Privacy Policy

Article 1 Objective

DEAR U Co., Ltd. (the “Company”) lawfully processes and securely manages personal information in compliance with the Personal Information Protection Act and related laws to protect the rights and freedoms of data subjects. In accordance with Article 30 of the Personal Information Protection Act, the Company hereby establishes and discloses the following privacy policy to inform data subjects of the procedures and standards for the processing of personal information and to ensure prompt and smooth handling of related grievances.

Article 2 Personal information to be collected and the collection method

1. The Company processes the following personal information items based on the data subject’s consent, pursuant to Article 15(1)(1) of the Personal Information Protection Act (“consent”).

(1) bubble App Membership Registration

- Required Items: E-mail address, password, profile information (nickname, profile picture

- Optional Items: Area of residence (country or region), gender, date of birth

(2) The identification of a legal representative (of 'Minor Members' under the age of 14)

- Required items: Legal representative (guardian) name, e-mail address

(3) Winner Verification and Prize Delivery for Event Promotions

- Required Items: Subscription Information, e-mail address, name, mobile number, address, Postal Code

2. The Company processes the following personal information items without the data subject’s consent, pursuant to Article 15(1)(4) of the Personal Information Protection Act (“performance of contract”).

(1) Provision and Operation of the Service

- Required items : Massages

(2) Payment for Paid Services

- Required items : ID(useridx), E-mail address, Order ID, appGroup information, Registered Payment Method Information (Partial Card Number, Card Issuer, Access Country), Identity Verification Information (Verification Transaction ID, Encrypted Authentication Data)

(3) Refund Processing

- Required Items : Purchase Information (Purchase Account, Purchased Item, Purchase Receipt, Reason for Refund), Payment Information (Name, Date of Birth, Mobile Carrier, Mobile Phone Number, Card Issuer, CI Value, DI Value), Account Information for Bank Transfer Refunds (Account Holder, Bank Name, Account Number)

3. The Company processes personal information that is automatically generated and collected during the service delivery process, as described below.

- Personal Information Items : Service Usage Records, Access Logs, Cookies, Access IP Information, Payment Records, Device Information (Service Version, OS, OS Version, Device Model Name)

- Collection Method: collection via automated data collection tools

4. The company notifies and receives consent from the user in advance during the process of providing mobile app services, and may collect/use the following device access permissions. The user has the right to refuse consent to the collection of optional access permission information, and they shall still be able to receive services except for these functions without giving consent. These access permissions may be changed through the device settings.

(1) Android

[Required Access Permissions]

01. Photo & Video: Used to upload photos and videos (13.0 version or over)

02. Storage: Used to upload photos and videos (13.0 version under)

[Optional Access Permissions]

01. Mic: Used to record and send voice messages/videos

02. Camera: Used to film and send photos and videos and to set profile pictures and chatroom background images

03. Notification

Receive PUSH notifications (13.0 version or later)

(2) iOS

[Optional Access Permissions]

01. Photo

Used to send and store photos and videos and to set profile pictures and chatroom background images

02. Camera

Used to film and send photos and videos and to set profile pictures and chatroom background images

03. Mic

Used to record and send voice messages and videos

04. Notification

Receive PUSH notifications

Article 3 Purposes of collecting and using personal information

The company uses the collected personal information for the following purposes.

(1) Membership Registration and Management

To confirm user intent for membership-based services, prevent duplicate registrations, maintain and manage membership status, prevent fraudulent use, handle disputes and complaints, issue notices and announcements, verify parental consent when processing personal information of children under 14, and confirm the identity of legal guardians.

(2) Service Provision

To deliver content, transmit messages, authenticate identity, process orders, payments, and refunds for paid services, handle complaints, provide customer support, and enhance security.

(3) Event Promotions

Winner Verification and Prize Delivery

(4) Marketing and advertisement

Development of new services, provision of customized services, service provision and advertisement according to statistics, verification of service effectiveness, access frequency identification, statistics regarding members’ service use, and provision of event and advertising information and participation opportunity

Article 4 Processing of Personal Information of Children Under the Age of 14

1. When consent is required to process the personal information of a child under the age of 14, the Company shall obtain consent from the child’s legal representative.

2. When obtaining consent from legal representatives for the processing of personal information of children under 14 years of age, the Company may request minimal information from the child, such as the legal representative's name and email address, and will have the legal representative indicate their consent on the website or app where the consent details are posted.

Article 5 Period of Retention and Use of Personal Information

1. The Company processes and retains personal information within the period of retention and use consented to by the data subject at the time of collection.

(1) Membership Registration and Management : Until the user withdraws membership

(2) Service Provision : Until the time of membership withdrawal or until the data subject’s requested order, payment, refund, complaint resolution, and customer service process has been completed

(3) Event Promotions : Until the end of the event or the completion of prize distribution

(4) Marketing and advertisement : Until consent is withdrawn or membership is terminated

2. However, in the following cases, personal information shall be retained and used until the relevant reason no longer applies:

(1) In cases where other laws prescribe specific retention and use periods, until the expiration of such legally mandated periods

(2) In cases where investigations or inquiries are under way due to legal violations, until the conclusion of such investigations or inquiries

(3) In cases where there are outstanding obligations arising from service use, until settlement of such obligations

3. Additionally, the personal information and relevant statutes requiring retention for a certain period are as follows:

(1) Article 6 of the Act on the Consumer Protection in Electronic Commerce (Preservation of Transaction Records, etc.)

- Records related to contracts or withdrawal of subscription : 5 years

- Records for payment and supply of goods : 5 years

- Records related to consumer’s complaints or disputes : 3 years

- Records for presentation/advertisement : 6 months

(2) Article 15-2 of the Protection of Communications Secrets Act (Duty of Cooperation of Telecommunications Service Providers)

- Internet communications, log records, connection tracking data: Three (3) months

(3) Article 85-3 of the Framework Act on National Taxes (Keeping and Retention of Books, etc.)

- All transaction-related books and supporting documents prescribed under tax laws (e.g., withholding tax details for event prize winners): Five (5) years

4. For users who have not used the Company’s services for one (1) year or longer, the Company shall notify the data subject at least thirty (30) days in advance by email or other means and proceed with destruction of the personal information. However, if retention is required under applicable laws and regulations, the Company shall retain the user’s personal information for the statutory retention period.

Article 6 Destruction procedure and method of personal information

1. The Company shall promptly destroy personal information when the retention period has expired or the purpose of processing has been fulfilled.

2. If the retention period agreed upon by the data subject has expired or the purpose of processing has been fulfilled, but other laws require continued retention of the personal information, the Company shall store such information in a separate database or in a location distinct from the original storage. Items and legal grounds for such retention are detailed in Article 5 (Retention and Use Period of Personal Information).

3. The procedures and methods for destroying personal information are as follows:

(1) Destruction procedure

Personal information subject to destruction is selected, and with the approval of the Company’s Chief Privacy Officer, the information is destroyed.

(2) Destruction methods

Printed personal information is shredded by a shredder or incinerated. Personal information saved in electronic file type will be deleted by technical method that does not allow recovery of data.

Article 7 Consent to Third-Party Provision of Personal Information

1. The Company processes a data subject’s personal information within the scope of the purpose of processing and provides personal information to third parties only in accordance with Article 17 and Article 18 of the Personal Information Protection Act, such as with the consent of the data subject or under specific legal provisions. It does not provide the data subject’s personal information to third parties beyond these cases.

2. For smooth service provision, the Company provides personal information to third parties in the following cases, with the consent of the data subject and limited to the minimum necessary scope:

- Recipient : 아이앤비100엔터테인먼트 (INB100 Entertainment Co., Ltd.)

- Purposes : Service operation and management

- Information : Chat content, Nickname, Email address

- Duration of keeping and using personal information : Until the termination of the business partnership agreement or the member’s withdrawal.

3. When personal information is provided to a third party located overseas, such provision is guided under Article 9 (Cross-Border Transfer of Personal Information).

Article 8 Outsourcing of Personal Information Processing

1. The Company outsources certain personal information processing tasks as outlined below for the efficient handling of such tasks.

Entrusted Task	Data Processor	Sub-processor
Cloud Infrastructure Management and Operation	MEGAZONE CLOUD Corp.
Recording of customer service conversations	LG U+
Identity Verification	Payletter Inc. Korea Credit Bureau.
Paid Service Payment and Refund Processing	Payletter Inc.	SK m&service NARACREDIT BNK CREDIT INFORMATION
Prize Delivery	Korea Post
Digital Gift Voucher Delivery	kt alpha Co

2. When entering into outsourcing agreements, the Company specifies, in accordance with Article 26 of the Personal Information Protection Act, the prohibition of personal information processing for purposes other than the delegated tasks, technical and administrative protection measures, restrictions on re-outsourcing, management and supervision of the Data Processor, liability for damages, and other relevant matters in the agreement, and supervises whether the Data Processor handles personal information securely.

3. In accordance with Article 26(6) of the Personal Information Protection Act, if a Data Processor re-outsources personal information processing tasks, the Data Processor must obtain prior consent from the Company.

4. Cases of outsourcing personal information processing overseas are addressed in Article 9 (Cross-Border Transfer of Personal Information).

5. If the contents of the trusted works or trust company is changed, the company shall publish it immediately through this Privacy Policy.

Article 9 Cross-Border Transfer of Personal Information

1. To provide services, the Company transfers the personal information of data subjects overseas as follows:

Transferee	AMAZON Web Service Contact Information : aws-korea-privacy@amazon.com
Legal basis for the transfer	Article 28-8(1)(3) of the Personal Information Protection Act (Overseas outsourcing or storage for contract performance)
Transferee Country	Japan
Transfer Date and Method	Online delivery upon collecting personal information
Transfer Items	All personal information collected or generated under Article 2
Retention Period	When the purpose of collecting and using personal information is achieved or when the outsourcing contract is terminated
Purpose of Use	To send, process, and store personal information on the cloud

* However, AMAZON Web Service may only physically manage the server, and shall not access the personal information of members in principle.

2. If you refuse the overseas transfer, you will not be able to use the service. If you do not wish your information to be transferred overseas, you may request to withdraw your membership.

Article 10 Rights and Duties of the Information Agent or Legal Representative and How to Exercise Rights

1. Data subjects may, at any time, exercise their rights (hereinafter referred to as “exercise of rights”) to request access, transmission, correction, deletion, suspension of processing, and withdrawal of consent regarding their personal information. For children under the age of 14, their legal representatives must exercise these rights. For data subjects aged 14 and above who are minors, they may exercise such rights either personally or through their legal representatives.

2. The Company will take prompt action in response to any exercise of rights.

- Data subjects may at any time directly access, modify, or delete their personal information via [My Profile > Edit Profile] in the service app.

- Data subjects may consent to or withdraw consent for the collection and use of optional personal information at any time through [MORE > Settings > Privacy Management] in the service app.

- Data subjects may request withdrawal of consent or suspension of data processing at any time via [MORE > Settings > Withdraw Membership] in the service app.

3. The rights of data subjects to access personal information and request suspension of processing may be restricted under Articles 35(4) and 37(2) of the Personal Information Protection Act

4. Requests for correction or deletion may not be granted if the relevant personal information is required to be collected under applicable laws.

5. The data subject is responsible for any issues resulting from the provision of inaccurate information. If false information, such as another person’s data, is provided, the member may lose their membership.

6. The exercise of rights may be made through a representative, such as the data subject’s legal guardian or a delegated person, via written request or email. In such cases, a power of attorney following Form No. 11 of the “Notification on the Method of Processing Personal Information” must be submitted.

7. The Company verifies whether the individual exercising rights is the data subject or a legitimate representative.

Article 11 Measures to Ensure the Security of Personal Information

The Company implements the following measures to ensure that the personal information of data subjects is not lost, stolen, leaked, altered, or damaged.

- Technical Measures

The company makes best efforts to prevent members’ personal information from being leaked or damaged by hacking or computer viruses. It frequently backs up data in preparation for the case where personal information is damaged, uses the most recent vaccine program to prevent users’ personal information from being leaked or damaged, uses encrypted communication to safely transmit personal information in the network, and uses intrusion blocking system to control unauthorized access from third parties. The company is striving to have all kinds of technical devices as much as possible in order to establish a secured system.

- Administrative Measures

The Company establishes and enforces an internal management plan, provides periodic training to employees, and operates a dedicated team and a Chief Privacy Officer responsible for personal information protection.

- Physical Measures

The Company limits personal information processing to designated personnel only, assigns them unique passwords, controls access by non-authorized personnel, and regulates the import and export of data.

Article 12 Installationㆍoperation of automatic collector of personal information and refusal

1. The company installs/operates cookies in order to support faster web environment to members. Members can refuse to install cookies. Cookie is a small text file sent from a server operating websites to the browser of a user. Cookie is installed in a storage of a user's device. The cookie does not collect personally identifiable information, and users can refuse to save a cookie or delete it anytime. The company can support faster and more convenient web environment for users by saving settings or preferred pages designated by users through the cookie.

2. Installation, operation of cookie and refusal

(1) The data subject has the option to allow the installation of cookies.

(2) The data subject can allow all cookies through option settings of web browser and OS, or allow cookies whenever they are installed, or refuse the installation of all cookies. However, if users refuse to install cookies, it may be inconvenient to use the website, and it may be difficult to use some services requiring login.

(3) Settings by browsers

- Internet Explorer: Tools menu in the upper side of web browser > Internet option > Personal information > Settings

- Chrome: Settings in the right side of web browser > Advanced settings in the bottom of the screen > Contents settings button of personal information > Cookies

Article 13 Linked Sites

The company may provide members with links to other companies' websites or resources. In such cases, the privacy policies of those websites are not related to the company or this Privacy Policy. We recommend checking the privacy policies of the respective companies or websites.

Article 14 Person responsible for personal information management and Department in charge

1. The Company is responsible for overall personal information processing and designates a Chief Privacy Officer and a responsible department to handle data subject's complaints and remedy damages related to personal information processing.

(1) Person responsible for personal information management

- Name: Bongju Kang

- Position : Director

- Contact information : 070-5158-6918 / privacy@dear-u.co

※ Calls are directed to the Department in charge of personal information protection.

(2) Department in charge of personal information protection

- Department in charge : Information Protection Team, CS Team.

- Contact Information : 070-5158-6918 / privacy@dear-u.co

2. Data subjects may contact the Chief Privacy Officer or the responsible department for inquiries, complaints, or requests related to personal information. The Company will respond to and address the data subject’s inquiries without delay.

Article 15 Remedies for Infringement of Data Subject Rights

Data subjects may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency, or the Personal Information Infringement Reporting Center to seek remedies for infringement of their personal information rights. For other reports or consultations on personal information infringement, please contact the agencies listed below.

- Personal Information Dispute Mediation Committee (https://www.kopico.go.kr) / 1833-6972

- Korea Internet & Security Agency (KISA) (https://privacy.kisa.or.kr / 118)

- Korean National Police Agency Cyber Bureau (https://ecrm.cyber.go.kr / 182)

Article 16 Amendment of privacy policy

1. If the company amends this Privacy Policy, it will publish the reason of amendment and the effective date with current Privacy Policy through the notification in services.

2. This Privacy Policy will be applied from June. 30. 2025 (KST)

Previous Privacy Policy ▷

bubble for INB100

Privacy Policy