Privacy Policy
BrainCheck values users' personal information and complies with applicable laws, including the Personal Information Protection Act. This Privacy Policy explains how the personal information users provide is used, how it is handled, and what measures are taken to protect it.
Personal Information We Collect
(1) Information Required for Sign-Up and Social Login
| Sign-Up Method | Collected Items |
|---|---|
| Email sign-up | Name [Required] Email [Required] Password [Required] |
| Kakao sign-up | Kakao ID [Required] Email [Required] Mobile phone number [Required] |
| Apple sign-up | Apple ID [Required] Email [Optional] Name [Optional] |
| Google sign-up | Google ID [Required] Email [Required] Name [Optional] |
| Facebook sign-up | Mobile phone number or email [Required] |
(2) Information Required to Use the Service
- Name and email
- User ID / Device ID
- Voice data: after speech recognition (STT) is processed on the server, only the result is returned, and the original voice recording is not stored
- Service usage records
- App diagnostic data, including error logs and performance information, for service improvement
Paid purchases are processed through the in-app purchase systems of the Apple App Store and Google Play Store. The Company does not directly collect or store payment information such as credit card numbers.
(3) Information Required for Service Inquiries
- When users submit service inquiries or reports of rights violations, email, SNS account, and phone number may be collected during inquiry handling and resolution
- For mobile use: device model, mobile carrier information, hardware ID, and basic service usage statistics
- Device-related information
(4) Information Entered by Users During Sign-Up and Service Use
- Nickname, used for display within the service
- Phone number, when participating in events
Purpose of Collecting and Using Personal Information
The Company uses collected information for the following purposes.
- To help users use the service smoothly
- To identify users and prevent unauthorized use of the service
- To create statistical data related to service usage
- To support AI analysis and improve service quality
- To provide personalized services
- To improve the service and conduct surveys and analysis needed for that improvement
- To verify identity and respond to user inquiries
- To provide important notices when necessary
- To provide payment functions, identity verification, and payment history management for paid services
- To preserve records for complaint handling and dispute resolution
- When the user consents to marketing messages, to send newsletters and provide promotional information such as new features, products, discounts, coupons, and events
Retention Period
In principle, the Company destroys users' personal information without delay when the user withdraws from membership or when the purposes stated in this Privacy Policy have been fulfilled. However, when applicable laws require information to be retained for a certain period, the Company stores that information for the required period.
| Personal Information Item | Retention Period | Legal Basis |
|---|---|---|
| Login records | 3 months | Protection of Communications Secrets Act Article 15-2 and Enforcement Decree Article 41(2)(2) |
| Records related to display and advertising | 6 months | Act on the Consumer Protection in Electronic Commerce Article 6(3) and Enforcement Decree Article 6(1)(1) |
| Records related to consumer complaints or dispute handling | 3 years | Act on the Consumer Protection in Electronic Commerce Article 6(3) and Enforcement Decree Article 6(1)(4) |
| Records related to contracts, subscription withdrawals, and similar matters | 5 years | Act on the Consumer Protection in Electronic Commerce Article 6(3) and Enforcement Decree Article 6(1)(2) |
| Records related to payment and supply of goods or services | 5 years | Act on the Consumer Protection in Electronic Commerce Article 6(3) and Enforcement Decree Article 6(1)(3) |
How Personal Information Is Collected
BrainCheck collects personal information in the following ways to provide the service.
- Directly from users during sign-up and service use
- From social sign-up and login providers, such as Facebook, Apple, Google, and KakaoTalk, during the social sign-up or login process
- Through tools that collect generated information
- Through written forms, fax, phone, support boards, and email
User and Legal Representative Rights and How to Exercise Them
Users may exercise the following personal information protection rights with the Company at any time.
- Request access to personal information
- Request correction if there is an error
- Request deletion
- Request suspension of processing
Users may exercise these rights with BrainCheck in writing, by phone, by email, by fax, or through other available methods, and BrainCheck will take action without delay.
If a user requests correction or deletion of errors in personal information, the Company will not use or provide that personal information until the correction or deletion is completed.
These rights may also be exercised through a legal representative or an authorized agent. In that case, a power of attorney in the form prescribed by the Enforcement Rules of the Personal Information Protection Act must be submitted.
Users must not infringe the personal information or privacy of themselves or others that BrainCheck processes in violation of the Personal Information Protection Act or other applicable laws.
BrainCheck may be used only by users who are at least 14 years old. Therefore, BrainCheck does not collect or use personal information from children under 14.
Procedure and Method for Destroying Personal Information
BrainCheck destroys personal information according to the following procedure and method.
Destruction Procedure
When the purpose of processing users' personal information has been achieved or the information is otherwise no longer needed, the Company destroys that personal information without delay. If personal information must be preserved under applicable laws, the Company stores and manages that personal information or personal information file separately from other personal information. When destroying information, the Company selects the personal information for which a reason for destruction has occurred and destroys it with approval from the personal information protection officer.
Destruction Method
Personal information printed on paper is shredded, and personal information stored as electronic files is deleted using technical methods that prevent the records from being restored.
Measures to Secure Personal Information
BrainCheck takes the following security measures to prevent users' personal information from being lost, stolen, leaked, altered, or damaged while it is processed.
- Users' personal information is encrypted, stored, and managed securely. Information is transmitted through encrypted communication such as SSL, and passwords are stored and managed through one-way encryption so they cannot be decrypted.
- Systems are installed in areas with controlled external access to prevent users' personal information from being leaked or damaged by hacking, computer viruses, or similar risks.
- To prepare for possible damage to personal information, data is backed up regularly, and up-to-date antivirus programs are used to prevent users' personal information or data from being leaked or damaged. Encrypted communication such as SSL is used to transmit personal information securely over networks.
- Intrusion prevention systems are used to control unauthorized external access, and the Company works to maintain other technically feasible safeguards for system security.
- The number of employees who process personal information is minimized to reduce the risk of personal information leakage.
- The Company maintains systematic standards for creating and changing passwords for database systems that store personal information and systems that process personal information, and for granting access authority, and conducts continuous audits.
- The Company provides regular training and campaigns on personal information protection obligations and security for employees who process personal information.
- The Company establishes and implements an internal management plan for the secure processing of personal information.
Installation, Operation, and Refusal of Automatic Personal Information Collection Devices, Including Cookies
The service uses cookies that store and retrieve user information from time to time. Cookies are small text files sent to the user's browser by the server used to operate the Company's website, and they are stored on the user's device.
(1) Purpose of Using Cookies
Cookies are used for the following purposes.
- To provide automatic login functionality
- To analyze access frequency, visit time, and similar data for members and non-members
- To understand users' preferences and interests and check usage records
- To provide personalized services by tracking event participation, number of visits, and similar data
(2) Cookie Settings
Users may choose whether to allow cookies. Users can change cookie permission levels or refuse the storage of all cookies in their web browser settings. If cookies are refused, however, some services may not be available.
Provision of Personal Information to Third Parties
The Company does not provide users' personal information to third parties. Exceptions may apply when required by law or when investigative agencies request information for investigative purposes according to procedures and methods prescribed by law.
Outsourcing of Personal Information Processing
The Company does not outsource personal information processing.
International Transfer of Personal Information
The Company does not transfer users' personal information overseas.
Advertising and Tracking
- BrainCheck does not track users for advertising purposes.
- Advertising identifiers (IDFA/GAID) are collected only when the user consents through App Tracking Transparency (ATT), and they are used only for deep link analysis, not for advertising purposes.
- Users may change tracking permission at any time in their device settings.
Personal Information Protection Officer and Contact Information
Personal Information Protection Officer
Name: Younghun Lee
Position: CEO
Email: support@braincheck.co.kr
Users may contact the personal information protection officer or responsible department regarding any personal information protection inquiries, complaints, remedies, or other matters that arise while using BrainCheck's services. BrainCheck will respond to and handle user inquiries without delay.
If users need to report or consult about personal information infringement, they may contact the following institutions.
- Personal Information Infringement Report Center (http://privacy.kisa.or.kr / 118 without area code in Korea)
- Cyber Investigation Department, Supreme Prosecutors' Office (http://www.spo.go.kr / 1301 without area code in Korea)
- Cyber Safety Bureau, Korean National Police Agency (http://cyberbureau.police.go.kr / 182 without area code in Korea)
Changes to This Privacy Policy
This Privacy Policy may be added to, deleted, or modified due to changes in laws, policies, or the service. Any changes will be announced through in-app notices or the website at least 7 days before they take effect.
- Announcement date: February 1, 2025
- Effective date: February 1, 2025