Bodalive Co., Ltd. (the "Company") values users' personal information and complies with relevant laws, including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection. Through this Privacy Policy, the Company informs users of the purposes and methods for which the personal information they provide is used, and of the measures taken to protect personal information.
1. Personal Information Collected and Methods of Collection
A. Items Collected
| Category | Items Collected | Time of Collection |
|---|
| Required (email sign-up) | Email address, password (stored encrypted), nickname | At registration |
| Required (social sign-up) | Email address, profile name, profile image (based on Google account) | At Google sign-in |
| Automatically collected | IP address, browser type and version, operating system, access date and time, pages visited, referral URL, cookies, device identifiers | During service use |
| At inquiry | Name, email, inquiry content | When submitting a customer inquiry |
B. Methods of Collection
- Direct entry by the user during registration and service use;
- Social login through affiliated external authentication services such as Google;
- Information automatically generated and collected during service use (cookies, access logs, etc.).
2. Purposes of Collecting and Using Personal Information
- Membership registration and management: identity verification, provision of membership services, prevention of fraudulent use, confirmation of intent to register, complaint handling, delivery of notices.
- Service provision: provision of Content, personalized features such as bookmarks (library), reading history, and view settings, and response to customer inquiries.
- Service improvement and operation: analysis of usage statistics, development of new services, service improvement, identification of access frequency, and optimization of the usage environment.
- Advertising: measurement and improvement of advertising effectiveness, and optimization of ad display based on de-identified statistics.
- Prevention of fraudulent use and security: detection of abnormal access, ensuring service stability, and incident response.
3. Retention and Use Period of Personal Information
The Company destroys the relevant information without delay after the purpose of collection has been achieved. However, where retention is required by applicable laws, the Company retains it for a certain period as follows.
- Upon withdrawal: destroyed immediately upon withdrawal (provided that, where a statutory retention period below applies, the information is stored separately for that period)
- Records on contracts or withdrawal of subscription: 5 years (Act on the Consumer Protection in Electronic Commerce, etc.);
- Records on consumer complaints or dispute handling: 3 years (Act on the Consumer Protection in Electronic Commerce, etc.);
- Login records (access logs): 3 months (Protection of Communications Secrets Act).
4. Provision of Personal Information to Third Parties
The Company does not provide users' personal information to external parties beyond the scope notified in this Policy. However, the following are exceptions.
- Where the user has explicitly consented in advance to the provision to a third party;
- Where required by the provisions of law, or where an investigative agency requests it for investigative purposes in accordance with the procedures and methods prescribed by law;
- Where the information is processed into a form that cannot identify individuals and provided for purposes such as compiling statistics or academic research.
5. Entrustment of Personal Information Processing
The Company may entrust personal information processing tasks to external parties as follows in order to provide the Service smoothly.
| Trustee | Entrusted Task |
|---|
| Google LLC | Member authentication through social login (OAuth 2.0) |
| Resend, Inc. | Sending registration verification emails and password reset emails |
If a trustee is added or changed, it will be announced through an amendment to this Policy. When concluding an entrustment contract, the Company specifies in the contract matters such as compliance with personal information protection laws and restrictions on re-entrustment in order to ensure the safety of personal information protection, and manages and supervises the trustee's compliance.
6. Overseas Transfer of Personal Information
The Company provides the Service through the overseas trustees listed in "Section 5, Entrustment of Personal Information Processing" of this Policy (Google LLC, Resend, Inc., etc.), and accordingly some personal information may be transferred overseas. The items and purposes of the personal information transferred are limited to the scope of the entrusted tasks, and the Company takes safe protective measures in accordance with applicable laws.
7. Users' Rights and How to Exercise Them
Users may exercise the following rights at any time.
- Request to access and correct personal information;
- Request to suspend the processing of personal information;
- Request to withdraw membership and delete personal information.
The above rights may be exercised through the "Account Information" screen on My Page within the Service or through customer support.
8. Procedures and Methods for Destroying Personal Information
- Destruction procedure: personal information for which the purpose of collection has been achieved is moved to a separate database (a separate document file in the case of paper) and destroyed after the retention period under internal policy and applicable laws has elapsed.
- Destruction method: personal information in the form of electronic files is deleted using a technical method that makes recovery impossible, and personal information printed on paper is destroyed by shredding or incineration.
9. Technical and Administrative Measures for Protecting Personal Information
- Password encryption: members' passwords are stored and managed using one-way encryption (hashing) and cannot be restored to plain text.
- Encryption in transit: personal information is encrypted and transmitted via HTTPS (SSL/TLS).
- Access control: access to personal information is limited to the minimum number of personnel, and access records are managed.
- Preparation against hacking, etc.: inspections and updates to respond to security vulnerabilities are performed periodically.
10. Operation of Cookies and Similar Technologies
The Company uses technologies such as cookies and local storage to provide customized services to users and to improve the service usage environment.
- Purpose of use: maintaining login status, saving user settings such as dark mode, saving non-members' reading history, analyzing service usage statistics, and measuring advertising effectiveness.
- How to refuse: users may refuse to store cookies or delete them through the settings of the web browser they use. However, if you refuse to store cookies, the use of some services, such as maintaining login and reading history, may be restricted.
11. Advertising and Analytics Tools
The Company may use usage statistics analysis tools and third-party advertising networks to improve the Service and display advertisements effectively. Such tools may collect de-identified information through cookies or de-identified device identifiers. Users may refuse tracking through the opt-out features provided by such tools.
12. Personal Information of Children Under the Age of 14
The Company, in principle, does not allow membership registration of children under the age of 14, and does not collect the personal information of children under the age of 14. If it is confirmed that the personal information of a child under the age of 14 has been collected without the consent of a legal representative, the Company will delete such information without delay.
13. Personal Information Protection Officer
The Company designates a Personal Information Protection Officer as follows in order to protect users' personal information and handle complaints related to personal information.
Users may report to the Personal Information Protection Officer any personal information protection inquiries, complaints, or requests for remedy that arise while using the Service.
14. Remedies for Infringement of Rights
If you need to report or consult about an infringement of personal information, you may contact the following agencies.
- Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office Cybercrime Investigation Division: 1301 (www.spo.go.kr)
- National Police Agency Cyber Investigation Bureau: 182 (ecrm.cyber.go.kr)
15. Revision History
- Effective date: May 5, 2026