Privacy Policy

Effective Date: February 1, 2026

INUSCOMMUNITY Co., Ltd. (hereinafter referred to as the 'Company') protects users' personal information in accordance with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and other relevant laws. The Company has established and publicly discloses the following Privacy Policy to promptly and smoothly handle complaints related to personal information. The Company publishes this Privacy Policy on the front page of its website so that users can easily access it at any time.

Article 1 (Purpose of Processing Personal Information, Items Collected, and Retention Period)

The Company processes personal information for the following purposes. Personal information being processed will not be used for purposes other than those listed below, and if the purpose of use changes, necessary measures such as obtaining separate consent will be implemented.

Purpose	Items Collected	Retention Period
Member registration and management	Email, password, name, profile image (optional)	Until account deletion
Service provision	Service usage records, access logs, cookies, access IP, browser information	Until service termination
Marketing and advertising	Email (optional consent)	Until consent withdrawal

Article 2 (Personal Information Processing and Retention Period)

The Company processes and retains personal information within the period agreed upon when collecting personal information from the data subject or within the retention and use period specified by law. The specific retention periods are as follows:

Records on contracts or subscription withdrawals: 5 years (Electronic Commerce Act)
Records on payment and supply of goods: 5 years (Electronic Commerce Act)
Records on consumer complaints or disputes: 3 years (Electronic Commerce Act)
Website visit records: 3 months (Protection of Communications Secrets Act)

Article 3 (Rights and Obligations of Data Subjects and How to Exercise Them)

Users may exercise the following rights as personal information data subjects:

Request to access personal information
Request for correction if there are errors
Request for deletion
Request to suspend processing

Article 4 (Destruction of Personal Information)

The Company destroys personal information without delay when it becomes unnecessary, such as when the retention period has expired or the processing purpose has been achieved. 1. Destruction Procedure Information entered by users is transferred to a separate database after the purpose is achieved (a separate document in case of paper) and destroyed after being stored for a certain period according to internal policies and other relevant laws, or destroyed immediately. 2. Destruction Method Personal information in electronic file format is deleted using technical methods that make the records unrecoverable. Personal information printed on paper is shredded or incinerated.

Article 5 (Provision of Personal Information to Third Parties)

In principle, the Company processes users' personal information within the scope specified in Article 1 and does not process it beyond the original scope or provide it to third parties without the prior consent of the data subject. However, personal information may be provided to third parties in the following cases: • When the data subject has given prior consent to third-party provision • When permitted by law • When the data subject or legal representative is unable to express their intention or prior consent cannot be obtained due to unknown address, and it is clearly necessary for the urgent benefit of the life, body, or property of the data subject or a third party

Google User Data Processing

Team HAI processes Google user data as follows when users authenticate through Google OAuth.

1. Data Collected: Google account email address, profile name, profile picture
2. Purpose of Use: Member authentication and service login, user profile display
3. Data Sharing: User data collected from Google is not sold to third parties and is not used for purposes other than service provision (such as advertising or AI model training).
4. Security Measures: All data is transmitted through encrypted connections (TLS/SSL) and protected with industry-standard security measures.
5. Retention and Deletion: Google user data is immediately deleted upon account deletion. Users can disconnect their Google account at any time through service settings.
6. Google user data is never sold.
7. Google user data is used solely to provide and improve app functionality.

Meta (Facebook/Instagram) User Data Processing

Team HAI processes Meta user data through Meta (Facebook, Instagram) OAuth for user authentication and social media analytics services as follows.

1. Data Collected: Meta account email address, profile name, profile photo, connected Facebook Pages and Instagram Business account information, post insights (public statistics such as likes, comments, reach, etc.)
2. Purpose of Use: Member authentication and service login, social media performance analysis (SOV, visibility analysis), providing insights for content strategy development
3. Data Sharing: User data collected from Meta is not sold to third parties and is not used for purposes other than service provision (advertising, AI model training, provision to data brokers, etc.).
4. Security Measures: All data is transmitted through encrypted connections (TLS/SSL) and protected with industry-standard security measures. We comply with Meta Platform Terms and Developer Policies.
5. Retention and Deletion: Meta user data is deleted within 30 days upon account withdrawal or disconnection of Meta account. Users can disconnect their Meta account at any time through Service settings.
6. Meta user data is not sold and is not transferred to third parties.
7. Meta user data is used solely to provide and improve the app's core features (social media analytics and performance monitoring).

Meta Connected Data Deletion Request

Users may request deletion of data collected from Meta at any time. Methods for requesting deletion are as follows:

In-Service Settings: When disconnecting your Meta (Facebook/Instagram) account in [Settings] > [Social Accounts], related data will be automatically deleted.
Email Request: Send a data deletion request email to dx@inuscomm.co.kr, and it will be processed within 5 business days.
Meta App Settings: You can directly remove Team HAI app access in Facebook [Settings & Privacy] > [Apps and Websites].

Upon data deletion request, all data associated with the Meta account (profile information, insight data, analysis results) will be completely deleted within 30 days. However, transaction-related records required to be retained by law will be kept for the period prescribed by relevant laws before deletion.

Article 6 (Entrustment of Personal Information Processing)

The Company entrusts personal information processing as follows for smooth service provision:

Cloud service provision: Amazon Web Services (AWS)
Payment processing: Toss Payments
Email delivery: Amazon SES
Website analytics: Google Analytics (Google LLC), Microsoft Clarity (Microsoft Corporation)
Customer support: Internal operation
When entering into entrustment contracts, the Company supervises whether the trustee safely processes personal information in accordance with relevant laws.

Article 6-2 (Use of Website Analytics Tools)

We partner with Microsoft Clarity and Google Analytics to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. 1. Information Collected: Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. 2. Purpose of Use: This information is used for site optimization, fraud/security purposes, and advertising. 3. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement (https://www.microsoft.com/privacy/privacystatement).

Article 7 (Overseas Transfer of Personal Information)

The Company may transfer users' personal information overseas to provide services. 1. Personal information items transferred: Service usage records, access logs 2. Recipient: Amazon Web Services, Inc. 3. Country of recipient: United States 4. Date and method of transfer: Transmission via network during service use 5. Purpose of use by recipient: Cloud service provision 6. Retention and use period by recipient: Until service termination

Article 8 (Measures to Ensure Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information:

Administrative measures: Establishment and implementation of internal management plan, regular employee training
Technical measures: Management of access rights to personal information processing systems, encryption of unique identification information, installation of security programs
Physical measures: Access control to computer rooms and data storage rooms
Password encryption: User passwords are encrypted for storage and management, and only the user knows their password.

Article 9 (Personal Information Protection Officer and Contact)

The Company designates a Personal Information Protection Officer to be responsible for all matters related to personal information processing and to handle complaints and damage relief related to personal information processing.

Personal Information Protection Officer

Name: 황순용
Department/Position: DX기술연구소 본부장
Phone: 02-519-1200
Email: dx@inuscomm.co.kr, inusdevelop@gmail.com

Service Manager

Name: 황순용
Department/Position: DX기술연구소 본부장
Phone: 02-519-1200
Email: dx@inuscomm.co.kr, inusdevelop@gmail.com

Article 10 (Remedies for Rights Infringement)

Data subjects may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc. to receive relief from personal information infringement.

Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
Supreme Prosecutors' Office Cyber Investigation Division: 1301 (www.spo.go.kr)
National Police Agency Cyber Safety Bureau: 182 (cyberbureau.police.go.kr)

Article 11 (Changes to Privacy Policy)

This Privacy Policy is effective from the enforcement date, and in the event of additions, deletions, or corrections to changes in laws or policies, the changes will be announced through notices 7 days before the enforcement of the changes.