1. Personal Information Collected
Ppomnae collects the minimum personal information necessary to provide the Service.
Collected at signup and social login
- Email address (required)
- Profile name (required)
- Password (email signup only, stored as one-way hash)
- Social login provider info (Google, LinkedIn, as applicable)
- Profile photo URL (from social login or direct upload)
Optional information entered by the member
- Expertise / job title (e.g., frontend developer, product manager)
- Team availability setting
- Browser language (for multilingual service)
Collected when registering a work
- Work name, description, tags, external links, and other registration details
- Creator display name (based on profile name)
- Uploaded images (thumbnail, gallery, brochure, etc.)
Automatically collected during service use
- Last login date/time (auto-recorded on login)
- Work view and like history (anonymous ID-based, for deduplication)
- Access logs (IP address, browser info)
- Page view statistics (path, access time, anonymized)
Collected in connection with AI content review
- Work title and description (sent to Gemini AI for automatic policy screening at registration/update)
- Creator ID and display name (stored in the review record)
- AI review result (flagged reason, categories, Gemini response text, review status)
- Administrator action (approve/reject) and timestamp
Collected at account deletion
- Deletion reason category (required)
- Detailed deletion comment (optional)
- Name and email at time of deletion (retained with the reason record)
Collected in connection with feedback reports
- Reporter's name and email (for action result notification)
- Reported feedback content and reason
- Action result (feedback deletion, activity suspension, or permanent ban)
2. Purpose of Collecting Personal Information
- Member identification and service access management
- Providing work registration, editing, and deletion features
- Profile page display (name, expertise, profile image)
- Team applications and partner features
- Preventing duplicate views and likes
- Statistical analysis including trending and popularity rankings
- Tracking last login date for service usage monitoring (admin operations)
- Automatic AI screening of registered content for policy compliance (sexually explicit, illegal, hate speech, etc.)
- Administrator review and action on AI-flagged content (approve/reject)
- Service improvement through deletion reasons
- Administrator privilege assignment and operational management
- Delivering announcements and important notices
- Multilingual service provision (using browser language settings)
- Processing feedback reports and notifying parties of action results
3. Retention and Use Period
| Item | Retention Period | Basis |
|---|
| Member account info (email, name, profile, etc.) | Deleted immediately upon account deletion | User consent |
| Deletion reason and comments | 1 year from deletion date | Service improvement |
| Work registration info | Upon account deletion or work deletion | User consent |
| AI content review records | 1 year after review completion | Service operations / policy compliance |
| Access logs (IP, etc.) | 3 months | Communications Secrecy Act |
| E-commerce related records | 5 years | E-Commerce Act |
| Team, partner, lead, and investment request records | 1 year after completion | Service operations |
| Feedback report records | 1 year after action completion | Service operations |
4. Third-Party Sharing
Ppomnae does not, in principle, share users' personal information with third parties, except with user consent or as required by law.
5. Data Storage Location and Processing Delegation
Data storage location
All Ppomnae data (member info, work data, image files, logs, deletion reasons, report records, AI review records, etc.) is stored and processed on Google Cloud Platform (GCP) infrastructure. GCP holds international security certifications including ISO/IEC 27001 and SOC 2/3. Data centers may be located in the Republic of Korea and Asia-Pacific regions. GCP's privacy policy is available at cloud.google.com/privacy.
Processing delegation
- Cloud infrastructure (server, DB, file storage): Google Cloud Platform (GCP)
- Social login authentication: Google, LinkedIn (each platform's terms apply)
- AI translation: Google Gemini API (only the relevant text is sent; not retained after translation)
- AI content review: Google Gemini API (work title and description are sent at registration/update for automated policy screening; text is not retained by Google after processing)
- AI idea generation / thumbnail creation: Google Gemini API, Google Imagen API (user-input memo text is sent for content generation; not retained after response)
6. Cookies and Local Storage
The Service uses cookies and local storage for the following purposes:
- Session cookie: Maintaining login state
- Theme cookie: Storing dark/light mode preference
- Language cookie: Storing selected language (Korean, English, Japanese)
- Anonymous ID (local storage): Preventing duplicate views/likes by non-logged-in users
You may refuse cookies in your browser settings, but some features may be limited.
7. Security Measures
- Data transmission encryption via HTTPS
- One-way password hashing (original cannot be recovered)
- Super administrator email stored as SHA-256 hash
- Principle of least privilege (admin features restricted to superadmin)
- Minimum number of staff handling personal information
8. AI Content Review and Actions
When a work is registered or updated, Gemini AI automatically reviews the title and description for content that violates policies (sexually explicit, illegal, hate speech, violence, spam, etc.). This processing involves the work's title, description, and creator information.
- Flagged content (pending review): The work is hidden from public listing and a review record is created. The creator is informed that their post is under review.
- Administrator approval: The work is published and made visible to the public.
- Administrator rejection: The work remains hidden (rejected status) and the creator is notified.
If Gemini AI is unavailable or returns an error, the work is published normally (safe pass-through) to avoid blocking legitimate creators.
9. Measures for Policy Violations (Feedback Reports)
When a member's feedback is reported and confirmed to violate these Terms or community standards, the Company may take the following actions. These actions involve processing the personal information (name, account) of the member subject to the report.
- Deletion of the reported feedback: The reported content is permanently deleted from the Service.
- Suspension of member activity: The member's account is temporarily restricted from accessing Service features.
- Permanent ban: The member's account is permanently deleted from the Service.
The reporter is notified of the action result via email. The subject of the report is notified on their My Page upon next login.
10. User Rights
Users may exercise the following rights at any time:
- Request to access personal information
- Edit personal information (directly via My Page)
- Request deletion of personal information
- Request suspension of personal information processing
- Account deletion (via Danger Zone at the bottom of My Page)
For requests other than account deletion, please contact admin@extory.co.
12. Policy Changes
When this Privacy Policy is amended, we will notify users via the Service announcements 7 days before the change takes effect.