Privacy Policy
moii Privacy Policy
Illuni Co., Ltd. (hereinafter referred to as the "Company") complies with relevant laws and regulations, including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, in order to provide the "moii" app service (hereinafter referred to as the "Service"), and has established and publicly discloses this Privacy Policy to safely protect users' personal information.
Article 1) Categories of Personal Information Collected, Collection Methods, and Purposes of Use
The Company collects only the minimum information necessary to provide the Service.
(1) Membership Registration and Customer Management
- Purpose of Collection: Membership registration, identity verification (mobile phone number authentication), customer management (inquiry/complaint handling), service operation and security
- Required Items
- Mobile phone number
- Device information (model name, OS version, device identifier (e.g., device ID/advertising identifier or equivalent identifiers), carrier information)
- Access information (access IP, access date/time, logs)
- Approximate location
- information (Geo IP-based country/region level)
* The Company does not collect precise location information as a mandatory requirement such as GPS data; Geo IP is used solely for security and fraud prevention (anomaly detection) purposes.
- Optional Items: Nickname, gender, date of birth, profile photo
- Collection Methods
- Directly entered by users during the membership registration process
- Automatically generated during the use of the Service (logs/device information/access information, etc.)
(2) Service Usage
- Purpose of Collection
- Profile management, search algorithm provision, call functionality provision, and stable service operation
- Prevention of fraudulent use and ensuring service safety
- Collected Items
- Service usage records (screen/feature usage history, access records, error logs, etc.)
- Call-related information (call start/end time, call duration, call status, and other call metadata)
- Notice regarding voice (call content) processing
- The Service may request microphone access permission to provide voice call functionality.
- In principle, the Company does not store users' "call content (voice)."
Call content is temporarily processed on the device and/or through communication channels to provide call functionality, and is not retained in a separate audio file format after the call ends.
(3) Service Quality Improvement (Analysis/Statistics)
- Purpose of Collection: Analyzing service usage patterns, error analysis, and quality improvement through statistical compilation
- Collected Items: Device ID or equivalent identifier, event logs, error logs, service usage history (call records/usage records, etc.), network information
- Principle
- When processing data for analytical purposes, the system is designed to avoid collecting/using information that can directly identify individuals to the extent possible, and when necessary, processes only the minimum scope.
(4) Prevention of Fraudulent Use and Re-registration
- Purpose of Collection: Detection/blocking of fraudulent use, prevention of re-registration, maintaining service safety
- Collected Items: Unique identification ID (internal identifier), nickname, usage records (call metadata/usage history), purchase history (when applicable)
- Retention Principle
- Instead of "permanent retention," the principle of "long-term retention of minimum identification information" is applied.
- For accounts permanently restricted due to fraudulent use, only **minimum identification information (such as encrypted internal identifiers)** may be retained for an extended period to prevent re-registration, and all other personal information is destroyed without delay after the purpose has been achieved.
(5) Customer Inquiries
- Purpose of Collection: Responding to inquiries, fact verification, and dispute resolution
- Collected Items: Unique identification ID (internal identifier), inquiry content (including information provided by the user)
- Retention Period: After the completion of inquiry processing, retained for the minimum period required by relevant laws or internal standards, then destroyed
(6) Event Participation and Marketing Consent (Optional)
- Purpose of Collection: Event operation, prize delivery/distribution, benefit notifications (text message/email/push)
- Collected Items: Unique identification ID, mobile phone number, (if opted in) email, etc.
- Consent Withdrawal Method: Can be withdrawn at any time through in-app settings or customer center (see Article 6 below)
- Retention and Usage Period: Until membership withdrawal or consent withdrawal
(7) Personal Information Processing Notice
- The Company does not provide its services to minors under the age of 19 and does not collect personal information related thereto.
- For details regarding personal information processed for call policies, please refer to the Operating Policy.
- The Company collects personal information through the following methods and obtains prior consent before collection.
① By users directly entering personal information during the use of the Service
② By automatically generating and collecting access records, usage records, etc. during the use of the Service
Article 2) Automatically Collected Personal Information Items and Deletion Methods
The following information may be automatically generated and collected during the use of the Service.
- Collected Items: Visit records, access IP, access date/time, service usage records, error logs, device type/model name/OS version, communication status, network type, etc.
- How to Delete Device Cache/App Data
This section describes how to delete device cache/app data. For account deletion and deletion of personal information stored on servers, please refer to Article 6 (Membership Withdrawal/Deletion Request).
- Android: Application Info > Storage > Clear Cache and Data
- iOS: Settings > General > iPhone Storage > Select App > Offload App
Article 3) Retention Period and Destruction
The Company destroys personal information without delay once the purpose has been achieved. However, if retention is required under relevant laws and regulations, the information shall be retained for the applicable period.
(1) Member Information
- Retention Period: Until membership withdrawal
- Post-Withdrawal Retention for Fraud Prevention (Minimum Scope)
- After membership withdrawal, minimum identification information may be retained for 1 year to prevent fraudulent use, and will be destroyed after the applicable period expires.
- For long-term restricted (permanently suspended) accounts, only **minimum identification information (such as encrypted internal identifiers)** may be retained for an extended period to prevent re-registration.
(2) Mandatory Retention Periods Under Relevant Laws
Retained and destroyed after the periods specified by relevant laws such as the Act on Consumer Protection in Electronic Commerce and the Protection of Communications Secrets Act
| Law | Legal Basis | Period |
|---|---|---|
| a. Records on display and advertising | Act on Consumer Protection in Electronic Commerce | 6 months |
| b. Records on contracts or subscription withdrawal | Act on Consumer Protection in Electronic Commerce | 5 years |
| c. Records on payment and supply of goods, etc. | Act on Consumer Protection in Electronic Commerce | 5 years |
| d. Records on consumer complaints or dispute resolution | Act on Consumer Protection in Electronic Commerce | 3 years |
| e. Records on access logs | Protection of Communications Secrets Act | 3 months |
| f. Records on electronic financial transactions | Electronic Financial Transactions Act | 3 years |
(3) Destruction Method
- Electronic files: Permanently deleted using methods that prevent recovery
- Printed materials: Shredded or incinerated
Article 4) Entrustment of Personal Information Processing and Provision to Third Parties
The Company entrusts personal information processing tasks as follows for smooth handling of personal information operations.
The Company only entrusts a portion of the tasks necessary for service provision to external companies. When entering into entrustment agreements, in accordance with relevant laws, the Company specifies in the contract matters such as prohibition of personal information processing beyond the purpose of the entrusted task, technical and administrative protective measures, restrictions on re-entrustment, management and supervision of the trustee, and liability including compensation for damages, and regulates and supervises as necessary to ensure the trustee processes personal information safely in accordance with relevant laws.
(1) Entrusted Personal Information Processing Tasks and Trustees
The Company imposes obligations on trustees through contracts to comply with personal information protection measures at the same level as this Policy, and manages and supervises them accordingly.
| Trustee | Entrusted Tasks |
|---|---|
| KG Inicis Co., Ltd., Kakaopay Corp., Korea Cyber Payment Co., Ltd., Naver Corp., NHN Payco Corp., eBay Korea Co., Ltd. Samsung Electronics Co., Ltd. Google Payment Korea LLC Apple Inc. | Provision of electronic payment methods |
| KG Mobilians Co., Ltd. | Identity verification |
| SK Telink | Safe number service |
| NHN Corp. | Kakao Biz Message and SMS service operation |
| AWS | Service operation |
| Firebase | Authentication |
| AWS, Firebase, Singular | Service usage behavior analysis |
(2) Provision to Third Parties
In principle, the Company does not provide users' personal information to third parties.
However, personal information may be provided only with the user's separate consent or when there is a legal basis.
Article 5) Overseas Transfer of Personal Information
In the course of service operation, personal information may be transferred to and processed in countries outside Korea (e.g., the United States) due to the use of infrastructure from global providers such as AWS/Firebase/Singular.
The Company complies with the procedures required by relevant laws (obtaining consent, securing safety measures, entering into contracts, etc.), and when an overseas transfer occurs, the Company notifies users of the recipient, the country of transfer, the items transferred, the purpose of transfer, and the retention period.
Article 6) User Rights (Consent Withdrawal/Deletion Request) and How to Exercise Them
Users may request access to, correction, deletion, suspension of processing, and withdrawal of consent for their personal information at any time.
(1) Account Deletion
- Users can delete their account through the [My > Settings > Delete Account] menu within the app.
- Upon account deletion, all personal information will be destroyed without delay, except for information that must be retained under relevant laws.
(2) Withdrawal of Marketing Consent
- Users can change their consent for push notifications/text messages/email at any time through the in-app settings.
- Alternatively, users can make a request through the customer center (contact@illuni.com).
(3) Contact for Inquiries/Requests
- Email: contact@illuni.com
- Phone: 070-4128-9007
Article 7) Access Permissions (Purpose of Permission Requests)
The Service may request the following access permissions to provide its features.
- Microphone (Required): To provide voice call functionality
- Photos/Camera (Optional): To register profile photos
- Notifications (Optional): To provide service notifications
Users can use the basic features even without granting permissions; however, some features that require the relevant permissions may be restricted.
Article 8) Measures to Ensure the Safety of Personal Information
The Company implements the following protective measures to ensure the safety of personal information and prevent it from being lost, stolen, leaked, altered, or damaged when handling users' personal information.
- Technical Protective Measures
- Users' personal information is protected by passwords, and important data is protected through additional security features such as encryption of files and transmitted data or file lock functions.
- The Company takes measures to prevent damage from computer viruses using antivirus programs. Antivirus programs are updated periodically, and when a sudden virus appears, the vaccine is provided as soon as it becomes available to prevent personal information from being compromised.
- The Company employs security devices (SSL) using encryption algorithms to safely transmit personal information over the network.
- To prepare for external intrusions such as hacking, the Company makes every effort to ensure security by using intrusion prevention systems and vulnerability analysis systems for each server.
- Administrative Protective Measures
The Company restricts the number of personnel with access to users' personal information to the minimum necessary. Those included in this minimum personnel are as follows:
① Personnel who perform marketing tasks directly targeting users (only when the user has consented to marketing)
② Personnel who handle customer complaints and usage inquiries
③ The Chief Privacy Officer and staff responsible for personal information management tasks
④ Other personnel for whom handling personal information is unavoidable for business purposes
The Company prevents information leaks by employees through security pledges signed by all employees upon joining, and has established internal procedures to audit compliance with the privacy policy and employees' adherence thereto.
The transfer of duties for personnel handling personal information is conducted thoroughly under secure conditions, and the Company clearly defines responsibility for personal information incidents both during and after employment.
The Company shall not be liable for incidents that occur due to users' own mistakes or fundamental risks of the Internet. Individual users must appropriately manage their IDs and passwords to protect their personal information and bear responsibility for such management.
In the event that personal information is lost, leaked, altered, or damaged due to internal management errors or technical management accidents, the Company will promptly notify users of the facts and take appropriate measures and compensation.
- Retention and prevention of falsification of access records by managing access logs to personal information processing systems (at least 1 year)
- Encryption of personal information
- Installation of security programs and periodic inspections as technical countermeasures against hacking
- Access control restrictions for personal information
Article 9) Rights of Users and Legal Representatives and How to Exercise Them
The Company does its best to safely manage users' personal information and prevent it from being lost, stolen, leaked, altered, or damaged, and takes necessary technical, administrative, and physical measures.
- Users may exercise their rights to request access to, correction of errors, and deletion of their personal information from the Company at any time.
- The above rights may be exercised through written documents, telephone, email, or fax, and the Company will take action without delay.
- If a user requests correction or deletion of personal information errors, the Company will not use or provide the relevant personal information until the correction or deletion is completed.
- Users must not infringe on their own or others' personal information and privacy handled by the Company in violation of relevant laws such as the Act on Promotion of Information and Communications Network Utilization and Information Protection and the Personal Information Protection Act.
Article 10) Collecting Opinions and Handling Complaints
The Company values users' opinions, and users have the right to receive sincere answers to their inquiries at all times.
The Company operates a customer center for smooth communication with users. The contact information is as follows:
| Category | Details |
|---|---|
| contact@illuni.com | |
| Phone | 070-4128-9007 |
| Address | 302, Jeonil Building, 39, Hyoryeong-ro 29-gil, Seocho-gu, Seoul |
The Company has an obligation to sincerely respond after receiving email-based consultations from users. However, if a consultation is received after business hours or on weekends and public holidays, the Company will, in principle, process it on the next business day or the first business day after the weekend or holiday.
If you need additional consultation regarding personal information, you may contact the Company at the email address above. If you need to file a report or seek consultation with a government agency, please contact the following organizations for assistance:
| Personal Information Infringement Report Center | 118 http://privacy.kisa.or.kr/ |
| Information Security Mark Certification Committee | 02-550-9500 http://www.eprivacy.or.kr/ |
| Supreme Prosecutors' Office Cyber Crime Investigation Division | 02-3480-2000 http://www.spo.go.kr |
| National Police Agency Cyber Bureau | 182 https://cyberbureau.police.go.kr/ |
Article 11) Linked Sites
The Company may provide links to other companies' websites or resources to users. In this case, the Company has no control over external sites and resources and therefore cannot be responsible for or guarantee the usefulness of the services or resources provided therefrom. When users click on links provided by the Company and navigate to other sites, the privacy policy of the visited site is unrelated to the Company, so please review the policy of the newly visited site.
Article 12) Chief Privacy Officer and Remedies for Infringement of User Rights
The Company designates a Chief Privacy Officer as follows to take overall responsibility for personal information processing and to handle user complaints and damage relief related to personal information processing.
<Chief Privacy Officer>
| Category | Details |
|---|---|
| Name | Choi Hyeokjae |
| contact@illuni.com | |
| Phone | 070-4128-9007 |
Users may direct all inquiries, complaints, and damage relief matters related to personal information protection that arise during the use of the Service to the Chief Privacy Officer. The Company will respond to and handle users' inquiries without delay.
Article 13) Changes to the Privacy Policy
This Privacy Policy shall be effective from the date of implementation. In the event of any additions, deletions, or corrections to the contents pursuant to relevant laws and this Policy, such changes will be announced through the website without delay.