Privacy Policy

  1.  Privacy Policy

Apposter Inc., (“Company”) establishes and discloses this privacy policy in accordance with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Credit Information Use and Protection Act, and other applicable laws. This policy is provided to protect the personal information of members who use the healthcare services provided through the Smart Ring (“Service”) and to promptly and effectively handle any related complaints.

[Key Information Processing Indicators (Labeling)]

원, 그래픽, 클립아트, 디자인이(가) 표시된 사진 자동 생성된 설명

Collection of Personal Information

Gender, date of birth, email, health information, device information, location information, etc.

원, 일렉트릭 블루, 도표, 상징이(가) 표시된 사진 자동 생성된 설명

Purpose of Processing Personal Information

Membership subscription and identity verification

Provision of services and handling of complaints, etc.

상징, 원, 디자인이(가) 표시된 사진 자동 생성된 설명

Retention Period of Personal Information

Until membership withdrawal. However, information may be retained for the period required by relevant laws and the company’s internal policies, after which it will be deleted.

일렉트릭 블루, 클립아트, 디자인이(가) 표시된 사진 자동 생성된 설명

Outsourcing of Personal Information Processing

Bespin Global, Inc.

Inrifle

Amazon Web Services, Inc.

일렉트릭 블루, 디자인이(가) 표시된 사진 자동 생성된 설명

Provision of Personal Information to Third-Parties

Individuals within the Service who have been authorized
by the member to receive health data.

그래픽, 원, 상징, 로고이(가) 표시된 사진 자동 생성된 설명

Personal Information Department

Contact: 1666-9015

Email: help@apposter.com

  1.  Purpose and Scope of Personal Information Collection and Use

The Company collects and uses personal information to the minimum extent necessary for the provision of the Services.

  1. Items of Personal Information Collected and Their Purpose

Purpose of Processing

Items of Personal Information Collected

Membership subscription and management

  • Identification of members, confirmation of intention to join, verification of identity/age
  • Suspension of member qualifications and restrictions on service use in case of fraudulent acts, prevention of recurrence of improper service use
  1. Member information: User ID, email, phone number, password, gender, date of birth, height, weight, nickname
  2. When registering via SNS: SNS-linked ID, email, phone number
  3. If under 14 years of age: legal representative’s name, legal representative’s contact information, relationship with the child, legal representative’s identity verification time

Provision of Services and handling of complaints

  • Provision of reports based on member information
  • rovision of personalized services (including notifications) based on member information, location information, and records
  • Provision of goal management and sharing services
  • Handling of member inquiries, complaints, etc.
  • Delivery of notices and announcements
  • Backup of member health information in the database
  1. Member information: User ID, email, phone number, gender, date of birth, height, weight, nickname
  2. When registering via SNS: SNS-linked ID, email, phone number
  3. Sensitive information:
  • Health-related information (heart rate, blood oxygen, stress index, HRV, skin temperature, menstrual cycle)
  • Sleep-related information (total sleep time, bedtime, wake-up time, sleep stages, heart rate, HRV, blood oxygen, movement, skin temperature and sleep goals)
  • Activity-related information (number of steps taken, calories burned, distance traveled, exercise records, activity goals)
  • Real-time location information (GPS), movement route data
  1. Device information: Device model, connection status, connection time, firmware version, pairing code
  2. Information provided upon user consent during customer inquiries:Diagnostic data(Error logs, app activity history), User ID, Device information(OS, Device ID, Device model, Model name, Device identifier)

Service improvement

  • Development of new services and service improvements
  • Compilation of statistics on service use and the establishment of a service environment that protects privacy
  • Service improvement through service error analysis and customer support response
  1. Member information: User ID, email, phone number, gender, date of birth, height, weight, nickname
  2. Automatically collected information during service use: Device information (OS, device ID, model, device name, device identifier), IP address, cookies, date and time of visit, service usage records
  3. Information provided upon user consent during customer inquiries:Diagnostic data(Error logs, app activity history), User ID, Device information(OS, Device ID, Device model, Model name, Device identifier)

Use of pseudonymized information

  • Pseudonymization and use of pseudonymized information for the purpose of compiling statistics, scientific research, public record preservation, etc.

  1. Member information: User ID, email, phone number, gender, date of birth, height, weight, nickname
  2. Sensitive information:
  • Health-related information (heart rate, blood oxygen, stress index, HRV, skin temperature, menstrual cycle)
  • Sleep-related information (total sleep time, bedtime, wake-up time, sleep stages, heart rate, HRV, blood oxygen, movement, skin temperature and sleep goals)
  • Activity-related information (number of steps taken, calories burned, distance traveled, exercise records, activity goals)

Utilization for marketing and advertising

  • Provision of marketing information such as events and promotions (with consent to marketing)
  1. Member information: Email, phone number, nickname, marketing consent status and date

Automatically collect personal information during service use

  1. Information automatically collected during service use: Device information (OS, device ID, model, device name, device identifier), IP address, cookies, date and time of visit, service usage records

The Company shall obtain consent from the legal representative of a child under the age of 14 when required to process the child’s personal information. For this purpose, the Company may request the minimum necessary information, such as the name and contact information of the legal representative, and confirm the consent of the legal representative through the following methods:

  1. Have the legal representative indicate their consent on the website displaying the consent details and have the confirmation of such consent notified to the legal representative by text messages on their mobile phone; or
  2. Any other method that effectively informs the legal representative of their consent and confirms such consent.
  1. Retention and Use Period of Personal Information
  1. The Company processes and retains personal information for the period agreed upon by the member when collecting their personal information, or as required by applicable law.
  2. The retention and use periods for each personal information are as follows:

Purpose of Processing

Retention Period

Membership subscription and management

Until membership withdrawal

Provision of Services and handling of complaints

Service improvement        

Utilization of pseudonymized information

Until membership withdrawal (However, pseudonymized information may be retained until the completion of analysis, but not longer than 10 years from the date of pseudonymization)

Utilization for marketing and advertising

Until consent for marketing and advertising is withdrawn

  1. Notwithstanding the above, personal information may be retained and used until the following periods in the cases described below (in compliance with applicable laws within the permitted scope):
  1. Retention of personal information based on internal company policies:

Basis of Retention

Retained Information

Retention Period

Prevention of reoccurring improper use of the Services, suspension of member qualifications, and imposition of sanctions

Internally identifiable information, improper service use records, reasons for sanctions, date

1 year from the date of membership withdrawal

  1. Retention of personal information based on applicable law

Basis of Retention

Retained Information

Retention Period

Act on the Consumer Protection in Electronic Commerce

Records related to contracts or withdrawal of subscription (Member identification information, contract/withdrawal records, etc.)

5 years

Records related to payment and supply of goods and services

5 years

Records related to consumer complaints or dispute resolution

3 years

Records related to advertising and labeling

6 months  

Protection of Communications Secrets Act

Records of Service access

3 years

Framework Act on National Taxes

All books and evidentiary documents related to transactions as prescribed by tax law

5 years

  1. Others

Reason for Retention

Retention Period

If investigations or inquiries are in progress due to violations of applicable law

Until the investigation or inquiries are concluded

In case of outstanding debts or obligations between the member and a third party resulting from the use of the Service

Until the relevant debts or obligations are settled

  1.  Outsourcing of Personal Information Processing
  1. The Company outsources the processing of personal information as follows to facilitate effective processing of personal information:

Service Provider

Outsourced Tasks

Amazon Web Services Inc.        

Operation and management of cloud servers (AWS Seoul Region)

Inrifle

Delivery of text and KakaoTalk messages, and emails

  1. When entering into an outsourcing agreement, the Company specifies, in writing, the prohibition of processing personal information beyond the purpose of performing the outsourced tasks, the implementation of technical and administrative safeguards, restrictions on further outsourcing, management and supervision of the service provider, and liability for damages. The Company also monitors the service provider to ensure the secure processing of personal information.
  2. In cases where the service provider wishes to further outsource the processing of personal information to a third party, the service provider will obtain the Company’s consent.
  3. If there are any changes to the outsourced tasks or service providers, such changes will be disclosed to the members through this Privacy Policy without delay.

  1.  Transfer of Personal Information Oversees

The Company outsources or provides members’ personal information overseas as follows:

  1. Google LLC

  1.  Provision of Personal Information to Third Parties
  1. The Company processes members’ personal information within the scope specified for the purposes of processing personal information and provides personal information to third parties only when consent has been obtained from the member or when it is permitted by law, such as in cases specified under Articles 17 and 18 of the Personal Information Protection Act. The Company does not provide personal information to third parties beyond these cases.
  2. After obtaining the member’s consent in accordance with Article 17(1)(1) of the Personal Information Protection Act, the Company may provide personal information to third parties as follows to ensure the effective provision of the Service:

Recipient

Purpose of the Recipient

Personal Information Provided

Retention Period

Individuals within the Service who have been authorized by the member to receive health data

Health monitoring

  1. Member information: Nickname, email, phone number
  2. Sensitive information:
  • Health-related information (heart rate, blood oxygen, stress index, HRV, skin temperature, menstrual cycle)
  • Sleep-related information (total sleep time, bedtime, wake-up time, sleep stages, heart rate, HRV, blood oxygen, movement, skin temperature and sleep goals)
  • Activity-related information (number of steps taken, calories burned, distance moved, exercise records, activity goals)

Until the data subject discontinues sharing

  1.  Procedures and Methods for Disposing Personal Information
  1. The Company will dispose of the members’ personal information without delay when it is no longer necessary, such as when the purpose of processing has been achieved or the retention period has expired.
  2. If the retention period consented to by the member has expired, or the purpose of processing has been achieved, but the personal information must still be retained in accordance with applicable laws as stated in Article 3(3), the Company will transfer the personal information to a separate database (DB) or store it in a different location.
  3. The procedures and methods for disposing personal information are as follows:
  1. Disposal Procedure: The Company will select the personal information subject to disposal, and after receiving approval from the Company’s Personal Information Protection Officer, will proceed with the disposal.
  2. Disposal Method: Personal information recorded and stored in electronic file format will be permanently deleted in a manner that prevents the information from being restored or recovered. Personal information recorded and stored in paper documents will be shredded or incinerated to ensure complete destruction.

  1.  Security Measures

The Company takes the following measures to securely protect the members’ personal information:

  1. Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.
  2. Technical measures: Encryption of personal information, management of access rights to personal information processing systems, and technical measures to prevent hacking and other threats.
  3. Physical measures: Access control for server rooms, data storage rooms, and similar facilities.

  1.  Installation, Operation, and Rejection of Automatic Personal Information Collection Devices
  1. The Company uses “cookies” to collect and utilize members’ behavioral information to provide quick and convenient services and to provide personalized services to members. A cookie is a small piece of data sent from the website’s server to the data subject’s browser, which is then stored on the data subject’s PC or mobile device.

The Company collects and utilizes behavioral information through cookies without identifying individuals, as follows:

Items of Personal Information Collected

  • Records of Service access
  • Activity logs and search history

Collection Method

  • Installation and operation of cookie
  • Automatically collected and transmitted during the use of the app/website

Purpose of Collection

  • Statistical analysis of service usage
  • Development of new services and improvement of related services
  • Provision of personalized recommendations (including advertisements)
  • Detection of secure access

Retention and Usage Period

  • Until the member withdraws membership (for non-members, until the above purposes are achieved)

  1. The Company provides behavioral information to the following party:

Recipient of Behavioral Information

  • Google LLC.

Items of Personal Information Provided

  • Records of Service access
  • Activity logs and search history
  • Advertising identifiers

Purpose of Provision

  • Provision of personalized advertisements based on interests and preferences

Retention and Usage Period

  • Until the member withdraws membership (for non-members, until the above purposes are achieved)

  1. Data subjects have the right to choose whether their behavioral information is collected and used. They can refuse such collection at any time using the following methods. However, refusal may result in limitations on the use of certain services.

Web Browsers

Chrome

Settings > Privacy and Security > Clear browsing data

Edge

Settings > Privacy, search, and services > Clear browsing data > Choose what to clear > Cookies and other site data

Safari

Settings > Privacy > Manage Website Data

Applications

Android

Settings > Security and Privacy > Additional privacy settings > Ads > Reset advertising ID

iOS

Settings > Privacy and Security > Tracking > Disable app tracking

  1. The Company collects only the minimum necessary behavioral information required for optimized personalized services and benefits, and for online personalized advertisements. The Company does not collect sensitive behavioral information that may infringe on the rights, interests, or privacy of individuals, such as information about personal beliefs, ideologies, educational background, or medical history. If the Company intends to provide personalized advertisements to children under the age of 14, it will obtain prior consent from their legal representative. Otherwise, the Company does not collect behavioral information from children for the purpose of personalized advertisements, nor does it provide such advertisements to children.

  1.  Installation, Operation, and Rejection of Automatic Personal Information Collection Devices
  1. The Company uses cookies, SDKs provided by third parties, and other tags to enable effective services and for advertising and marketing purposes when users visit or use the website or app. The behavioral information collected by third parties from the Company’s website or app is as follows:

Name of Collection Tool

Collector

Items Collected

Purpose of Collection

Type of Tool

Google Analytics

Google LLC

Member’s access records to the web/app services, search and click usage data, advertising identifiers

Statistical analysis and service improvement

Analytical SDK

  1. Members may adjust their browser’s cookie settings to allow or block the collection of behavioral information by third parties:

Web

Browsers

Chrome

Settings > Privacy and security > Third-party cookies > choose whether to block or allow cookies.

※ To allow a specific site: Click [Add] next to [Allow third-party cookies] and enter the site address.

Edge

Settings > Privacy, search, and services > Tracking prevention > select level of tracking prevention.

Applications

Android

Settings > Site settings > Third-party cookies > choose whether to block or allow cookies.

※ To allow a specific site: Click [Add site exception] and enter the site address.

iOS

Settings > Privacy and Security > Clear browsing history > Cookies and site data > Clear browsing history.

  1. Rights and Obligations of Members and Exercise of Rights
  1. Members have the right to access, correct, delete, suspend the processing of their personal information, withdraw consent, and object to or request explanations regarding automated decisions at any time.
  2. The rights under Paragraph 1 may be exercised through a legal representative or an authorized agent of the member. In such cases, a power of attorney must be submitted to confirm the authorization of the agent.
  3. The rights under Paragraph 1 may be exercised in writing, via email, or other means, and the Company will respond without delay.
  1. Members can view, modify, or delete their personal information directly at any time through the ‘Personal Information Settings’ or request access by sending an inquiry to the customer service center.
  2. Members can withdraw their consent for the collection and use of personal information at any time through ‘Withdrawal of Membership’.
  3. Members can object to or request explanations regarding automated decisions at any time through their ‘Personal Information Settings’.
  1. In accordance with applicable laws, such as the Personal Information Protection Act, the exercise of certain rights may be restricted in the following cases:
  1. If another law specifies that the personal information must be collected, the member cannot request its deletion.
  2. If the member has consented to automated decisions, or if the member has been notified of such decisions in advance through a contract or law, the right to object to automated decisions may not be recognized, and only the right to request explanations or review may apply.
  3. If the request to object to or explain an automated decision would unreasonably infringe upon the life, skin, property, or other interests of another person, the request may be denied.
  1. Members may exercise their rights through the following department:

-   Customer Support Department

-   Contact Information: 1666-9015, help@apposter.com

  1. Personal Information Protection Officer and Personal Information Department
  1. The Company has designated a Personal Information Protection Officer and Personal Information Department to protect members’ personal information and to address and improve any issues related to the processing of personal information.
  2. The data subject may contact the Personal Information Protection Officer and the Personal Information Department for handling complaints, seeking remedies, or addressing any issues related to personal information protection, and the Company will respond promptly.
  1. Personal Information Protection Officer

-  Name: Seong Hyun Kyoung

-  Title: Representative Director

-  Contact Information: 02-538-0333, apposter@apposter.com

  1. Personal Information Department

-  Contact Information: 1666-9015, help@apposter.com

  1. Additionally, if the member requires consultation or wishes to report a violation of personal information, they may contact the following organizations:
  1. Personal Information Infringement Report Center: (without area code) 118 / privacy.kisa.or.kr
  2. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 / www.kopico.go.kr
  3. Supreme Prosecutors’ Office Cybercrime Investigation Division: (without area code) 1301 / www.spo.go.kr
  4. Electronic Cybercrime Report & Management System, Korean National Police Agency: (without area code) 182 / ecrm.police.go.kr

  1. Processing of Pseudonymized Information
  1. The Company pseudonymizes personal information collected for statistical compilation, scientific research, public record keeping, etc. so that specific individuals cannot be recognized and handles such information as follows.

Purpose of Processing

Items Processed

Retention and Use Period

Statistical analysis of health indicators by specific period and age group

  1. Member Information: Date of birth (month and year), height, weight, gender
  2. Health-related information (heart rate, blood oxygen levels, stress index, HRV, skin temperature, menstrual cycle)
  3. Sleep-related information (total sleep time, bedtime, wake-up time, sleep stages, heart rate, HRV, blood oxygen, movement, skin temperature and sleep goals)
  4. Activity-related information (number of steps taken, calories burned, distance traveled, exercise records, activity goals)

Until the completion of the analysis of the pseudonymized data (up to 10 years from the date of pseudonymization)

  1. The Company takes the following measures to ensure the security of pseudonymized information:
  1. Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.
  2. Technical measures: Separate storage of pseudonymized information and additional information, separation of access rights for pseudonymized information and additional information, technical measures to prevent hacking, management of access rights to pseudonymized information processing systems, storage of access logs, and prevention of forgery and tampering.
  3. Physical measures: Access control for server rooms, data storage rooms, and other similar facilities.

  1. Amendment to the Privacy Policy

The Company may amend this Privacy Policy to reflect changes in applicable laws or services. If the Privacy Policy is amended, the Company will notify members at least 7 days before its implementation through notices or other appropriate means. However, if there are significant changes to members’ rights, such as changes to the items of personal information collected or the purposes of use, the Company will notify members at least 30 days prior to the implementation of the amendment.

This Privacy Policy shall apply from the Effective Date.

Date of Notification: April 8, 2026

Effective Date: April 8, 2026

[Check Previous Privacy Policy]

Effective from September 27, 2024 to October 14, 2024.

Effective from October 14, 2024 to October 27, 2025.

Effective from October 28, 2025 to April 7, 2026.