Privacy Policy

1. Purpose of Personal Information Collection and Use

KoStart establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect users' personal information and promptly and smoothly handle related grievances. The Company uses collected personal information for the following purposes: ① Membership registration and management (providing membership services, identity verification, personal identification, preventing fraudulent use by bad members, confirming subscription intent, record retention for dispute resolution, handling complaints and grievances, delivering notifications), ② Service provision (AI chatbot consultation, blog and community services, job information provision, university information provision, personalized content recommendations, multilingual translation services), ③ Marketing and advertising utilization (developing new services and providing customized services, providing event and advertising information, analyzing service usage statistics), ④ Service improvement (analyzing user behavior, improving service quality, developing new services).

2. Categories and Collection Methods of Personal Information

① The Company collects minimum personal information necessary for membership registration and smooth service provision.

• Required items: Email, name, password (stored encrypted)
• Optional items: Nationality, stay purpose (study/work/tourism/other), region of interest, Korean proficiency level, areas of interest
• Automatically collected items: IP address, access logs, cookies, service usage records, visit time, browser information, OS information
• Google Analytics: Page views, event tracking (registration, login, AI chatbot usage, blog views, language changes, etc.), user behavior patterns (anonymized)
• When logging in with Google OAuth: Google account information (name, email, profile photo)

3. Personal Information Retention and Use Period

① The Company processes and retains personal information within the personal information retention and use period prescribed by law or consented to by information subjects when collecting personal information. ② Personal information is destroyed immediately upon membership withdrawal. However, the following information shall be retained for the periods specified below for the following reasons: 1. Information retention based on relevant laws - Records of contracts or withdrawal of subscription: 5 years (Act on Consumer Protection in Electronic Commerce), - Records of payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce), - Records of consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce), - Website visit records: 3 months (Protection of Communications Secrets Act). 2. Information retention based on internal policies - Prevention of fraudulent use: 1 year (prevention of fraudulent registration and use). ③ AI chatbot conversation records are anonymized and stored for up to 1 year for service improvement purposes, and are immediately deleted upon user's request.

4. Provision of Personal Information to Third Parties

① The Company does not provide users' personal information to third parties in principle. However, exceptions apply in the following cases: 1. When users have given prior consent, 2. When required by law or requested by investigative agencies according to procedures and methods defined by law for investigative purposes, 3. When necessary for statistical compilation, academic research, or market research and provided in a form that cannot identify specific individuals. ② Currently, the Company does not provide personal information to third parties. If third-party provision becomes necessary in the future, the Company will notify users in advance and obtain consent.

5. Entrustment of Personal Information Processing

① The Company entrusts personal information processing tasks to external specialized companies as follows for smooth service provision: 1. OpenAI (AI chatbot service provision, conversation content processing - anonymized), 2. MongoDB Atlas (database hosting and management), 3. Railway.app (backend server hosting), 4. Vercel (frontend hosting and deployment), 5. Google (OAuth authentication, Analytics data collection - anonymized). ② When concluding entrustment contracts, the Company specifies matters such as prohibition of personal information processing other than for the purpose of performing entrusted tasks, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of trustees, and liability for damages in documents such as contracts in accordance with Article 26 of the Personal Information Protection Act, and supervises whether trustees handle personal information safely. ③ If the content of entrusted tasks or trustees changes, the Company will disclose this through this Privacy Policy without delay.

6. Measures to Ensure Safety of Personal Information

The Company takes the following technical, administrative, and physical measures necessary to ensure safety in accordance with Article 29 of the Personal Information Protection Act: ① Administrative measures: Establishing and implementing internal management plans, regular employee training, minimizing and training staff handling personal information. ② Technical measures: Personal information encryption (passwords stored with one-way encryption), technical countermeasures against hacking (firewall installation, antivirus program installation and regular updates and inspections), preserving and preventing forgery of access records, secure storage of access logs. ③ Physical measures: Access control to computer rooms and data storage rooms (cloud security policy applied). ④ Secure data transmission through HTTPS protocol. ⑤ Regular security inspections and vulnerability analysis.

7. Personal Information Protection Officer and Department

① The Company designates a Personal Information Protection Officer as follows to oversee personal information processing tasks and handle complaints and remedy damages related to personal information processing: - Personal Information Protection Officer: KoStart Operations Team, - Email: ko.local.creater@gmail.com, - Inquiry hours: Weekdays 09:00~18:00 (excluding weekends and holidays). ② Information subjects can inquire to the Personal Information Protection Officer about all matters related to personal information protection, including inquiries, complaint handling, and damage relief that arise while using the Company's services. The Company will respond and process information subjects' inquiries without delay.

8. Rights, Duties and Exercise Methods of Information Subjects

① Information subjects (users) may exercise the following personal information protection rights against the Company at any time: 1. Request to view personal information, 2. Request correction if there are errors in personal information, 3. Request deletion of personal information, 4. Request suspension of personal information processing. ② Rights under Paragraph 1 may be exercised against the Company through written communication, telephone, email, fax, etc., and the Company will take action without delay. ③ If an information subject requests correction or deletion of errors in personal information, the Company will not use or provide the personal information until correction or deletion is completed. ④ Rights under Paragraph 1 may be exercised through agents such as legal representatives or authorized persons of information subjects. In this case, a power of attorney in accordance with Form No. 11 of the Enforcement Decree of the Personal Information Protection Act must be submitted.

9. Installation, Operation and Refusal of Automatic Personal Information Collection Devices

① The Company uses 'cookies' that store and retrieve usage information to provide individualized customized services to users. ② Cookies are small pieces of information sent by the server operating the website to the user's computer browser and may be stored on the user's PC hard disk. ③ Purpose of cookie use: Analyzing users' access frequency and visit times, identifying users' preferences and interests and tracking, identifying participation levels in various events and visit numbers for target marketing and personalized services. ④ Installation, operation and refusal of cookies: Users have the choice to install cookies. Through Tools > Internet Options > Privacy menu options in the web browser, users can allow all cookies, go through confirmation each time a cookie is saved, or refuse to save all cookies. However, refusing to install cookies may cause difficulties in using some services. ⑤ Use of Google Analytics: The Company uses Google Analytics (Measurement ID: G-JELPT14CJL) and Vercel Analytics for service improvement and collects anonymized user behavior data. Users can refuse data collection by installing the Google Analytics opt-out browser add-on.

10. Destruction of Personal Information

① The Company destroys personal information without delay when it becomes unnecessary due to expiration of personal information retention period, achievement of processing purpose, etc. ② If personal information must continue to be preserved according to other laws even though the personal information retention period consented to by information subjects has expired or processing purposes have been achieved, the Company moves the personal information to a separate database (DB) or stores it in a different location. ③ Personal information destruction procedures and methods are as follows: 1. Destruction procedure: Information entered by users is moved to a separate DB (separate documents in case of paper) after achieving its purpose and is destroyed after being stored for a certain period according to internal policies and other relevant laws or immediately. 2. Destruction method: Electronic file format information uses technical methods that cannot reproduce records. Personal information printed on paper is destroyed by shredding or incineration.

11. Personal Information Protection Officer

The Company designates a Personal Information Protection Officer as follows to oversee personal information processing tasks and handle complaints and remedy damages related to personal information processing: - Personal Information Protection Officer: KoStart Operations Team, - Email: ko.local.creater@gmail.com, - Website: https://www.ko-start.com, - Inquiry hours: Weekdays 09:00~18:00 (Korea time, excluding weekends and holidays). Information subjects can inquire to the Personal Information Protection Officer about all matters related to personal information protection, including inquiries, complaint handling, and damage relief that arise while using the Company's services.

12. Request for Personal Information Access

Information subjects can make requests for access to personal information pursuant to Article 35 of the Personal Information Protection Act to the following department. The Company will strive to process information subjects' personal information access requests promptly: - Department receiving and processing personal information access requests: KoStart Operations Team, - Email: ko.local.creater@gmail.com

13. Remedy for Rights Infringement

Information subjects can apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc. to receive relief for personal information infringement: - Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr), - Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr), - Supreme Prosecutors' Office: 1301 (www.spo.go.kr), - National Police Agency: 182 (ecrm.cyber.go.kr). Persons whose rights or interests have been infringed by dispositions or omissions made by heads of public institutions regarding requests under Article 35 (Access to Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Personal Information Processing) of the Personal Information Protection Act may file administrative appeals as prescribed by the Administrative Appeals Act.

14. Changes to Privacy Policy

This Privacy Policy applies from October 13, 2025, and if there are additions, deletions, or corrections to the content according to laws and policies, changes will be announced through the Site's announcements from 7 days before implementation. The amended Privacy Policy becomes effective from the date announced on the Site.

Limitation of Liability for Indirect Damages

The company limits its liability for direct damages, indirect damages, loss of profits, data loss, business interruption, and similar damages. In no event shall the companys total liability exceed the amount actually paid by the user.

Disclaimer for Third-Party Content and Links

The company is not responsible for the content, accuracy, or personal information handling of linked external websites, employment information sources, university information providers, or third-party services. When using external services, please review their terms of service and privacy policies.