Privacy Policy
Wafour Corporation (“Company”) collects and uses personal information based on user consent and is committed to actively protecting users' rights (including the right to self-determination regarding personal data).
The Company complies with relevant laws and personal data protection guidelines of the Republic of Korea that apply to information and communication service providers. The personal information you provide will be accessed only within the agreed scope and collected with notification and your approval.
This "Privacy Policy" outlines the guidelines the Company follows to protect your valuable personal data so you can use our services with confidence.
This Privacy Policy applies to all AiPang (“Service”) offerings.
Article 1 (Purpose of Collection and Use of Personal Information)
1. The Company collects only the minimum personal data required to provide the service, with the consent of the data subject.
|
Collected Items |
Method of Collection |
Purpose of Use |
Retention Period |
|
Photo for AI content creation |
Uploaded or taken directly via the app |
AI content creation |
Until AI content creation is complete (immediately deleted thereafter) |
|
Voice for AI content creation |
Uploaded or recorded directly via the app |
||
|
Device unique ID (UUID) |
Automatically generated/collected during use |
Device identification, usage logs |
Until consent is withdrawn |
|
ADID, GAID |
Android API |
Personalized advertisements |
Until consent is withdrawn |
|
Name, email |
When a user makes an inquiry |
Customer service and consultation |
Up to 3 years from the date of inquiry
|
2. If a user provides their own content (such as photos, videos, audio, text, hereinafter referred to as “User Content”) to the service using their mobile device (through upload, capture, recording, input, etc.), the provided User Content will not be permanently retained by the company. It will be processed only temporarily until the completion of AI content generation (including AI images, AI videos, and AI audio) and will be immediately deleted upon completion of the generation. In addition, the generated AI content is stored only in the user’s device storage and is not separately collected or retained on the company’s servers, nor is it shared with any third parties.
3. Notwithstanding the retention periods specified in Article 1, the Company may retain user information for a certain period after the user withdraws consent or terminates service use, if required to do so by applicable laws. In such cases, access to and use of the retained personal information will be strictly limited to the specific purposes mandated by law. The Company will clearly state the purpose of retention, the retention period, and the specific items of personal information retained.
|
Relevant Law |
Collected Items |
Retention Period |
||||
|
|
3 months |
||||
|
|
3 years |
||||
|
5 years |
|||||
|
5 years |
4. Collection and Processing of Face Data
A. Scope of Face Data
- Face data refers to the facial region (bounding box), facial landmarks (coordinate points), and temporary transformation parameters (vectors/attributes) that are processed for face swap and style transformation features. The company does not build a facial recognition database for identification purposes, nor does it permanently store any face data.
B. Purpose of Use
- Face data is used solely to perform user-requested functions such as face swap and style transformation. Processing is strictly limited to improving alignment and generation quality. It is never used for advertising, profiling, user tracking, or any unrelated purpose.
C. Retention and Deletion
- Face data is only processed temporarily in memory until AI content generation is complete. Once the process is finished, all face data is automatically and permanently deleted, without being stored on company servers.
D. Storage
- The company does not store original face photos or any face data on its servers. The generated results (face swap or style transformation content) are saved only on the user’s device, and the company does not access or copy them.
E. Sharing with Third Parties
- The company does not share, disclose, or sell face data to any third parties. Consequently, no third party ever stores or retains user face data.
F. User Rights
- Users may withdraw consent for face data processing at any time.Upon withdrawal, no new face data will be processed, and since no data is stored, no additional deletion is required.
G. User Control over Generated Results
- AI-generated results created from face data are stored only on the user’s device. Users have full control over whether to keep or delete the results. The company has no access to these results and does not transmit them to external servers.
Article 2 (Destruction of Personal Information)
The Company processes the personal information of data subjects only within the scope explicitly stated for the purposes of collection and use. Personal information is provided to third parties only with the data subject’s consent or in cases permitted under Article 17 and Article 18 of the Personal Information Protection Act, such as when required by law or other special provisions.
As a general rule, the Company promptly destroys personal information once the purpose of its collection and use has been fulfilled. However, if it is required to retain the information under applicable laws or regulations, the personal information will be transferred to a separate database or stored in a different location. Such retained personal information will not be used for any purpose other than the purpose for which it is preserved.
A. Destruction Procedure
- When the reason for destruction arises, the Company identifies the relevant personal information and destroys it upon approval from the Company’s Data Protection Officer.
B. Destruction Method
- Personal information recorded and stored in electronic file format is irreversibly deleted so that it cannot be restored. Personal information recorded and stored in paper format is shredded or incinerated.
Article 3 (Provision of Personal Information to Third Parties)
The Company processes personal information only within the scope specified in Article 1 and does not process it beyond that scope or provide it to third parties without the prior consent of the user, in accordance with Article 17 of the Personal Information Protection Act. However, exceptions may apply if required by other laws or in circumstances such as criminal investigations, as stipulated in Article 18(2) of the Personal Information Protection Act.
Article 4 (Entrustment of Personal Information Processing)
The Company does not entrust the processing
of personal information to external parties without the prior consent of the
data subject. However, if the Company enters into an outsourcing agreement in
the future for the purpose of providing services, it will specify in the
agreement (or related documentation) that the entrusted party is prohibited
from processing personal information for purposes other than those of the
commissioned task. The agreement will also include provisions regarding
technical and administrative protection measures, restrictions on
re-entrustment, supervision of the entrusted party, liability for damages, and
other related responsibilities. The Company will supervise the entrusted party
to ensure that personal information is handled securely.
If the Company entrusts the processing of personal information or changes the
content of the entrusted tasks or the entrusted party, it will promptly
disclose such details through this Privacy Policy.
Article 5 (Measures to Ensure the Security of Personal Information)
The Company implements the following measures to ensure the security of personal information:
A. Administrative Measures:
· Establishment and implementation of internal management plans
· Regular training for employees
B. Technical Measures:
· Management of access rights to personal information processing systems
· Installation of access control systems
· Encryption of personal information
· Installation of security programs
C. Physical Measures:
· Access control for computer rooms and document storage facilities
Article 6 (Installation/Operation of Automatic Personal Information Collection Devices and Their Refusal)
1. The company does not use cookies that store and frequently retrieve user information in order to provide individualized customized services.
2. The company may collect ADID/IDFA. ADID/IDFA refers to the advertising identifier value of mobile app users and may be collected to provide personalized advertisements.
• How to refuse:
- Android: Settings > Google (Google Services) > Privacy & Security > Ads > Reset Advertising ID or Delete Advertising ID
- iOS: Settings > Privacy & Security > Apple Advertising > Disable “Personalized Ads”
Article 7 (Personal Information Protection Officer)
The company takes overall responsibility for the handling of personal information and has designated a Personal Information Protection Officer to address complaints and provide remedies related to personal information processing, as well as to handle requests for access to personal information pursuant to Article 35 of the Personal Information Protection Act.
A. Personal Information Protection Officer
- Name: Duho Roh
- Position: CEO
- E-mail: [email protected]
- Phone: 070-4336-1593
B. Personal Information Protection Department
- Department Name: Service Operations Team
- E-mail: [email protected]
- Phone: 070-4336-1593
Article 8 (Remedies for Infringement of Data Subject’s Rights)
Data subjects may seek remedies for personal information infringements by applying for dispute resolution or counseling at the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency’s Personal Information Infringement Reporting Center, and other related organizations. For reporting or counseling regarding other personal information infringements, please contact the following agencies:
|
Agency |
|
Website |
||
|
Personal Information Infringement Reporting Center |
118 |
|||
|
1833-6972 |
|||
|
1301 |
|||
|
182 |
Article 9 (Changes to the Privacy Policy)
The Company may revise the Privacy Policy to reflect changes in laws or service updates. When the Privacy Policy is amended, the Company will post the changes, and the revised Privacy Policy will take effect seven (7) days after the posting date. However, if there are significant changes affecting users’ rights, such as changes to the types of personal information collected or the purposes of use, the Company will notify users at least thirty (30) days in advance.
Supplementary Provision
This Privacy Policy shall take effect from May 20, 2025.