Privacy Policy
Effective Date: April 1, 2026
- Personal Information Controller: 주식회사 에트윅 (the "Company")
- Representative: 임현규 (Hyungyu Lim)
- Address: Room 602-249, 6F, 103, Misagangbyeonnam-ro, Hanam-si, Gyeonggi-do, Republic of Korea
- Chief Privacy Officer: 임현규 (Hyungyu Lim) / cs@atweek.com
- General Inquiries: cs@atweek.com
This Privacy Policy has been translated from the Korean version for convenience only. In the event of any discrepancy, inconsistency, or conflict in interpretation between the Korean version and any translated version, the Korean version shall prevail.
1. General Provisions
The Company values the personal information of users of the PLANDOG service and complies with applicable laws and regulations, including the Personal Information Protection Act of Korea. Through this Privacy Policy, the Company explains what personal information it processes, for what purposes, for how long, and how users may exercise their rights.
2. Categories of Personal Information Processed
The Company may process the following personal information in the course of providing the Service.
2.1 Registration and Account Management
- Required information: items necessary for actual service operation, such as email address, name or nickname, and login identifier
- Optional information: profile image, company name, job title, and other items voluntarily entered by the user
- Automatically collected information: access logs, IP address, browser information, device information, cookies, access date and time, and service usage records
2.2 Service Use and Provision of Generation Functions
- Prompts, documents, images, messages, and attachments entered by users
- Generated outputs, edit history, and project information
- Credit usage records, feature usage records, error logs, and performance logs
- Customer support requests, inquiry history, reports, and sanctions history
2.3 Payment and Order Processing
A. International Card Payment (Polar)
- Order identification information: name, email address, country/region, and billing information
- Transaction information: order number, purchased product, payment date and time, currency, taxes, refund status, and receipt or invoice information
- When using Polar checkout, the Company does not, in principle, directly store sensitive payment information such as the user's full card number or card CVC.
2.4 Inquiries and Dispute Handling
- Name, email address, and contact information
- Inquiry details and attachments
- Consultation and handling history
3. Purposes of Processing Personal Information
The Company processes personal information for the following purposes:
- membership registration, identity verification, account management, and login support;
- provision of AI-based document generation, screen design assistance, and other services;
- confirmation of credit payments, order management, and refund processing;
- responding to customer inquiries, handling complaints, resolving disputes, and delivering notices;
- service quality improvement, security monitoring, prevention of abusive use, and statistical analysis; and
- compliance with legal obligations, record retention, tax and accounting processing, and audit response.
4. Processing and Retention Period of Personal Information
- The Company retains personal information until the purpose of collection and use is achieved and, once such purpose has been achieved, destroys it without delay.
- However, where retention for a certain period is required under applicable laws, the Company will store the information separately for that period.
4.1 General Retention Periods
- Member information: until membership withdrawal or until the purpose is achieved
- Inquiry and customer support records: 3 years after completion of processing
- Free/promotional operation records and abusive use prevention records: 5 years
4.2 Retention Under Applicable Laws
- Records on labeling and advertising: 6 months
- Records on contracts or withdrawal of subscription: 5 years
- Records on payments and supply of goods/services: 5 years
- Records on consumer complaints or dispute handling: 3 years
- Access records of personal information processing systems: at least 6 months
5. Provision of Personal Information to Third Parties
The Company does not, in principle, provide users' personal information to external parties. However, exceptions may apply in the following cases:
- where the user has given prior consent;
- where disclosure is unavoidable in order to comply with a specific legal obligation;
- where requested by investigative authorities, courts, or other organizations with lawful authority; or
- where disclosure is lawfully made within the scope necessary to provide the Service to the user.
If the Company actually provides personal information to a third party, it will disclose through the Service interface or separate notice the recipient, purpose of provision, items provided, and retention/use period.
6. Outsourcing of Personal Information Processing
The Company may outsource part of its work to external service providers in order to provide the Service smoothly. When entering into outsourcing agreements, the Company manages and supervises such providers so that personal information is processed safely in accordance with applicable laws.
| Service Provider | Outsourced Work |
|---|---|
| Polar and related payment infrastructure providers | Processing of international card payments, order/refund processing, and invoice issuance support |
| SmileServe | Infrastructure operation and data storage |
| Supabase | Login and DBMS |
7. Cross-Border Transfer of Personal Information
The Company may transfer personal information outside Korea in the course of processing international card payments. In accordance with applicable laws, the Company discloses the legal basis for such transfer, the recipient, destination country, transferred items, purpose, and retention period.
| Recipient | Destination Country | Transferred Items | Purpose of Transfer | Timing and Method | Retention/Use Period |
|---|---|---|---|---|---|
| Polar Software Inc. and related payment infrastructure providers | United States and other countries necessary for payment processing | Name, email, order/payment information, and tax information | Card payment processing, order management, refunds, and invoice processing | Network transmission at the time of payment | Until the transaction purpose is achieved and for any additional period required by applicable law |
Supabase currently uses servers located in Korea and is therefore not included in the cross-border transfer items within the current service operation scope.
8. Procedures and Methods for Destruction of Personal Information
- The Company destroys personal information without delay when it becomes unnecessary, such as upon expiration of the retention period or achievement of the processing purpose.
- Information that must be retained under applicable law will be stored in a separate database or separate storage location and destroyed after the prescribed period expires.
- Electronic files are deleted using technical methods that make recovery or reproduction impossible, and paper documents are destroyed by shredding, incineration, or equivalent methods.
9. Rights of Users and Their Legal Representatives and How to Exercise Them
- Users may request access to, correction of, deletion of, suspension of processing of, or withdrawal of consent for their personal information at any time.
- Users may directly modify certain personal information or request deletion through account settings within the Service or the customer inquiry channel.
- The Company will take action without delay except where the exercise of rights is restricted by applicable law.
- Users' rights may also be exercised through their legal representatives or authorized agents. In such cases, a power of attorney or other documentation required by applicable law may be requested.
- This Service is not intended for persons under 19 years of age, and minors may not use the Service.
10. Measures to Ensure the Security of Personal Information
The Company takes the following measures to ensure the security of personal information:
- minimization of access authority and access control for personal information;
- encryption or equivalent protective measures for passwords and other important information;
- retention and inspection of security logs and access records;
- operation of security programs, vulnerability checks, and technical safeguards; and
- education for personnel handling personal information and establishment/implementation of internal management plans.
11. Use of Cookies and Similar Technologies
- The Company may use cookies or similar technologies for maintaining login sessions, improving services, analyzing usage patterns, and strengthening security.
- Users may refuse or delete cookies through browser settings. However, if cookie storage is refused, use of some services may be restricted.
12. Protection of Children's and Minors' Personal Information
This Service is not intended for persons under 19 years of age, and minors are not permitted to register for or use the Service. If the Company becomes aware that it has collected personal information of a child or minor requiring separate consent under applicable law without recognition, it will promptly delete the information or take other necessary measures.
13. Chief Privacy Officer and Contact Information
Users may contact the person below regarding inquiries, complaint handling, or relief related to the processing of personal information.
- Chief Privacy Officer: 임현규 (Hyungyu Lim)
- Email: cs@atweek.com
The Company will respond to and handle user inquiries without delay.
14. Methods of Remedy for Infringement of Rights and Interests
If users need to report or seek consultation regarding personal information infringement, they may contact the following organizations:
- Personal Information Infringement Report Center
- Personal Information Dispute Mediation Committee
- Cyber investigation division of the Supreme Prosecutors' Office
- National Police Agency cybercrime reporting system
15. Changes to This Policy
The Company may amend this Privacy Policy. If there are material changes, the Company will provide prior notice of the effective date, reasons for change, and key details through notices within the Service or a linked page.
Addendum
This Policy will apply from April 1, 2026.