction of processing of their personal data at any time. Users may also withdraw consent for the collection, use, or sharing of their personal data. Requests can be submitted via email (e.g., support@kmindr.com), and the Company will respond within 30 days, unless there is a legitimate reason to refuse, in which case the reason will be communicated to the user.
3. The legal representative or delegated person of the user can exercise the right, and when delegated, a power of attorney in accordance with the attached Form 11 of the Enforcement Rules of the Personal Information Protection Act of the Republic of Korea must be submitted.
4. Users and legal representatives can inquire, modify, or terminate (withdraw) their registered personal information. You can directly modify it through 'Change personal information (modify member information)', or you can withdraw through the identity verification process after clicking 'Withdraw membership', and it will be processed immediately upon request by writing, phone, or e-mail. In the event of an error correction request, the use and provision of personal information will be restricted until the correction is completed, and in the case of personal information already provided, the revised information will be notified to the third party immediately.
5. Personal information that has been terminated or deleted at the request of the user or legal representative shall be managed according to the retention and use period, and such personal information may not be viewed or used for any purpose other than the designated purpose.

Article 9 (Designation of Data Protection Officer and Customer Service Representative)

1. To ensure the protection of personal information and to handle user inquiries or complaints, the Company designates the following Data Protection Officer (DPO) and Customer Service Representative:
-Name: Shingon Kim (CEO)
-Email: support@kmindr.com
-Phone: 010-8567-6811 (for users in South Korea)
※ For users outside of South Korea, please contact us via email at support@kmindr.com.
※ Inquiries related to personal information may be submitted via email and will be answered within 7 days of receipt.
2. Users may submit privacy-related inquiries, requests, or complaints to the contacts above. The Company will provide prompt and adequate responses within a reasonable timeframe.
3. If users need to report or consult on personal data violations, they may contact the relevant authorities listed below.
-Personal Information Dispute Mediation Committee: 1833-6972 / www.kopico.go.kr
-Personal Information Infringement Report Center: 118 / privacy.kisa.or.kr
-Supreme Prosecutors' Office Cyber Crime Division: 1301 / www.spo.go.kr / cid@spo.go.kr
-Cyber Bureau, National Police Agency: 182 / cyberbureau.police.go.kr
-International authorities: European Data Protection Board (EDPB), U.S. state privacy agencies, etc.
4. Email addresses posted on this website are strictly prohibited from being collected without authorization. Violators may be subject to legal penalties under applicable laws.

Article 10 (Amendments and Notification of the Privacy Policy)

1. The Company may update this Privacy Policy due to changes in relevant laws, security technology improvements, or service modifications.
2. Any changes will be notified at least 7 days in advance via the website and/or email. The revised policy will take effect 7 days after the announcement date.
3. If a user does not agree to the revised policy, they may stop using the service. Continued use will be regarded as consent to the revised policy.

Article 11 (Governing Law)

This Privacy Policy and all matters related to data protection shall be governed by the laws of the country in which the Company is incorporated. However, where the mandatory laws of the user's country of residence require otherwise, such laws shall take precedence.

Addendum: This Privacy Policy takes effect as of September 1, 2025. It complies with relevant domestic and international data protection laws. In cases where mandatory provisions of a user’s country apply, such provisions shall prevail. The latest version of this Privacy Policy is available on the Company’s website.

Privacy Policy (Effective September 1, 2025)
--------------------------------------------------
*Company Name: kmindr
*Business Registration Number: 000-00-00000
*E-Commerce Registration Number: No. 2020-Daegu-00000
*Representative: Shingon Kim
*Address: Beomeo-ro 61, 101-1806, Suseong-gu, Daegu, Republic of Korea, ZIP 42094
*Data Protection Officer: Shingon Kim
*Email: support@kmindr.com
*Main Phone: 010-8567-6811
*Note: For international inquiries, please contact us via email.