Privacy Policy

DANGAM Soft Co., Ltd. ("Company," "we," "us") protects your personal information in compliance with the Korean Personal Information Protection Act (PIPA), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other applicable laws. This Privacy Policy describes how we collect, use, store, and delete personal information through the 24Plus Service (website, mobile app, MCP API).

1. Information We Collect

2. How We Use Your Information

No AI Training Policy

Your conversations, input data, and analysis results are never used to train AI models. Statistical analysis for service quality is limited to fully de-identified, aggregated data.

3. Retention and Deletion

Data is destroyed without delay upon expiration of the retention period or fulfillment of the processing purpose. Electronic files are deleted using irrecoverable methods; paper documents are shredded.

4. Third-Party Sharing and Processing

We do not share personal information with third parties except in the following cases.

• With your prior consent
• When required by law
• For service delivery through authorized processors (see table below)

Data Processors

5. International Data Transfers

Some data may be transferred outside of South Korea (e.g., to the United States) in the course of providing the Service. We apply the following safeguards.

• Korea: We notify and obtain consent per PIPA Art. 28-8, or verify adequacy determinations for the receiving country
• EU/EEA: We execute EU Standard Contractual Clauses (SCCs) under GDPR Article 46, or transfer only to countries with adequacy decisions
• US: We verify EU-US Data Privacy Framework certification where applicable; SCCs are used when certification is absent
• All transfers use TLS 1.3 encryption in transit and AES-256 encryption at rest

6. Security Measures

• Technical: TLS 1.3 in transit, AES-256 at rest, one-way password hashing (bcrypt), least-privilege access, firewall and IDS operation
• Administrative: Minimized personnel with data access, staff training, internal management plan, access log auditing (minimum 6-month retention)
• Physical: Server room access control, locked document storage

7. Cookies and Tracking Technologies

Analytics cookies may be declined via browser settings or the in-app cookie consent banner. For EU/EEA residents, prior consent is obtained for non-essential cookies per the ePrivacy Directive. We do not use third-party marketing or advertising cookies.

8. Your Rights

8.1 South Korea (PIPA)

Users may request access, correction, deletion, or suspension of processing of their personal information at any time. Requests may also be made through an authorized representative.

8.2 EU/EEA (GDPR)

• Right of Access (Art. 15): Request confirmation and a copy of your data
• Right to Rectification (Art. 16): Correct inaccurate data
• Right to Erasure (Art. 17): Request deletion under certain conditions ("right to be forgotten")
• Right to Restrict Processing (Art. 18): Limit processing in specific circumstances
• Right to Data Portability (Art. 20): Receive your data in a structured format or have it transferred
• Right to Object (Art. 21): Object to processing based on legitimate interests
• Automated Decision-Making (Art. 22): Not be subject to decisions based solely on automated processing, including profiling
• Withdraw Consent: Withdraw consent at any time for consent-based processing (without affecting prior lawfulness)

EU/EEA residents have the right to lodge a complaint with their national supervisory authority.

8.3 California (CCPA/CPRA)

• Right to Know: Request the categories and specific pieces of personal information we collect, use, and share
• Right to Delete: Request deletion of collected personal information
• Right to Opt-Out of Sale/Sharing: We do not sell personal information or share it for cross-context behavioral advertising
• Non-Discrimination: Exercise your rights without receiving discriminatory treatment in service quality or pricing

8.4 How to Exercise Your Rights

You may submit requests through the methods below. After identity verification, we will process requests without delay (within 10 days under PIPA, 30 days under GDPR). No fees are charged (except for repetitive or excessive requests).

• Email: info@dangamsoft.com
• In-app: Settings → Privacy → Exercise Rights

9. Children's Privacy

We do not intentionally collect personal information from children under 14 (Korea), under 13 (US, COPPA), or below the applicable digital consent age (EU, GDPR Art. 8) without parental consent. If we become aware that a child has provided personal information without proper consent, we will promptly delete such information.

10. Automated Decision-Making and Profiling

Saju analysis by 24Plus involves automated processing by our engine; however, it does not constitute decision-making with legal or similarly significant effects under GDPR Article 22. Analysis results are reference information only, and we do not recommend or induce legal, economic, or medical decisions based on them.

11. Data Protection Officer and Contact

External Authorities

• Korea — KISA Privacy Center: privacy.kisa.or.kr / 118
• Korea — Personal Information Dispute Mediation Committee: kopico.go.kr / 1833-6972
• EU/EEA — Lodge a complaint with your national Data Protection Authority (DPA)
• US — FTC Consumer Protection: ftc.gov/complaint

12. Policy Changes

This Privacy Policy is effective from the date shown above. Changes will be notified at least 7 days before the effective date (30 days for significant changes) via in-app notice and email. Previous versions remain available within the Service.