Privacy Policy

Article 1 (Items of Personal Information Collected and Methods of Collection) 'THE LAB' collects the minimum personal information required to provide seamless services, manage members, and operate subscription services as follows: - Member Registration: Email, name, profile picture (Collected via Google Social Login API) - Pre-registration: Email, contact information, affiliation/position (if necessary), granted benefits, status (e.g., pending registration), reason for pre-approval, registration date (Directly entered into the service by the administrator of the affiliated institution) - Subscription and Service Use: Contact information, subscription tier, remaining subscription period, last login date (Directly entered by the member and automatically generated during service use) Article 2 (Purpose of Collection and Use of Personal Information) 'THE LAB' uses the collected personal information for the following purposes: 1. Member Management: Identity verification, personal identification, prevention of unauthorized and fraudulent use by malicious members, confirmation of intent to join, age verification, handling of complaints and civil petitions, and delivery of notices. 2. Provision of Services and Contract Fulfillment: Granting access to 'THE LAB' services, matching accounts of pre-registered members, providing subscription-based services, providing customized content, and payment processing and settlement (when introduced in the future). 3. Service Improvement: Analyzing access frequency such as the last login date, statistics on members' service use, and confirming service validity. Article 3 (Outsourcing of Personal Information Processing and Overseas Transfer) For service enhancement and stable infrastructure operation, 'THE LAB' outsources the processing of personal information to specialized external companies as follows, and personal information may be transferred overseas due to the use of cloud servers. - Outsourcer (Recipient of Transfer): Supabase, Inc. - Details of Outsourced Task (Purpose of Transfer): Cloud database (DB) operation, Google social login authentication processing, and data storage. - Items of Personal Information Transferred: Information listed in Article 1, including email, name, profile picture, contact information, and subscription details. - Country and Time of Transfer: United States / Transferred via network whenever signing up for the service or entering data. - Retention and Use Period: Until the member withdraws or the outsourcing contract terminates. Article 4 (Retention and Use Period of Personal Information) In principle, personal information is destroyed without delay once the purpose of collection and use is fulfilled. However, the following information is retained for the specified periods for the reasons stated below: 1. Reasons for Information Retention according to Internal Company Policy - Records of Fraudulent Use (Abnormal service usage history): Retained for 1 year to prevent fraudulent registration and use. - Pre-registered data and granted benefits entered by administrators: Retained for the duration of the contract with the affiliated institution (Destroyed upon termination of the contract or request for deletion by the institution's administrator). 2. Reasons for Information Retention according to Relevant Laws - Records on consumer complaints or dispute resolution: 3 years (Act on the Consumer Protection in Electronic Commerce, etc.) - Records on payment and supply of goods, etc.: 5 years (Act on the Consumer Protection in Electronic Commerce, etc.) - Website visit records: 3 months (Protection of Communications Secrets Act) Article 5 (Procedures and Methods for Destroying Personal Information) In principle, 'THE LAB' destroys personal information without delay once the purpose of processing the information has been achieved. The procedure, deadline, and method of destruction are as follows: 1. Destruction Procedure: Information entered by the member is transferred to a separate DB (or a separate file for paper documents) after the purpose is fulfilled and is stored for a certain period in accordance with internal policies and other relevant laws before being destroyed, or is destroyed immediately. 2. Destruction Method: Information in the form of electronic files is deleted using technical methods that render the records unrecoverable. Article 6 (Rights of Users and Legal Representatives and Methods of Exercising Them) 1. 'Members' may view or modify their registered personal information at any time and may also request the termination of their membership. 2. To view or modify personal information, 'Members' can click 'Settings' within the service; to terminate membership (withdraw consent), they can click 'Withdraw' to directly view, correct, or withdraw. 3. For members pre-registered by an 'administrator' of their affiliated institution, personal information may also be processed through the administrator's request for authorization revocation and data deletion, in addition to the member's own request.