Privacy Policy
Last updated: April 15, 2026
UModeler, Inc. (the "Company") collects, uses, and provides personal information in compliance with the Personal Information Protection Act of Korea and other applicable laws, regulations, and guidelines, in order to protect the freedom and rights of data subjects. The Company establishes and discloses the following Privacy Policy to protect users' personal information and to handle related grievances promptly and efficiently.
Article 1 Purpose of Collection and Use of Personal Information
1. The Company processes the following categories of personal information without the consent of the data subject. The personal information being processed will not be used for any purpose other than those set forth below, and where the purpose of use changes, the Company will take necessary measures such as obtaining separate consent.
| Legal Basis | Purpose of Collection and Use | Items | Retention Period |
|---|---|---|---|
| Article 15(1)2 of the Personal Information Protection Act (special provisions in law); Article 15-2 of the Protection of Communications Secrets Act (duty of cooperation of telecommunications service providers) | Communications fact confirmation data | Service visit records, access logs | 3 months from the date of collection |
| Article 15(1)2 of the Personal Information Protection Act (special provisions in law); Article 6 of the Act on Consumer Protection in Electronic Commerce, etc. (preservation of transaction records, etc.) | Records regarding contracts or withdrawal of offers | Records of contracts / withdrawal of offers | 5 years from the date of collection |
| Article 15(1)2 of the Personal Information Protection Act (special provisions in law); Article 6 of the Act on Consumer Protection in Electronic Commerce, etc. (preservation of transaction records, etc.) | Records regarding payment and supply of goods, etc. | Payment information, transaction history, records of supply of goods | 5 years from the date of collection |
| Article 15(1)2 of the Personal Information Protection Act (special provisions in law); Article 6 of the Act on Consumer Protection in Electronic Commerce, etc. (preservation of transaction records, etc.) | Records regarding consumer complaints or dispute resolution | Records of consumer complaints and dispute resolution | 3 years from the date of collection |
| Article 15(1)2 of the Personal Information Protection Act (special provisions in law); Article 85-3 of the Framework Act on National Taxes (maintenance and preservation of books and records) | Books and evidentiary documents for all transactions required under tax laws | Transaction books, evidentiary documents | 5 years from the date on which the statutory tax filing deadline has passed |
| Article 15(1)4 of the Personal Information Protection Act (performance of contract) | Member registration and management | PicoBerry ID and password, username, email address, affiliated school/workplace, locale (region and language) | Until membership withdrawal |
| Article 15(1)4 of the Personal Information Protection Act (performance of contract) | Provision of services | Username, email address, service usage records, Google OAuth linked ID, subscription/payment status, license information, access logs, and text, images, files, 3D data, prompts, AI request logs, generation/edit history, and processed result data input or uploaded by the user for use of AI features | Until the date of data creation (for free users) or up to 30 days from the date of membership withdrawal |
| Article 15(1)4 of the Personal Information Protection Act (performance of contract) | Fee settlement | Name, email address, payment/transaction records, service usage records | Until membership withdrawal |
| Article 15(1)4 of the Personal Information Protection Act (performance of contract) | Inquiry handling and complaint processing | Name, email address, consultation records, complaint details | Until the complaint/inquiry is resolved |
| Article 15(1)4 of the Personal Information Protection Act (performance of contract) | Service stability and prevention of fraudulent use | Access logs (IP address, User-Agent, device model, OS information, screen size, language and country information, device identification information), authentication cookies, duplicate sign-up verification information (sign-up date, withdrawal date, approval date) | Until dispute resolution or 3 years after withdrawal |
2. The Company processes the following personal information with the consent of the data subject.
| Legal Basis | Purpose of Collection and Use | Items | Retention Period |
|---|---|---|---|
| Article 15(1)1 of the Personal Information Protection Act (consent of the data subject) | Development of new services, marketing/advertising, and notification services | Email address, service usage records, access records, cookies, statistical information | Until membership withdrawal |
Article 2 Personal Information of Children Under the Age of 14
The Company does not process personal information of children under the age of 14.
Article 3 Provision and Disclosure of Personal Information to Third Parties
- The Company processes users' personal information only within the scope specified in the purpose of processing personal information, and provides personal information to third parties only where it falls under Articles 17 and 18 of the Personal Information Protection Act, such as where the data subject has given consent or where there is a special provision in law. Otherwise, the Company does not provide the data subject's personal information to third parties.
- To the extent necessary for the provision of services, the Company may provide personal information to third parties in accordance with lawful procedures, including obtaining the user's consent.
- In accordance with the Guidelines for Processing and Protecting Personal Information in Emergency Situations, the Company may provide personal information to relevant authorities without the consent of the data subject in emergency situations such as disasters, infectious diseases, incidents or accidents causing imminent danger to life or bodily safety, or imminent property loss.
Article 4 Outsourcing of Personal Information Processing
1. The Company outsources personal information processing tasks as follows in order to facilitate smooth processing of personal information affairs. Where there is any sub-outsourcing of personal information processing tasks, the sub-processor and details of the sub-outsourced tasks will be disclosed through the processor's privacy policy.
| Trustee | Details of Outsourced Work |
|---|---|
| Amazon Web Services, Inc. | Server operation for the service |
| Google LLC. | Analysis of users' service usage data and traffic statistics through Google Analytics |
| Microsoft Corporation | Server operation for the service |
| Vercel Inc. | Web hosting and server infrastructure for service operation |
| Posthog INC. | Analysis of users' service usage data |
| The Rocket Science Group, LLC | Email delivery service |
| Twilio Inc. (SendGrid) | Email delivery service |
| Xsolla Inc. | Payment system provision |
- When entering into outsourcing agreements, the Company specifies in contracts and other written documents matters required under Article 26 of the Personal Information Protection Act, including prohibition of processing personal information for purposes other than performance of outsourced work, technical and administrative safeguards, restriction on sub-outsourcing, management and supervision of processors, and liability such as compensation for damages, and supervises whether processors safely handle personal information.
- If there is any change in the details of outsourced work or in the processor, the Company will disclose such changes without delay through this Privacy Policy.
Article 5 Overseas Collection and Transfer of Personal Information (Outsourcing of Processing)
1. The Company outsources the processing of personal information overseas as follows.
| Legal Basis | Recipient (Country / Contact) | Timing and Method of Transfer | Items Transferred | Purpose of Use | Retention and Use Period |
|---|---|---|---|---|---|
| Article 28-8(1)3(a) of the Personal Information Protection Act | Google LLC. | Automatically transmitted over the network in the course of executing Google Analytics during service use | Access logs, cookies, service usage records, browser information | Google Analytics | 2 years from the date of collection |
| Article 28-8(1)3(a) of the Personal Information Protection Act | Google LLC. | Transmitted, stored, and processed over the network through cloud servers during service use | Member information (email address (encrypted), password (hashed), nickname, language settings, Google OAuth linked ID, subscription/payment status, license information), access logs (IP address, User-Agent, request time), API requests and error logs | Google Cloud Platform | 2 years from the date of collection |
| Article 28-8(1)3(a) of the Personal Information Protection Act | Microsoft Corporation (United States / privacy-support-requests) | Remotely transmitted via a dedicated network upon service use | Email address, country information | Server operation | Until membership withdrawal |
| Article 28-8(1)3(a) of the Personal Information Protection Act | Vercel Inc. (United States / privacy@vercel.com) | Automatically transmitted over the network through Vercel hosting servers upon service use | Access logs (IP address, User-Agent, request URL, request time) | Web application hosting and content delivery | 1 year from the date of collection (pursuant to Vercel's default log retention policy) |
| Article 28-8(1)3(a) of the Personal Information Protection Act | Posthog INC (United States / privacy@posthog.com) | Remotely transmitted via a dedicated network upon service use | Email address, country information | Usage data analysis | Until membership withdrawal |
| Article 28-8(1)3(a) of the Personal Information Protection Act | The Rocket Science Group, LLC (United States / privacy@rocketscience.gg) | Remotely transmitted via a dedicated network upon service use | Email address, language information | Email delivery | Until membership withdrawal |
| Article 28-8(1)3(a) of the Personal Information Protection Act | Twilio Inc. (SendGrid) (United States / privacy@twilio.com) | Remotely transmitted via a dedicated network at the time of email delivery | Email address, language information | Email delivery and management of delivery records | Until membership withdrawal |
| Article 28-8(1)3(a) of the Personal Information Protection Act | Xsolla Inc. (United States / data.protection@xsolla.com) | Remotely transmitted via a dedicated network upon service use | Name, email address, payment information, IP address, country information | Payment system provision | Until membership withdrawal |
2. If you refuse the overseas transfer of personal information, your use of the service may be restricted. If you do not wish your personal information to be transferred overseas, you may terminate the service or request service termination through the customer support center at contact.support@umodeler.com
Article 6 Rights and Obligations of Data Subjects and Legal Representatives; Methods of Exercise
- A data subject may exercise the following rights related to personal information protection against the Company at any time:
① request access to personal information
② request correction if there are errors
③ request deletion
④ request suspension of processing - The rights under Paragraph 1 may be exercised in writing, by email, or by other means, and the Company will take action without delay.
- Where a user requests correction of an error in personal information, the Company will not use or provide the relevant personal information until the correction has been completed. In addition, where incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction result without delay so that the correction can be made.
- The above rights may be exercised through an agent, such as the legal representative of the data subject or a person delegated by the data subject.
- When using the Company's services in external locations such as internet cafés or via public Wi-Fi, users should be careful to ensure that there are no hacking programs or other harmful software. Although the Company makes its best efforts to protect personal information, it shall not be liable for problems caused by the fault of the user or any third party.
Article 7 Measures to Ensure the Security of Personal Information
- The Company takes the following measures to ensure the security of personal information:
① Administrative measures: regular employee training, etc.
② Technical measures: management of access rights to personal information processing systems, installation of security software such as antivirus programs, encryption of files in which personal information is stored, etc.
③ Physical measures: locking and access control for places where personal information is stored and kept - The Company designates a manager exclusively responsible for handling complaints regarding the use of personal information and other grievances that may not yet have come to the Company's attention, and continuously and promptly processes users' complaints and responds immediately to the results thereof.
Article 8 Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
- The Company uses "cookies," PostHog, and Google Analytics, which store and retrieve usage information from time to time, in order to provide users with customized services.
- A cookie is a small amount of information sent by the server (HTTP) used to operate a website to the user's computer browser, and may also be stored on the hard disk of the user's PC.
- Purpose of use of cookies: Cookies are used to provide optimized information to users by identifying users' visit and usage patterns for each service and website visited, popular search terms, whether secure access is used, and the like.
① Essential cookies: Used for the normal operation of the website, such as website security, saving settings, and maintaining login status.
② Analytics and performance cookies (optional): Used to analyze service visit history, frequency of access, time spent, etc. for service improvement and optimization of user experience (e.g., PostHog, Google Analytics).
③ Marketing cookies (optional): Used to provide customized advertisements and content based on users' interests. - Installation, operation, and refusal of cookies: Users have the right to choose whether to install cookies. Users may decide whether to consent to each category through the cookie consent banner displayed when accessing the website. Users may also refuse cookie storage by setting options in the Tools > Internet Options > Privacy menu of their web browser.
- If users refuse to store cookies, they may experience difficulties in using personalized services.
- For information regarding the processing of cookie data by PostHog and Google Analytics, please refer to the respective privacy policies of each service provider.
- PostHog: https://posthog.com/privacy
- Google Analytics: https://policies.google.com/privacy?hl=ko
Article 9 Procedures and Methods for Destruction of Personal Information
- The Company destroys personal information without delay when it becomes unnecessary, such as upon expiration of the retention period or achievement of the processing purpose.
- If, despite the expiration of the retention period consented to by the data subject or achievement of the processing purpose, personal information must continue to be preserved pursuant to other laws, such personal information will be transferred to a separate database (DB) or stored in a different location.
- The procedures and methods for destruction of personal information are as follows:
① Destruction procedure: The Company selects personal information for which a ground for destruction has arisen and destroys such personal information with the approval of the Company's Chief Privacy Officer.
② Destruction method: Personal information recorded and stored in electronic file form will be destroyed in a manner that renders the records irrecoverable, and personal information recorded and stored in paper documents will be destroyed by shredding or incineration.
Article 10 Chief Privacy Officer
The Company is responsible for the overall handling of personal information and designates the following Chief Privacy Officer and responsible department to handle complaints and provide remedies for damages related to personal information processing.
- Chief Privacy Officer
- Name: Jaesik Hwang
- Position: Chief Executive Officer
- Contact: contact.support@umodeler.com
- Department Responsible for Personal Information Protection
- Department: BizOps
- Person in Charge: Seeun Kim
- Contact: info@umodeler.com
You may contact the Chief Privacy Officer or the responsible department regarding all inquiries, complaint handling, and remedies related to personal information protection arising while using the services of UModeler, Inc. UModeler, Inc. will respond to and handle such inquiries without delay.
Article 11 Remedies for Infringement of Rights and Interests
If you need to report or consult regarding any other infringement of personal information, please contact the following organizations:
- Personal Information Infringement Reporting Center (www.118.or.kr / +82 118)
- Information Protection Mark Certification Committee (www.eprivacy.or.kr / +82 02-580-0533~4)
- Advanced Crime Investigation Division, Supreme Prosecutors' Office (www.spo.go.kr / +82 02-3480-2000)
- Cyber Terror Response Center, National Police Agency (www.ctrc.go.kr / +82 02-392-0330)
Article 12 Scope of Application of the Privacy Policy
- Where necessary for service use, the Company may provide data subjects with links to other companies' websites. In such cases, the Company has no control over the protection of personal information on external sites and therefore does not guarantee, and shall not be responsible for, services or materials provided through such external sites.
- Where personal information is collected on another company's website accessed through advertisement banners of the Company's affiliates or third parties within the Company's service pages, this Privacy Policy shall not apply, and users should exercise caution in providing personal information.
Article 13 Changes to the Privacy Policy
- This Privacy Policy shall become effective on April 15, 2026.
- The Company may amend this Privacy Policy for purposes such as reflecting changes in laws or services. If this Privacy Policy is amended, the Company will post the changes, and the amended Privacy Policy will take effect 7 days after posting. However, where material changes affecting users' rights occur, such as changes to the categories of personal information processed or the purposes of processing, the Company will provide prior notice at least 30 days in advance.
- Previous versions of the Privacy Policy are available as follows:
- Privacy Policy_August 6, 2025
- UModeler Privacy Policy