Privacy Policy
Last Updated: 2026-05-06
This Policy is a v5.2 draft; formal publication is scheduled for 2026-05-29 (S3).
1. Information Collected
(Required) Email, name, payment information (held by payment processor). (Optional) Company name, title, categories of interest. (Auto-collected) IP, cookies, access logs, User-Agent.
2. Purpose of Collection and Use
(1) Granting dataset download permissions, (2) Processing payment + issuing receipts / tax invoices, (3) Service notices + B2G sales response, (4) Fraud prevention + security logs.
3. Retention Period
Member info: until withdrawal. Payment records: 5 years per E-Commerce Act. Access logs: 3 months per Communications Privacy Act.
4. Third-Party Disclosure
We do not disclose to third parties as a rule. However, disclosure may occur for (1) payment processors (Toss Payments / Paddle), (2) tax processing (CPA), (3) when required by law.
5. User Rights (PIPA §35-§37 + GDPR Art. 15-22)
Users have the rights of (a) access, (b) correction/deletion, (c) processing suspension, (d) consent withdrawal, exercisable via privacy@garangbiai.com.
6. Security Measures
(1) AES-GCM encryption (secrets), (2) Access control (PIN 369527 + audit log), (3) HTTPS transport, (4) Regular security audits.
7. Privacy Officer
Name: Jeongseok Hwang / Title: CEO / Email: privacy@garangbiai.com / Phone: (added with business registration number)
8. GDPR Compliance (EU Residents)
For EU residents (GDPR Art. 3), the following rights are guaranteed: ① Right of access (Art. 15): Free copy of your data within 30 days ② Right to rectification (Art. 16): Correct inaccurate data ③ Right to erasure (Art. 17 — "right to be forgotten"): Delete data except legal retention requirements ④ Right to restriction (Art. 18): Pause processing during dispute / verification ⑤ Right to data portability (Art. 20): Receive data in structured, machine-readable format ⑥ Right to object (Art. 21): Object to direct marketing / automated decision-making ⑦ Automated decision-making (Art. 22): Refuse decisions based on profiling Legal basis (Art. 6): · Contract performance (payment / download / license issuance) — Art. 6(1)(b) · Legitimate interest (service improvement / security) — Art. 6(1)(f) · Explicit consent (marketing emails) — Art. 6(1)(a) Exercise GDPR rights: privacy@garangbiai.com (reply within 30 days). Cross-border data transfer: EU → Korea — Standard Contractual Clauses (SCC) or explicit consent.
9. CCPA Compliance (California Residents)
For California residents (CCPA / CPRA), the following rights are guaranteed: ① Right to know: Categories of personal information collected, sources, purposes, recipients ② Right to delete: Request deletion (exceptions: completed transactions, security, legal obligations) ③ Right to correct (CPRA 2023+): Correct inaccurate information ④ Right to opt-out: Refuse "sale" / "sharing" of personal information (GaRangBi does NOT sell personal information) ⑤ Non-discrimination: No service or price discrimination for exercising rights GaRangBi does NOT "sell" California residents' personal information to external third parties (per CCPA §1798.140 (t)(1) definition) nor "share" for advertising purposes. Exercise CCPA rights: privacy@garangbiai.com (reply within 45 days, one 45-day extension permitted).