Legal

Privacy Policy

Effective Date: April 1, 2026 | Last Revised: March 28, 2026

Contents

1. Purpose of Processing Personal Information
2. Types of Personal Information Collected and Collection Methods
3. Retention Period
4. Disclosure to Third Parties
5. Delegation of Processing
6. Rights of Data Subjects and How to Exercise Them
7. Destruction of Personal Information
8. Technical and Administrative Safeguards
9. Use of Cookies
10. Privacy Officer
11. Remedies for Rights Violations
12. Policy Change Notice

1. Purpose of Processing Personal Information

ChartScope (hereinafter "Service") processes personal information for the following purposes. Personal information will not be used for any purpose other than those listed below. Prior consent will be obtained if the purpose changes.

Service provision and user identification (sign-up, login, identity verification)
Paid service provision (coin purchase, payment processing, transaction history management)
Saving analysis results and managing usage history
Service quality improvement and statistical analysis
Complaint handling and customer support
Compliance with legal obligations (tax invoice issuance, e-commerce law compliance, etc.)

2. Types of Personal Information Collected and Collection Methods

Category	Items Collected	Collection Method
Sign-up (Google OAuth)	Name, email address, profile photo (optional)	Automatically collected during Google OAuth authentication
Sign-up (KakaoTalk OAuth)	Nickname, email address (optional)	Automatically collected during Kakao OAuth authentication
Paid payment	Payment method (handled by PG), transaction history, billing address	Collected via payment gateway providers (PortOne/KPN/KakaoPay or PayPal) at time of purchase
Service use	Uploaded chart images, analysis request history, access IP, browser information	Automatically collected during Service use
Customer inquiry	Email address, inquiry content	Collected upon email submission

Uploaded chart images are used solely for analysis purposes and are not permanently stored on the server after processing by the OpenAI API (Free Plan). For paid plans with the result-saving feature enabled, images and results may be stored.

3. Retention Period

Item	Retention Period	Legal Basis
Account information	30 days after account deletion	Service operation purpose
Payment and transaction records	5 years	Act on Consumer Protection in Electronic Commerce, Article 6
Analysis history (if saving is enabled)	Until account deletion or user-initiated deletion	Service usage agreement
Access logs	3 months	Protection of Communications Secrets Act, Article 41
Customer inquiry content	1 year after inquiry resolution	Service operation purpose

4. Disclosure to Third Parties

The Service does not, as a general rule, provide users' personal information to third parties. Exceptions apply in the following cases:

Where the user has given prior consent.
Where required by law or requested by an investigative authority in accordance with statutory procedures and methods for investigative purposes.

5. Delegation of Processing

The Service delegates certain personal information processing tasks to the following entities in order to provide smooth service delivery.

Processor	Delegated Task	Retention and Use Period
OpenAI, Inc.	AI processing of chart image analysis	Until processing is complete (subject to OpenAI API policy)
PortOne / Korea Payment Networks (KPN) / KakaoPay	KR payment processing and payment approval verification	For the duration of service use or as required by applicable law
PayPal	International payment processing and settlement	Until end of delegation agreement
Google LLC	OAuth authentication, cloud infrastructure	Duration of Service use
MongoDB, Inc.	Database management (Atlas)	Duration of Service use

6. Rights of Data Subjects and How to Exercise Them

As a data subject, users may exercise the following rights:

Request to inspect the status of personal information processing
Request correction or deletion of errors
Request suspension of processing
Withdrawal of consent

To exercise these rights, please send a request by email to rhee0610@gmail.com and it will be handled without delay. These rights may be subject to restrictions under applicable law.

7. Destruction of Personal Information

Personal information for which the retention period has expired or the processing purpose has been fulfilled will be destroyed without delay.

Electronic files: Permanently deleted in a manner that prevents recovery.
Paper documents: Shredded or incinerated.

8. Technical and Administrative Safeguards

Encryption: Sensitive information such as passwords and payment data is encrypted for storage and transmission.
HTTPS: TLS/SSL is applied to encrypt data in transit.
Access control: Access to personal information is minimized and unauthorized access is blocked.
Access log management: Access records for personal information are maintained.
Backup: Regular data backups are performed to prevent data loss.

9. Use of Cookies

The Service may use cookies to maintain user authentication status and enhance service convenience. Users may refuse cookie storage through browser settings; however, doing so may restrict certain features such as staying logged in.

The Service may collect anonymized aggregate statistics through third-party analytics tools such as Google Analytics. This data does not identify individuals and is used solely for service quality improvement.

10. Privacy Officer

The Service has designated the following Privacy Officer to oversee personal information processing and handle user complaints and remedies related to personal information.

Privacy Officer: Jiheon Rhee (Operator)
Email: rhee0610@gmail.com
Service: ChartScope (chartscope.virtuonweb.com)

11. Remedies for Rights Violations

Users may contact the following authorities to seek dispute resolution or consultation regarding personal information violations.

Personal Information Infringement Report Center (KISA): privacy.kisa.or.kr / 118 (no area code required)
Personal Information Dispute Mediation Committee (KOPICO): www.kopico.go.kr / 1833-6972
Supreme Prosecutors' Office Cyber Investigation Division: www.spo.go.kr / 1301
National Police Agency Cyber Investigation Bureau: ecrm.cyber.go.kr / 182

12. Policy Change Notice

This Privacy Policy may be revised in response to changes in law, policy, or service content. Revisions will be announced via in-service notices at least 7 days before taking effect (30 days in the case of material changes).

Privacy Inquiries

Service: ChartScope
Operated by: VirtuonWeb
Privacy Officer: Jiheon Rhee
Email: rhee0610@gmail.com
Domain: chartscope.virtuonweb.com