Cutback Corporation (hereinafter referred to as the "Company") adheres to personal data protection regulations in compliance with relevant legislation governing personal information protection. 

The Company has established a privacy policy pursuant to applicable laws to ensure the utmost protection of data subjects' rights and interests.

The terminology used in this privacy policy shall have the meanings ascribed to them in the relevant statutes and the Company's Terms of Service, and other matters shall be interpreted in accordance with generally accepted commercial practices.

Article 1 (Categories of Personal Data Processed)

The Company collects and processes the minimum amount of personal data necessary for the provision of services and facilitation of customer support, based on the information provided by the data subject.

1. Personal data collected during user registration or service application:

1.1 Data subject's legal name

1.2 Electronic mail address

1.3 Contact information

1.4 Payment information (including but not limited to transaction time, payment method, and transaction amount)

2. Personal data collected during service utilization(Note: The following information may or may not constitute personal data depending on its potential for individual identification):

2.1 Log information: The Company collects information automatically transmitted by the data subject's browser or device upon service utilization. Log information encompasses IP addresses, browser types and configurations, request timestamps, and patterns of interaction with the Company's services.

2.2 Usage data: The Company collects information pertaining to service utilization, including but not limited to the nature of content accessed or utilized, features employed, actions undertaken, time zone, country of origin, access timestamps, user agent specifications and versions, device type classifications, and network connectivity particulars.

2.3 Device information: The Company collects data regarding the devices used to access the service, including device nomenclature, operating systems, unique device identifiers, and browser specifications. The scope of information collected may vary contingent upon the type and configuration of the device employed.

2.4 Location information: For security purposes and to detect anomalous login activity, thereby safeguarding user accounts, as well as to enhance product functionality by providing more accurate responses, the Company may ascertain the approximate location from which a device accesses the service based on data such as IP addresses. Furthermore, for certain services, data subjects may opt to furnish more precise location data, such as GPS coordinates.

2.5 Cookies and analogous technologies: The Company employs cookies and similar technological mechanisms for the operation and management of services and to enhance user experience. In instances where data subjects utilize the Company's services without account creation, the Company may store certain information delineated in this policy in conjunction with cookies for purposes including, but not limited to, maintaining user preferences across browsing sessions.

Article 2 (Methods of Personal Information Collection)

The Company shall collect personal information through the following methods:

1. Collection via the data subject's service use application.

2. Collection provided voluntarily by the data subject during customer inquiries, event participation, or survey completion processes.

3. For data subjects utilizing social media authentication (e.g., Google), collection provided by the respective third-party company subsequent to obtaining explicit consent from the data subject.

4. Automatic collection of device information, service usage records, and other generated data during the course of service utilization.

Article 3 (Purpose of Personal Information Collection and Use)

The Company shall collect the minimum necessary personal information from data subjects for purposes including, but not limited to, service provision and member management. The Company reserves the right to aggregate or de-identify personal information such that it no longer identifies the individual, and may utilize such information for purposes including, but not limited to, service usage analysis, functional improvements, feature additions, and research activities.

Personal information processed by the Company shall be handled strictly within the scope specified for collection and use purposes. In the event of a change in the purpose of use, the Company shall implement necessary measures, including obtaining separate consent.

1. Service Provision
   1.1. The Company shall collect and use personal information for the provision of services including, but not limited to, automatic video editing and personalized recommendations, as well as for service analysis and quality maintenance.

2. Member Management
   2.1. Personal information shall be utilized for purposes including, but not limited to, identity verification for membership services, member identification, confirmation of registration intent, registration and frequency limitation, establishment of communication channels, customer inquiry response, dissemination of new information and notices, prevention of unauthorized use, record preservation for dispute resolution, and complaint handling.

3. Service Function Provision, Improvement, and New Service Development
   3.1. In addition to existing service provision, personal information shall be utilized for purposes including, but not limited to, demographic analysis, usage pattern analysis, personalized service provision, new feature development, service improvement, research activities, recommendation model optimization, and communication of updates and events.

3.2. The Company shall collect and use personal information for the prevention of fraud, illegal activities, or service misuse, and for the protection of system integrity and service security.

4. Fulfillment of Service Provision Contracts and Billing for Paid Services
   4.1. Personal information shall be utilized for purposes including, but not limited to, notice delivery, transaction processing for paid services, and product or service delivery.

5. Marketing and Advertising Information Provision
   5.1. Personal information shall be utilized for purposes including, but not limited to, feature announcements, usage instruction dissemination, event participation opportunities, advertising information provision, statistical data compilation, and legal compliance activities.

5.2. The Company shall not transmit commercial advertising information contrary to the data subject's explicit opt-out request. Where consent has been obtained for email communications, the Company shall implement the following measures:

a. The designation "(Advertisement)" shall be prominently displayed at the commencement of the email subject line.

b. The email body shall clearly state the sender's identification, contact information, and an unambiguous method for the data subject to opt out of future communications. For non-email communications, the Company shall comply with all relevant legal requirements, including the prominent display of the term "Advertisement" at the outset of the communication.

Article 4 (Measures for Ensuring the Security of Personal Information)

The Company implements the following measures to ensure the security of personal information:

1. Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.

2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs (anti-virus)

3. Physical measures: Access control to computer rooms, data storage rooms, etc.

Article 5 (Rights and Obligations of Data Subjects and Legal Representatives and Methods of Exercise)

1. Data subjects may view or modify their personal information and exercise the following rights related to personal information protection:
   1.1 Request for access to personal information
   1.2 Request for correction of personal information
   1.3 Request for suspension of processing of personal information
   1.4 Request for deletion of personal information (membership withdrawal)

2. The Company does not collect personal information of children under the age of 14. However, in cases where personal information of children under 14 is collected, the Company shall ensure the legal rights of legal representatives regarding the processing of personal information of children under 14 as stipulated by law. Data subjects who are minors aged 14 or older may exercise their rights concerning their personal information either by themselves or through their legal representatives.

3. The exercise of rights under paragraph 1 may be conducted through written documents, telephone, email, facsimile (FAX), etc., and the Company shall take measures without delay in response to such requests.

Article 6 (Destruction of Personal Information)

In principle, the personal information of the data subject shall be destroyed without delay once the purpose of collection and use has been fulfilled. The Company's procedures and methods for destroying personal information are as follows:

1. Destruction Procedure

Information provided by the data subject for service registration, etc., shall be destroyed without delay after the retention period has elapsed or the purpose has been achieved. However, if personal information must be continuously preserved in accordance with other statutes, it shall be transferred to a separate database (DB) or storage location and retained for a certain period as per the information preservation reasons stipulated by the relevant laws (refer to Article 4 on Personal Information Retention and Use Period) before being destroyed. Such separately stored personal information shall not be used for any purpose other than that specified.

2. Destruction Method

For records, printouts, documents, and other recording media in non-electronic file formats, personal information shall be destroyed by shredding using a shredder or through incineration. Personal information stored in electronic file format shall be deleted using technical methods that render the records irreproducible.

Article 7 (Matters Concerning the Entrustment of Personal Information Processing)

To facilitate smoother business operations, including the provision of better services and user convenience, the Company entrusts the processing of data subjects' personal information as follows. 

Any changes in the content of entrusted tasks or entrusted parties shall be promptly disclosed through this Privacy Policy.

Entrusted Party, Content of Entrusted Tasks, Entrustment Period

• Google (Firebase): Operation of member information system, Until the member withdraws membership or the entrustment agreement term has expired

• Channel Corporation Co., Ltd.: Customer support and sales, Until the member withdraws membership or the entrustment agreement term has expired

• Toss Payments Co., Ltd.: Fee payment (Korea), Until the member withdraws membership or the entrustment agreement term has expired

• Lemon Squeezy: Fee payment (international), Until the member withdraws membership or the entrustment agreement term has expired

• Google Cloud: Server operation for service provision, Until the member withdraws membership or the entrustment agreement term has expired

• AWS Server: operation for service provision, Until the member withdraws membership or the entrustment agreement term has expired

• Loops: Email dispatch , Until the member withdraws membership or the entrustment agreement term has expired

Article 8 (Matters Concerning the Provision of Personal Information to Third Parties)

1. The Company shall provide personal information to third parties only in cases such as with the consent of the data subject or when there are special provisions in the law.

2. When providing a customer's personal information to a third party, the Company shall individually notify the customer through the website, email, written document, or application form, and obtain separate consent regarding the identity of the recipient of the personal information, the items of personal information to be provided, the purpose of providing the personal information, the retention and use period of the personal information, the right to refuse consent, and any disadvantages resulting from refusal of consent, if applicable.

Article 9 (Matters Concerning the Collection and Transfer of Personal Information Overseas)

The Company transfers the minimum necessary personal information overseas only when it has obtained consent for overseas transfer from the data subject.

• Recipient of transferred information: Loops

• Country of transfer: United States

• Time and method of transfer: Upon member registration

• Items of personal information transferred: Email

• Purpose of use by the recipient: Email dispatch

• Retention/use period by the recipient: Until membership withdrawal

• Method, procedure, and effect of refusing personal information transfer: Refusal will result in inability to register as a member.

Article 10 (Matters Concerning the Installation, Operation, and Refusal of Devices that Automatically Collect Personal Information)

The Company uses 'Web Storage' to store and periodically retrieve usage information in order to provide individualized customized services to customers. Web Storage supports data storage on the client rather than the server.

Web Storage includes Local Storage, Session Storage, Cache Storage, and Cookies. Local Storage, Session Storage, Cache Storage, and Cookies each have unique characteristics and are used selectively as needed.

1. The browser's Session Storage and Local Storage are used to store data. Session Storage is temporary, while Local Storage is permanent. Data subjects can clear Local Storage data by deleting their browser history.

2. Cache Storage stores files that have been requested once in the browser and is used when the same request is made. Data subjects can clear this data by deleting their browser history.

3. Cookies are small pieces of information sent by the server operating the website (http) to the data subject's computer browser and may be stored on the hard disk of the data subject's PC. If customers wish to refuse cookie storage, they can do so through the option settings in the Tools > Internet Options > Privacy menu at the top of the web browser.

Article 11 (Personal Information Protection Officer)

The Company designates a Personal Information Protection Officer as follows to gather opinions and handle complaints regarding personal information:

• Personal Information Protection Officer: Tom Kim

• Affiliation and Position: CEO

• Contact (email): support@cutback.video

Article 12 (Request for Access to Personal Information)

The data subject may request access to personal information from the Personal Information Protection Officer or the department to which the Personal Information Protection Officer belongs, as specified in Article 11. The Company shall endeavor to process the customer's request for access to personal information expeditiously.

Article 13 (Miscellaneous)

Please be advised that this Privacy Policy does not apply to the collection of personal information by other services, such as websites linked within the service.

Addendum

These Privacy Policy enter into force on the date of December 11, 2024.