QUELSUITE

/PRIVACY

Privacy Policy

Learn how QUELSUITE by Snake Steak Inc. collects, uses, and safeguards personal information.

Updated on November 11, 2025

#### 1. Overview Snake Steak Inc. (the “Company”) operates the QUELSUITE service (“Service”) and complies with the Personal Information Protection Act and other applicable privacy laws in Korea. This policy explains how we collect, use, retain, and protect personal information and describes the procedures available to data subjects. #### 2. Purposes of Processing Personal information is processed only for the purposes listed below. If the purpose changes, we will announce the change and request additional consent when necessary. 1. **Member management** * Provide and improve member services after identifying an individual * Confirm the intent to sign up, manage memberships, handle abuse and disputes, confirm withdrawal requests * Provide free trials, manage free-to-paid conversions, share product introductions and onboarding support 2. **New services, marketing, and advertising** * Develop new services and improve existing ones * Provide services and ads tailored to demographic characteristics and measure effectiveness * Provide promotional information, detect abnormal traffic, compile usage statistics 3. **Contract execution and billing for paid services** * Deliver QUELSUITE services and charge for paid features * Issue invoices, process payments, authenticate customers, and collect overdue amounts 4. **Legal evidence** * Retain records necessary to resolve disputes or respond to lawful requests 5. **Use requested by a commissioning partner** * Process personal data when a partner explicitly requests the Company to operate the Service on its behalf #### 3. Items Processed and Retention Periods 1. **Membership** | Category | Timing | Data Items | Retention | | :--- | :--- | :--- | :--- | | Email sign-up | After e‑mail verification | Name, e‑mail, password, contact number (individual or corporate contact info) | Deleted 30 days after withdrawal | | SNS sign-up (Kakao, Naver, Google) | After social login verification | Name, e‑mail, contact number (individual or corporate contact info) | Deleted 30 days after withdrawal | | PASS identity verification (when performed) | Upon yearly verification | Masked name, phone number, DI | Deleted 30 days after withdrawal | 2. **Optional marketing consent (members and inbound leads)** | Type | Items | Retention | | :--- | :--- | :--- | | Member marketing consent | Name, e‑mail, mobile phone | Until consent is withdrawn or 30 days after withdrawal | | Non-member (adoption / inquiry) | Name, e‑mail, mobile phone | 3 years after consultation ends or consent withdrawal | 3. **Information collected while using the Service** | Purpose | Details | Items | Retention | | :--- | :--- | :--- | :--- | | Billing | Paid usage fees | Name, e‑mail, masked card number, or virtual account info | 5 years | | Tax invoices | Settlement and tax receipts | Company name, name, contact, e‑mail | 5 years | | Refunds | Refund processing | Name, e‑mail, phone, virtual account info | 5 years | | Customer support (members) | Identity check and support | Company, name, e‑mail or phone | 3 years | | Customer support (non-members) | Identity check and support | Company, name, e‑mail or phone | 3 years | | Product inquiries / onboarding | Consultation for adoption, integration, pilots | Organization name, requester name, e‑mail, mobile phone | 3 years | | Applications | Newsletter, brochure download, promotions | Organization, department, requester name, e‑mail, mobile phone | 3 years | | Partnerships | Partnership or reseller requests | Organization, requester name, e‑mail, phone, website URL | 3 years | | AI Service usage | QUELSUITE AI image generation | Prompts, uploaded assets, generated results and metadata | Until membership withdrawal or vendor contract termination | 4. **Recruiting** | Type | Purpose | Items | Retention | | :--- | :--- | :--- | :--- | | Required | Apply to Snake Steak Inc. | Name, e‑mail, phone, application channel | 3 years (or deleted immediately upon request) | | Optional | Screening support | Resume contents (career, education, certificates), portfolios, attachments | 3 years (or deleted immediately upon request) | 5. **Legal and internal retention** | Legal Basis | Data | Period | | :--- | :--- | :--- | | Act on Consumer Protection in Electronic Commerce | Contracts, withdrawal records | 5 years | | Same Act | Payments and supply records | 5 years | | Same Act | Consumer complaints or disputes | 3 years | | Same Act | Advertising and labeling records | 3 months | | Communications Secrets Protection Act | Website access logs | 3 months | | Personal Information Protection Act art.15(1)(4) | Membership data stored by entrusted parties | Until partners request deletion | | Personal Information Protection Act art.15(1)(5) | Data necessary to prevent fraudulent use | Deleted 30 days after withdrawal | #### 4. Children’s Data The Service is not intended for children (under 14 for Koreans, under 16 for foreigners). If we learn that we collected data from a child, we will delete it and close the account. Please contact us if you believe a child’s data was submitted. #### 5. Provision to Third Parties We use personal information within the scope described in Section 2 and do not disclose it to third parties without consent. Exceptions: 1. When the data subject has provided explicit prior consent 2. When required by law or when investigative agencies provide a valid warrant or order (Criminal Procedure Act art.215, PIPA art.18(2)2). Provision under legal requests follows this procedure: present warrant → verify scope → extract only the data described → approval by the CPO → deliver the minimum required dataset. Prompts, uploads, and generated contents are **never** used to train AI models or provided to third parties without explicit consent. #### 6. Domestic Processors We outsource certain tasks to the following processors under written agreements that prohibit processing for other purposes, mandate security controls, require supervision, and prohibit onward transfers. | Scope | Processor | Purpose | Retention | | :--- | :--- | :--- | :--- | | Cloud infrastructure | Amazon Web Services Inc. (Seoul) | Hosting | Until withdrawal or contract termination | | Support | Channel Corporation (Channel Talk) | Customer support SaaS | Same as above | | Payments | NICE Payments, NHN KCP, Toss Payments | Credit-card billing | Same as above | | Identity | Danal Co., Ltd. | PASS mobile verification | Same as above | | Notifications | NHN Cloud | Kakao notification messages | Same as above | #### 7. Overseas SaaS Entrustment | Data transferred | Destination | Recipient | Purpose | Retention | | :--- | :--- | :--- | :--- | :--- | | Prompts, questions, documents, or images entered when using LLM-enabled QUELSUITE features | United States (real-time API transfer) | Google Cloud Platform (googlekrsupport@google.com) | Provide generative AI functionality | Deleted immediately after processing; no data is stored by Google | Users who refuse overseas transfer cannot use the respective features; you may withdraw by deleting your account or contacting us via ChannelTalk. #### 8. Destruction We delete personal data without delay once retention periods expire or the processing purpose is achieved. If other laws require longer retention, the data is moved to a separate database or storage. #### 9. Rights of Data Subjects Users may exercise the following rights by e-mail or customer support: * Request access, correction, deletion, or suspension of processing * Request updates or corrections; we will stop using the data until we finish and notify third parties of the correction if data was shared * Withdraw consent or request deletion (some services may become unavailable, and statutory data cannot be deleted) * Withdraw membership inside the Service or via e-mail #### 10. Safeguards * Limit staff with access to personal data and provide training * Maintain and enforce internal management plans * Encrypt personal data and passwords; apply file-level encryption for sensitive exports * Maintain security programs against hacking and malware, and place systems in access-controlled zones * Control database access rights and use firewalls to block unauthorized connections * Log all access to the personal-information systems and protect the logs from tampering #### 11. Cookies and Similar Technologies We use cookies to remember user preferences, analyze traffic, and improve the Service. You may configure your browser (Chrome, Firefox, Edge, etc.) to block or delete cookies; however, some sign-in features may not work if cookies are disabled. #### 12. Additional Use Criteria Without additional consent, further processing is allowed only when it is reasonably related to the original purpose, foreseeable by the context of collection, does not unfairly infringe the user’s interests, and when safeguards such as pseudonymization or encryption are applied. #### 13. Data Protection Officer | Role | Name | Contact | | :--- | :--- | :--- | | Data Protection Officer | Donghyun Lim | s2s2hyun0703@pprk.xyz | #### 14. Remedies Users may contact the KISA Privacy Infringement Center (dial 118), the Personal Information Dispute Mediation Committee (1833-6972), the Supreme Prosecutors’ Office Cyber Investigation Division (1301), or the National Police Agency Cyber Bureau (182) for external remedies. #### 15. Changes We will announce any additions, deletions, or amendments to this policy through our website and provide at least 30 days’ notice when user rights are materially affected. Effective date: **1 November 2025**