MOMENT Privacy Policy

MOMENT ('Service Provider') processes personal information for the following purposes:
1. Membership registration and management: Confirming intention to join, identification and authentication for membership services, maintaining and managing membership qualifications, preventing fraudulent use of services
2. Provision of goods or services: Service provision, content provision, customized service provision, identity verification
3. Marketing and advertising utilization: Development of new services and provision of customized services, provision of events and advertising information and participation opportunities
4. Civil affairs processing: Verification of complainant's identity, confirmation of complaints, contact and notification for fact-finding, notification of processing results

1. The Service Provider processes and retains personal information within the personal information retention and use period according to laws or the personal information retention and use period agreed upon when collecting personal information from data subjects.
2. Each personal information processing and retention period is as follows:
- Membership registration and management: Until service use contract or membership cancellation
- Provision of goods or services: Until completion of goods/service supply and payment/settlement completion
- Records related to complaint or dispute handling: 3 years

The Service Provider processes the following personal information items:
1. Required items: Email, password, name
2. Optional items: Profile picture, date of birth
3. Automatically collected items: IP address, cookies, MAC address, service usage records, visit records, improper usage records

The Service Provider processes personal information of data subjects only within the scope specified in Article 1 (Purpose of Personal Information Processing), and provides personal information to third parties only when it falls under Articles 17 and 18 of the Personal Information Protection Act, such as consent of the data subject or special provisions of law.

1. The Service Provider consigns personal information processing tasks as follows for smooth personal information processing:
- Consignee: Supabase Inc., Google LLC (Firebase)
- Content of consigned work: Member management, service operation, data storage and analysis
2. When concluding consignment contracts, the Service Provider specifies in documents such as contracts matters related to prohibition of personal information processing other than the purpose of consigned work performance, technical and administrative protective measures, restrictions on re-consignment, management and supervision of consignees, and liability for damages in accordance with Article 26 of the Personal Information Protection Act, and supervises whether consignees safely process personal information.

1. Data subjects may exercise the following personal information protection-related rights against the Service Provider at any time:
- Request to stop personal information processing
- Request to view personal information
- Request to correct or delete personal information
- Request to stop personal information processing
2. The exercise of rights under paragraph 1 may be made to the Service Provider through writing, telephone, email, fax, etc., and the Service Provider will take action without delay.
3. When a data subject requests correction or deletion of errors in personal information, the Service Provider will not use or provide the personal information until the correction or deletion is completed.

1. The Service Provider destroys personal information without delay when personal information becomes unnecessary, such as when the personal information retention period expires or the processing purpose is achieved.
2. When personal information must continue to be preserved according to other laws despite the expiration of the personal information retention period agreed upon by the data subject or the achievement of the processing purpose, the personal information is moved to a separate database (DB) or stored in a different storage location.
3. The procedures and methods for destroying personal information are as follows:
- Destruction procedure: The Service Provider selects personal information for which destruction reasons have occurred and destroys personal information with approval from the Service Provider's personal information protection officer.
- Destruction method: Information in electronic file format uses technical methods that cannot reproduce records.

The Service Provider takes the following measures to ensure the safety of personal information:
1. Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.
2. Technical measures: Access authority management for personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs
3. Physical measures: Access control to computer rooms, data storage rooms, etc.

1. The Service Provider designates a personal information protection officer as follows to take overall responsibility for personal information processing and to handle complaints and remedy damages related to personal information processing:
- Personal Information Protection Officer: Representative (JeongHeon Park)
- Contact: contact@momentstudio.app
2. Data subjects may contact the personal information protection officer regarding all personal information protection-related inquiries, complaint handling, damage relief, etc. that occur while using the Service Provider's services.

1. This privacy policy applies from the effective date, and when there are additions, deletions, and corrections of changes according to laws and policies, it will be announced through notices from 7 days before the implementation of changes.
2. This policy is effective from August 1, 2025.