1. What we collect and how
DAREWALK Corp. (the “Company”) values your personal data and complies with applicable data-protection laws including Korea's Personal Information Protection Act. This policy explains what data we collect across our services, how it is used, and how it is protected.
Data collected at sign-up:
- Social sign-up — Google, Facebook, Apple: profile (nickname, profile image) and email address; Kakao: profile (nickname, profile image), email address and mobile phone number.
- Email sign-up — name, email address, password and mobile phone number.
Additional data collected when brands/advertisers use channel management and creator-matching services:
- Name, email address, phone numbers, Google sensitive data (YouTube channel and video performance data and revenue data), TikTok account and content data, and Meta account and content data.
- You can disconnect linked channels and request deletion of this data at any time: from the MY tab → platform management, by contacting the privacy officer (Section 12), or via the request form at tally.so/r/nWNd9P.
Data generated while using the services: service-usage records, access logs, records of misuse, mobile-device information (model, OS version, device identifier, advertising ID), payment records, country of access, language settings, IP address, and cookies.
Collection methods: information you enter directly with consent; Google/YouTube/TikTok/Meta API connections you authorize; information entered when purchasing content or goods; information lawfully provided by partner companies; and device/usage data generated automatically on web and mobile.
2. Why we use personal data
- Member management — confirming sign-up intent, age and identity verification, user identification, withdrawal handling.
- User protection and service operation — preventing fraud and unauthorized use, restricting misuse, record-keeping for dispute resolution, handling complaints, delivering notices such as policy changes.
- Using additionally collected data only for the purpose it was collected for.
- Marketing — surveys, event information, participation opportunities and promotional communications.
- Service development — building and improving features, analyzing usage records and access frequency, statistics and personalized services.
3. Consent to collection and use
We obtain consent through explicit Agree / Do not agree choices; consent boxes are never pre-selected. Declining optional items does not restrict sign-up or core services, and any limits that follow from declining are stated specifically.
If inaccurate information (such as an unreachable email) obstructs service delivery, we may ask you to correct or delete it. Information you voluntarily disclose in public online spaces may be collected by third parties, for which the member bears responsibility.
4. Provision and sharing of personal data
We use personal data only within the scope described in Sections 1 and 2 and, as a rule, do not disclose it externally without your prior consent. Separate consent is obtained before any provision to third parties.
Exceptions apply only where permitted by law — for example: where other statutes specifically provide for it; emergencies threatening life, body or property where consent cannot be obtained; deliberation by the Personal Information Protection Commission; obligations under treaties or international agreements; criminal investigation and prosecution; court proceedings; and execution of sentences or protective measures.
5. Outsourcing of data processing
We entrust parts of our operations to the following processors, with contractual safeguards for data protection:
- Toss Payments Co., Ltd. — payment processing and purchase-protection services; retained until membership withdrawal or contract expiry.
- Payple Co., Ltd. — payment processing and purchase-protection services; retained until membership withdrawal or contract expiry.
- Amazon Web Services, Inc. and Microsoft Corp. — data storage and infrastructure management; retained until the purpose is achieved or contract expiry.
6. International transfer
Personal data collected in the course of providing the services is transferred to and stored with the following providers in the United States, transmitted over networks as needed during sign-up and service use, and retained until membership withdrawal or contract expiry:
- Amazon Web Services, Inc. (US) — data storage and system operation; contact: aws.amazon.com/compliance/contact.
- Microsoft Corp. (US) — data storage and system operation; contact: azure.microsoft.com/en-us/contact.
7. Retention periods
We process and retain personal data within the period consented to at collection or required by law, then destroy it irreversibly.
Retention with separate consent: records of fraudulent use (fraudulent sign-ups and sanctions) — 6 months; records of fraudulent transactions (phone number, shipping address, name, account email) — 3 years.
Statutory retention: display/advertising records — 6 months; contract and withdrawal records — 5 years; payment and supply records — 5 years; consumer complaints and dispute records — 3 years (E-Commerce Consumer Protection Act); credit-information records — 3 years (Credit Information Act); website visit records — 3 months (Protection of Communications Secrets Act); identity-verification records — 6 months (Network Act).
8. Destruction of personal data
When personal data is no longer needed, it is destroyed without delay — electronic files are deleted irrecoverably and printed materials are shredded or incinerated. Where other laws require continued retention, the data is moved to a separate database or storage location.
Data obtained through Google/YouTube APIs is handled per Google's Privacy Policy and the Google API Services User Data Policy (including its Limited Use requirements); data obtained through the TikTok API is handled per TikTok's privacy policy. Disconnecting an API integration stops further collection.
You can request destruction of your data at any time via tally.so/r/nWNd9P and we will act as quickly as possible.
9. Your rights and responsibilities
You may view or correct your personal data at any time and may request account deletion. Contact the privacy officer by mail, phone or email and we will act without delay. While a correction request is pending, the data in question is not used or provided; if incorrect data was already shared with a third party, the correction is notified to them promptly.
Please keep your information accurate and up to date, protect your credentials, and respect other users' data. Misusing another person's information may result in account restrictions and penalties under applicable law.
10. Cookies, analytics and advertising identifiers
We use cookies to remember preferences and provide personalized services. Cookies identify browsers, not individuals, and you can allow, confirm or block them in your browser settings; blocking may limit some signed-in features.
We may use web-analytics tools such as Google Analytics (opt out at tools.google.com/dlpage/gaoptout). We may collect ADID (Android) / IDFA (iOS) advertising identifiers, retained for 1 year, for personalized services; you can limit this in your device's ads settings. Collected identifiers may be used with advertising platforms (Facebook Pixel, Google Ads, Naver Premium Log Analytics, Kakao Pixel) and attribution tools (Amplitude, Branch, Appsflyer).
Where you have consented, we collect YouTube channel and revenue data via Google/YouTube APIs, and account/content data via TikTok and Meta APIs. You can revoke these connections at any time at myaccount.google.com/permissions (Google), TikTok's connected-apps settings, or Meta's settings respectively.
11. Safeguards
We work to protect personal data against loss, theft, leakage, alteration and damage. Passwords, account numbers and card numbers are stored encrypted as required by law. We operate security measures against hacking and viruses, limit personal-data access to the minimum necessary staff, and train them regularly on this policy.
12. Privacy officer
Privacy officer: Sunjoong Yoon · Tel 0507-8610-2951 · Email support@darewalk.com. You may report any privacy concern arising from your use of the services and request access to your personal data; we will respond promptly and fully.
For further help you may contact the Korean authorities: Personal Information Infringement Report Center (privacy.kisa.or.kr / 118), Supreme Prosecutors' Office Cybercrime Division (spo.go.kr / 1301), National Police Agency Cyber Bureau (182), or the Personal Information Dispute Mediation Committee (kopico.go.kr / 1833-6972).
13. Changes to this policy
Changes to this policy are announced through in-service notices or app push notifications, with version numbers, announcement dates and effective dates so revisions are easy to track.
Announced: March 21, 2023.
