Privacy Policy

Sigmoid (hereinafter referred to as the 'Company') establishes this Privacy Policy (hereinafter referred to as 'This Policy') as follows to comply with relevant laws and regulations such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. (hereinafter referred to as the 'Information and Communications Network Act'), in order to protect the information (hereinafter referred to as 'Personal Information') of individuals (hereinafter referred to as 'Users' or 'Individuals') who use the services (hereinafter referred to as 'Company Services') that the Company intends to provide, and to promptly and smoothly handle complaints related to personal information protection of service users.

In accordance with personal information-related laws and This Policy, the Company may collect users' personal information, and collected personal information may be provided to third parties only with the individual's consent. However, in cases where it is legally required by legal provisions, the Company may provide users' collected personal information to third parties without prior consent from the individual.

1. The Company discloses This Policy through the Company's homepage first screen or a connected screen to the first screen so that users can easily check This Policy at any time.
2. When the Company discloses This Policy in accordance with Paragraph 1, it uses font size, color, etc. to enable users to easily check This Policy.

1. This Policy may be revised in accordance with changes in personal information-related laws, guidelines, notices, or government or Company service policies or content.
2. When the Company revises This Policy in accordance with Paragraph 1, it notifies users through one or more of the following methods:
    a. Method of notification through the notice section of the first screen of the Internet homepage operated by the Company or through a separate window
    b. Method of notification to users through written documents, facsimile transmission, email, or similar methods
3. The Company provides notice under Paragraph 2 at least 7 days before the effective date of the revision of This Policy. However, if there are important changes to user rights, notice is provided at least 30 days in advance.

The Company collects the following information for users' membership registration for Company Services.
  1. Required collection information: Email address, password, name, nickname, and mobile phone number

The Company collects the following information for users' identity verification.
  1. Required collection information: Mobile phone number, email address, name, date of birth, gender, identity verification value (CI, DI), mobile carrier, and domestic/foreigner status

The Company collects the following information to provide Company payment services to users.
  1. Required collection information: Card number, card password, expiration date, bank name, and account number

The Company collects the following information to provide Company services to users.
  1. Required collection information: ID, email address, name, and contact information

The Company collects the following information for statistics and analysis of users' service use and confirmation and analysis of fraudulent use. (Fraudulent use refers to acts such as repeatedly withdrawing membership and re-registering, repeatedly purchasing and canceling purchases, etc., illegally or unfairly receiving economic benefits such as discount coupons and event benefits provided by the Company, acts prohibited in the terms of service, illegal or unfair acts such as identity theft, etc.)
  1. Required collection information: Service usage records, cookies, access location information, and device information

The Company collects users' personal information through the following methods:
  1. Method in which users enter their personal information on the Company's homepage
  2. Method in which users enter their personal information through services other than the homepage provided by the Company, such as applications
  3. Method in which users enter information in the process of using the Company's services, such as consultations with customer service centers and activities on bulletin boards

The Company uses personal information in the following cases:
  1. When necessary for Company operations, such as delivery of notices
  2. When necessary for service improvement for users, such as responses to inquiries and handling of complaints
  3. When necessary to provide Company services
  4. When necessary for restriction measures against members who violate laws and Company terms, and prevention and sanctions against acts that interfere with the smooth operation of services, including fraudulent use
  5. When necessary for new service development
  6. When necessary for marketing, such as event and event notifications
  7. When necessary for demographic analysis and analysis of service visits and usage records
  8. When necessary for forming relationships between users based on personal information and interests

The Company outsources personal information processing as follows for smooth service provision and effective business processing:
  1. Personal information processing is outsourced to Amazon Web Services Korea, LLC and Oracle Corporation for service operation and customer information storage until member withdrawal or termination of the outsourcing contract.
  2. Personal information processing is outsourced to Oracle Corporation for service operation and customer information storage until member withdrawal or termination of the outsourcing contract.

1. The Company retains and uses personal information for the period necessary to achieve the purpose of collecting and using personal information.
2. Notwithstanding the preceding paragraph, the Company retains records of fraudulent service use for up to 1 year from the time of member withdrawal in accordance with internal policies to prevent fraudulent registration and use.

The Company retains and uses personal information in accordance with relevant laws as follows:
    1. Retention information and retention period under the Consumer Protection Act in Electronic Commerce, etc.
    a. Records regarding contracts or withdrawal of offers: 5 years
    b. Records regarding payment and supply of goods, etc.: 5 years
    c. Records regarding consumer complaints or dispute resolution: 3 years
    d. Records regarding display and advertising: 6 months
  2. Retention information and retention period under the Communications Secrets Protection Act
    a. Website log record data: 3 months
  3. Retention information and retention period under the Electronic Financial Transactions Act
    a. Records regarding electronic financial transactions: 5 years
  4. Act on the Protection and Use of Location Information
    a. Records regarding personal location information: 6 months

In principle, the Company destroys personal information without delay when it is no longer necessary, such as when the purpose of processing personal information is achieved or the retention and use period has elapsed.

1. Information entered by users for membership registration, etc., is moved to a separate database (or separate documents in case of paper) after the purpose of personal information processing is achieved, and is stored for a certain period in accordance with internal policies and other relevant laws (see retention and use period) and then destroyed.
2. The Company destroys personal information for which destruction reasons have occurred after going through the approval process of the personal information protection officer.

The Company deletes personal information stored in electronic file format using technical methods that cannot reproduce records, and destroys personal information printed on paper by shredding or incineration.

1. When the Company sends advertising information for profit-making purposes using electronic transmission media, it obtains explicit prior consent from users. However, prior consent is not required in any of the following cases:
  a. When the Company collects contact information directly from recipients through transaction relationships, etc., and intends to send advertising information for profit-making purposes regarding goods, etc. of the same type as those transacted with the recipient within 6 months from the date of transaction termination
  b. When a telephone solicitation seller under the Door-to-Door Sales Act orally notifies the recipient of the source of personal information collection and conducts telephone solicitation
2. Notwithstanding the preceding paragraph, if the recipient expresses refusal to receive or withdraws prior consent, the Company does not send advertising information for profit-making purposes and notifies the processing results of refusal to receive and withdrawal of consent to receive.
3. When the Company sends advertising information for profit-making purposes using electronic transmission media between 9:00 PM and 8:00 AM the next day, it obtains separate prior consent from the recipient notwithstanding Paragraph 1.
4. When the Company sends advertising information for profit-making purposes using electronic transmission media, it clearly states the following matters in the advertising information:
  a. Company name and contact information
  b. Matters regarding indication of refusal to receive or withdrawal of consent to receive
5. When the Company sends advertising information for profit-making purposes using electronic transmission media, it does not take any of the following measures:
  a. Measures to avoid or interfere with refusal to receive or withdrawal of consent to receive by recipients of advertising information
  b. Measures to automatically create recipients' contact information such as phone numbers and email addresses by combining numbers, symbols, or characters
  c. Measures to automatically register phone numbers or email addresses for the purpose of sending advertising information for profit-making purposes
  d. Various measures to conceal the identity of the sender of advertising information or the source of advertising transmission
  e. Various measures to deceive recipients to induce replies for the purpose of sending advertising information for profit-making purposes

1. The Company allows membership registration only for users aged 14 or older to protect the personal information of children under 14 years of age.
2. Notwithstanding Paragraph 1, if a user is a child under 14 years of age, the Company obtains consent from the child's legal representative for the collection, use, provision, etc. of the child's personal information.
3. In the case of Paragraph 2, the Company additionally collects the legal representative's name, date of birth, gender, duplicate registration confirmation information (ID), mobile phone number, etc.

1. Users and legal representatives may inquire about or modify their registered personal information at any time and may request withdrawal of consent for personal information collection.
2. Users and legal representatives may contact the personal information protection officer or person in charge in writing, by phone, or by email to withdraw consent for collection of their registration information, etc., and the Company will take measures without delay.

1. Users may request correction of errors in personal information from the Company through the method in the preceding article.
2. In the case of the preceding paragraph, the Company does not use or provide personal information until the correction of personal information is completed, and if incorrect personal information has already been provided to a third party, it will notify the third party of the correction processing results without delay so that correction is made.

1. Users must keep their personal information up to date, and users are responsible for problems caused by inaccurate information input.
2. In case of membership registration using another person's personal information, users may lose their qualifications or be punished under relevant personal information protection laws.
3. Users are responsible for maintaining security of email addresses, passwords, etc., and cannot transfer or lend them to third parties.

The Company takes necessary technical and administrative protection measures to ensure security so that users' personal information is not lost, stolen, leaked, altered, or damaged during processing.

Personal information that has been terminated or deleted at the request of users or legal representatives is processed in accordance with the "Retention and Use Period of Personal Information" collected by the Company, and cannot be accessed or used for other purposes.

Users' passwords are stored and managed through one-way encryption, and confirmation and modification of personal information are only possible by the user who knows the password.

1. The Company does its best to prevent users' personal information from being leaked or damaged due to intrusion into information and communications networks such as hacking and computer viruses.
2. The Company prevents users' personal information or data from being leaked or damaged by using the latest antivirus programs.
3. The Company does its best for security by using intrusion prevention systems in preparation for emergencies.
4. The Company enables safe transmission of personal information over networks through encrypted communication, etc., for sensitive personal information (when collected and retained).

The Company minimizes the number of personnel handling personal information-related processing and emphasizes compliance with laws and internal policies through administrative measures such as education for personal information processors.

When the Company becomes aware of the fact that personal information has been lost, stolen, or leaked (hereinafter referred to as "leakage, etc."), it immediately notifies the relevant users of all of the following matters and reports to the Korea Communications Commission or the Korea Internet & Security Agency:
  1. Personal information items that have been leaked, etc.
  2. The time when leakage, etc. occurred
  3. Measures that users can take
  4. Response measures by information and communications service providers, etc.
  5. Department and contact information where users can receive consultations, etc.

Notwithstanding the preceding article, if there is a legitimate reason such as inability to know the user's contact information, the Company may take measures to substitute the notification in the preceding article by posting it on the Company's homepage for 30 days or more.

1. The Company does not enter into international contracts containing matters that violate the Personal Information Protection Act and other related laws regarding users' personal information.
2. The Company obtains users' consent when providing (including cases where it can be accessed), outsourcing processing, or storing (hereinafter referred to as "transfer") users' personal information abroad. However, if all matters in each subparagraph of Paragraph 3 of this article are disclosed in accordance with the Personal Information Protection Act and other related laws or notified to users by methods prescribed by Presidential Decree such as email, the consent procedure for personal information processing outsourcing and storage may be omitted.
3. When the Company intends to obtain consent under the main text of Paragraph 2 of this article, it notifies users in advance of all of the following matters:
  a. Personal information items to be transferred
  b. Country to which personal information is transferred, transfer date and time, and transfer method
  c. Name of the person receiving personal information (in case of a corporation, its name and contact information of the person in charge of information management)
  d. Purpose of use and retention and use period of personal information by the person receiving personal information
4. When the Company transfers personal information abroad after obtaining consent under the main text of Paragraph 2 of this article, it takes protective measures in accordance with the Personal Information Protection Act, Presidential Decree, and other related laws.

1. The Company uses personal information automatic collection devices (hereinafter referred to as 'cookies') that store and retrieve user information from time to time to provide individual customized services to users. Cookies are small amounts of information sent by the server (http) used to operate the website to the user's web browser (including PC and mobile) and may be stored in the user's storage space.
2. Users have the right to choose regarding cookie installation. Therefore, users can allow all cookies, check each time cookies are stored, or refuse to store all cookies by setting options in the web browser.
3. However, if cookie storage is refused, some Company services that require login may be difficult to use.

Cookie settings such as allowing cookies or blocking cookies can be set through web browser option settings.
1. Edge: Settings menu in the upper right of the web browser > Cookies and site permissions > Manage and delete cookies and site data
2. Chrome: Settings menu in the upper right of the web browser > Privacy and security > Cookies and other site data
3. Whale: Settings menu in the upper right of the web browser > Privacy protection > Cookies and other site data

1. The Company designates the relevant department and personal information protection officer as follows to protect users' personal information and handle complaints related to personal information:
  a. Personal Information Protection Officer
    1) Name: Juan Lee
    2) Position: CEO
    3) Phone: +1 929 560 1371
    4) Email: privacy@sigmoid.us

1. Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Personal Information Infringement Report Center, etc., to receive relief for personal information infringement. For other reports and consultations regarding personal information infringement, please contact the following institutions:
  a. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
  b. Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)
  c. Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)
  d. National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)
2. The Company guarantees data subjects' right to self-determination regarding personal information and strives to provide counseling and relief for damages caused by personal information infringement. If reports or consultations are needed, please contact the department in charge in Paragraph 1.
3. A person whose rights or interests have been infringed due to a disposition or omission by the head of a public institution regarding requests under Article 35 (Access to Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Personal Information Processing, etc.) of the Personal Information Protection Act may file an administrative appeal in accordance with the Administrative Appeals Act.
  a. Central Administrative Appeals Commission: (without area code) 110 (www.simpan.go.kr)

Article 1 This Policy shall take effect from November 27, 2025.