Privacy Policy

Pentory establishes and publishes the following privacy policy to protect users' personal information and handle related grievances promptly and smoothly.

Article 1 (Purpose of Personal Information Processing)

The company processes personal information for the following purposes:

1. Member Registration and Management

• Providing member registration and login services through Google accounts
• Personal identification and verification for membership services
• Prevention of service misuse

2. Service Provision

• Providing content and customized services
• Analyzing service usage records and access frequency
• Statistical analysis for service improvement

Article 2 (Personal Information Items Processed)

1. Information Collected through Google OAuth

• Required items: Email address, Google account profile name, profile image

2. Automatically Generated and Collected Information

• IP address, access logs, service usage records
• Browser type and OS version

Article 3 (Processing and Retention Period of Personal Information)

1. The company processes and retains personal information within the period of retention and use of personal information in accordance with laws or as agreed upon when collecting personal information from the data subject.

2. Personal information processing and retention periods are as follows:

• Member information: Until membership withdrawal
• Service usage records: 3 years
• Login records: 1 year
• Access logs: 3 months

Article 4 (Destruction of Personal Information)

1. Destruction Principles

The company destroys personal information without delay when it becomes unnecessary due to the expiration of the retention period or achievement of processing purposes.

2. Destruction Procedures and Methods

• Electronic file format: Permanent deletion through methods preventing recovery and reproduction
• Information in Supabase database: Complete deletion processing

Article 5 (Personal Information Security Measures)

1. Technical Measures

• Utilization of Supabase security infrastructure
• Data encryption transmission (SSL/TLS)
• Secure authentication through OAuth 2.0 protocol
• Access authority management and access control

2. Administrative Measures

• Establishment and implementation of internal management plan
• Regular security checks
• Minimization of personal information handlers

Article 6 (Rights and Obligations of Data Subjects and Exercise Methods)

1. Data subjects may exercise the following rights against the company:

• Request access to personal information
• Request correction or deletion of personal information
• Request suspension of personal information processing
• Disconnect Google account linking

2. Rights can be exercised through written document, email, etc., to the company.

Article 7 (Installation and Operation of Automatic Personal Information Collection Devices)

1. The company automatically collects the following information to provide individual customized services:

• Session management through cookies
• Performance analysis data related to Next.js
• Supabase authentication tokens

2. Users can reject cookie storage through browser settings.

Article 8 (Personal Information Protection Officer)

The company designates a personal information protection officer as follows to oversee personal information processing tasks and handle complaints and damage relief related to personal information processing:

Article 9 (Changes to Privacy Policy)

1. This privacy policy is effective from [December 31, 2024].

Article 10 (Remedies for Rights Infringement)

Data subjects can request dispute resolution or consultation from the following institutions for remedy of personal information infringement: