Privacy Policy

Rating Labs Inc. (hereinafter referred to as the "Company") has established and discloses this Privacy Policy in accordance with applicable privacy laws in order to protect customers’ personal information and to handle any related grievances swiftly and smoothly.

※ This policy will be announced on September 24, 2025, and will take effect on October 1.

Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. Processed personal information will not be used for purposes other than those listed below. If the purpose of use changes, the Company will seek prior consent.

① Membership Registration and Management
Confirming membership intent, identity verification and authentication, maintaining and managing membership, implementing real-name verification systems, preventing unauthorized use of services, verifying parental consent for children under 14, notifications and notices, handling complaints, and keeping records for dispute resolution.
② Handling Inquiries and Complaints
Personal information is processed to verify the identity of the inquirer, confirm the content of the inquiry, make contact for fact-checking and notification, and to provide results.

③ Provision of Goods or Services
Providing services, content, customized services, identity and age verification. 

④ Marketing and Advertising
Developing new services, providing customized services, offering events and promotions, demographic-based services and advertising, verifying service effectiveness, statistics on service usage. 

⑤ Video Information
Crime prevention and investigation, facility safety, fire prevention, analysis and provision.

Article 2 (Items of Personal Information Collected)

① The Company collects the following minimum personal information as mandatory items for membership registration, smooth customer consultation, and provision of various services.

1. Kakao Simple Sign-up

• Required items: Profile information (email address, user ID)

2. Naver Simple Sign-up

• Required items: Profile information (email address, user ID)

3. Apple Simple Sign-up

• Required items: Profile information (email address, user ID)

4. Google Simple Sign-up

• Required items: Profile information (email address, user ID)

② During the process of service use or provision, the following information may be automatically generated or additionally collected. This information is used for service history management, security enhancement, and provision of personalized services.

1. Age, country, occupation, interests, frequently used platforms, favorite K-pop artists
2. Device information, access logs, visit time, IP address, and country information (Geo-IP)
3. Payment and purchase information, service usage records, records of misconduct
4. Advertising identifiers (ADID, IDFA, etc.)

Article 3 (Retention and Use Period of Personal Information)

① The Company processes and retains personal information only within the retention and usage period agreed to by the data subject or as permitted by law. 

② In principle, once the purpose of processing is achieved, the Company promptly destroys the relevant personal information. Certain information may be retained for a set period according to internal policies.

1. Membership Registration and Management
   Retained for up to 3 years from the date of consent. 

• Basis: User consent
• Retention Period: Records of collection/processing and use of credit information – 3 years

Article 4 (Provision of Personal Information to Third Parties)

① The Company may provide personal information to third parties only in compliance with the Personal Information Protection Act and related laws, such as with the consent of the data subject or when specifically required by law. Examples include.

       1. Business delegation for service provision (minimum data required only)
2. Partnerships with other businesses for service provision or advertising
Current third-party provision status

Article 5 (Consent for Third-Party Provision (in Case of Product Exchange)

For product exchanges, the Company obtains user consent for providing personal information to third parties

① Recipients
Mobile coupon issuers, gifticon providers, and other affiliated product suppliers. 

② Provided Information
Phone number, shipping address (if applicable), name (if applicable), exchange details, user identification info, product exchange info.

③ Purpose

Identity verification, processing of product exchanges, mobile coupon delivery, customer inquiries, and exchange history management.

④ Retention Period

Until the purpose is achieved, then destroyed without delay (unless required by law)

Article 6 (Outsourcing of Personal Information Processing)

① The Company does not outsource any personal information processing tasks.

② ) If outsourcing occurs, contracts will clearly stipulate compliance with the Personal Information Protection Act, prohibiting use beyond the agreed scope, technical and managerial safeguards, prohibition of re-outsourcing, and supervision of subcontractors. 

③ Any changes to outsourcing will be disclosed through this Privacy Policy.

Article 7 (Rights of Data Subjects)

① Data subjects (members) have the right to 

1. Request access to personal information
2. Request correction of errors, if any
3. Request deletion
4. Request suspension of processing

Requests can be made via written request, email, or customer service, and the Company will respond without delay. Requests can also be exercised through legal representatives.

Article 8 (Destruction of Personal Information)

In principle, personal information is destroyed once the purpose of processing is achieved. Methods include.

① Transfer to a separate DB (or documents for paper-based info) before destruction

② Destruction within 5 days of retention period expiry or when data becomes unnecessary 

③ Electronic files are destroyed using irreversible technical methods

Article 9 (Safeguards for Personal Information)

The Company implements technical, managerial, and physical measures to ensure security, including:

① Minimization and training of staff handling personal information 

② Regular audits (quarterly) 

③ Internal management plans 

④ Encryption of important data 

⑤ Security programs against hacking/malware 

⑥ Access restrictions and firewalls 

⑦ Retention and protection of access logs (minimum 6 months)

Article 10 (Personal Information Protection Officer)

① The Company designates a Personal Information Protection Officer who is responsible for the overall handling of personal information. This officer also manages the processing of complaints and remedies related to personal information matters as described below:

▶ Personal Information Protection Officer
Department: Information Security Team
Phone: +82-70-7779-4545
Email: tylee@ratinglabs.ai

Users may direct all inquiries, complaints, or requests regarding personal information to the officer above.

Article 11 (Remedies and Complaints)

If you are not satisfied with the Company’s response, you may also contact external organizations such as:

▶ Personal Information Infringement Report Center (KISA) : privacy.kisa.or.kr / 118 

▶ Personal Information Dispute Mediation Committee (KISA): privacy.kisa.or.kr / 118 

▶ Supreme Prosecutors’ Office Cyber Crime Investigation: 02-3480-3573 / www.spo.go.kr 

▶ National Police Agency Cyber Bureau: 1566-0112 / www.netan.go.kr

Article 12 (Changes to the Privacy Policy)
Any additions, deletions, or modifications will be notified via announcements at least 7 days prior to enforcement.

Change details

• Revised September 24, 2025 : Changes based on offerwall and store integration
• First publication on August 6, 2025

Terms of Service                                         Service Operation Policy                             Disclaimer & Legal Notice                            Privacy Policy   

Marketing Information Consent              Location-Based Service Terms                  Youth Protection Policy