Privacy Policy

<!-- English translation of privacy-policy.md (KO is the authoritative source). DRAFT — same pre-launch legal review applies (effective date, overseas processors, retention, contacts). Keep in sync whenever the Korean version changes. -->

SwissFriends Privacy Policy

Artfriends Inc. (the "Company") complies with the Personal Information Protection Act and related laws in connection with the SwissFriends service it operates (the "Service"), and establishes and discloses this Privacy Policy as follows in order to protect Members' personal information.


Article 1 (Purpose of Processing, Items Processed, and Retention Period)

The Company collects the minimum personal information necessary to provide the Service. The items collected are divided into required items and optional items.

1. Required Items

CategoryPurpose of CollectionItems CollectedRetention and Use Period
Sign-up (social login)Identity verification, provision of membership services, account managementEmail, name or nickname, and user identifier provided by the social login provider (Naver, Apple, Google)Until account withdrawal
Community chat serviceProviding real-time community chat, service operation, prevention of abuse, dispute handlingNickname, profile picture (if set), self-introduction (if set), chat messages and imagesUntil account withdrawal (retained for the required period where retention is mandated by law)
AI travel assistantGenerating the in-chat AI assistant's responses (weather, travel information, etc.)Content of messages the user sends to the AIUntil the purpose of generating the response is achieved (see Article 3, Delegation)
Push notificationsSending app push notifications (new messages, mentions, reactions, etc.)Device push token (FCM/APNs)Until account withdrawal or notifications are disabled
Service operation and securityEnsuring service stability, preventing abuse and misuse, rate limitingAccess logs, IP address, device and browser informationRetention period required by relevant laws

2. Optional Items

CategoryPurpose of CollectionItems CollectedRetention and Use Period
Service usage analysis and statisticsStatistical analysis of service usage, service improvementService usage records (app usage history, access logs, cookies), device information, de-identified informationDestroyed without delay upon withdrawal of consent or account withdrawal (retained for the applicable period where separate retention is required by law)

The Company may de-identify users' access information and the like so that specific individuals cannot be identified, and use it for purposes such as service improvement and statistical analysis.

SwissFriends does not provide paid payment, product purchase, or reservation features, and therefore does not collect payment methods, settlement information, reservation-holder information, or the like.


Article 2 (Provision of Personal Information to Third Parties)

The Company processes a data subject's personal information only within the scope specified in Article 1 and, in principle, does not provide personal information to third parties. It provides personal information to third parties only where Articles 17 and 18 of the Personal Information Protection Act apply, such as with the data subject's consent or under special provisions of law.

The Company may provide personal information to relevant authorities without the data subject's consent as follows.

Legal BasisRecipientPurpose of ProvisionItems Provided
Personal Information Protection Act Article 18(2)2 (special provisions of law), Criminal Procedure Act Article 215Competent police agency, prosecutors' officeRequests made through search, seizure, or verification warrantsInformation within the scope of the request

※ Where personal information is provided to an overseas third party or delegated overseas, such matters are separately described in Article 3 (Delegation of Personal Information Processing).


Article 3 (Delegation of Personal Information Processing)

The Company may delegate personal information processing tasks in order to provide the Service, and manages and supervises the delegated companies to ensure their compliance with the law.

Overseas Delegatees

DelegateeDestination CountryTiming and Method of TransferDelegated Task (Purpose)Retention and Use Period
Google LLC (Google Cloud Platform, Firebase Cloud Messaging)United StatesTransmitted over the network from the time of service useServer and data storage infrastructure, sending Android push notificationsDestroyed immediately upon account withdrawal or withdrawal of consent
Apple Inc. (Apple Push Notification service)United StatesTransmitted over the network from the time of sending a pushSending iOS push notificationsUntil the purpose of delegation is achieved
Anthropic PBC / OpenAI, L.L.C.United StatesTransmitted over the network from the time the AI assistant is invokedGenerating the AI travel assistant's responses (large language model processing)Until the purpose of processing the request is achieved

The above delegation status must be verified and updated according to actual contracts and operations (item for pre-launch legal review).


Article 4 (Destruction of Personal Information)

When the retention period for personal information has elapsed or the purpose of processing has been achieved, the Company destroys the relevant information without delay.

  • Electronic file form: deleted using a technical method that makes recovery impossible
  • Paper document form: destroyed by shredding or incineration

When a Member requests account withdrawal from the Service, the Company destroys the personal information without delay, except for information subject to a retention obligation under relevant laws. However, chat messages and the like that other Members are viewing may be retained in an anonymized state in which the author cannot be identified, for the normal operation of the Service.


Article 5 (Rights of the Data Subject and How to Exercise Them)

Members may at any time request to access, correct, delete, or suspend the processing of their personal information, or withdraw their consent.

  • Requests can be made directly through the in-service My Page or via the Privacy Officer's contact details below (email, phone)
  • Rights may be exercised through a legal representative or an authorized agent

Article 6 (Measures to Ensure the Security of Personal Information)

The Company implements the following measures to ensure the security of personal information.

  • Administrative measures: establishment and implementation of an internal management plan, employee training
  • Technical measures: access-rights management, encryption, installation of security programs
  • Physical measures: access control to computer rooms and data storage rooms

Article 7 (Installation and Operation of Automatic Personal Information Collection Devices, and Refusal Thereof)

The Company may use cookies and the like in the course of providing the Service.

Members may refuse to store cookies through their browser settings, but some parts of the Service may then be restricted.


Article 8 (Privacy Officer)

The Company designates a Privacy Officer to handle inquiries and complaints related to personal information processing.

  • Privacy Officer: Chansu Seo
  • Position: CEO
  • Contact: Phone 070-7918-3582, Email info@artfrnd.com

Article 9 (Purpose of AI Use and Processing of Pseudonymized/Anonymized Information)

The Company provides an in-chat AI travel assistant feature and, for this purpose, may transmit the messages a user sends to the AI to overseas delegatees for large language model (LLM) processing (see Article 3). The Company may pseudonymize or anonymize personal information and use it for purposes such as compiling internal statistics and improving the Service; in such cases it ensures that individuals cannot be identified and complies with the security measures required by law.


Article 10 (Remedies for Infringement of the Data Subject's Rights)

  1. In order to obtain relief for personal information infringement, a data subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Privacy Infringement Report Center, and the like.
    • Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
    • Privacy Infringement Report Center: 118 (privacy.kisa.or.kr)
    • Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
    • National Police Agency: 182 (ecrm.cyber.go.kr)
  2. The Company guarantees the data subject's right to informational self-determination and strives to provide consultation and remedies for personal information infringement. If you need to file a report or seek consultation, please contact the address specified in Article 8 (Privacy Officer).

Article 11 (Effective Date and Notice)

This Privacy Policy takes effect on ____ , 20. (effective date to be confirmed)

The Company may amend this Privacy Policy in accordance with changes in laws, policies, or security technology, and where there are changes, it will notify Members through in-service announcements (or a separate notice).