Privacy Policy
Beluga Company (hereinafter referred to as “the Company”) collects and processes personal information from you in the course of providing all related services through its website and other platforms (hereinafter referred to as “the Service”). The Company complies with all applicable personal information protection regulations, including the Personal Information Protection Act, that data processors are required to observe when processing personal information. In order to protect users' personal information and to handle related complaints promptly and effectively, we hereby establish and publicly disclose this Privacy Policy as follows.
Scope of This Privacy Policy
The Company provides and operates various services, and please note that each service may be subject to a separate privacy policy.
Personal information processed on third-party web pages linked to this Service is not covered by this Privacy Policy.
1. Categories of Personal Information Collected and Methods of Collection
The Company collects personal information at the necessary points for each of the following purposes in order to ensure stable provision and operation of the “FortuneWiki” service. Personal information required for the purposes of collection and use is classified as ‘Required Items,’ and all other personal information is classified as ‘Optional Items.’ Users who do not consent to the collection of ‘Optional Items’ will not be subject to any restrictions on the use of the Service.
1) Service Operation
- Personal information items: (Required) Nickname, email address, Kakao ID, profile image; (Optional) Date of birth, gender
- Kakao ID is a user identification code generated when you register as a member with Kakao Corp. The responsibility for protecting this information lies with Kakao Corp.
- In the course of providing the Service, information such as consent records for terms and personal information processing, service usage records (user identifiers, visit date/time (access logs), IP address, records of fraudulent use (sanction information), service usage history), device information (OS information, device model, language settings, etc.), and cookies may be generated and collected.
2) AI Fortune-Telling Service Operation
- Personal information items: (Required) Nickname, date of birth, gender, time of birth
- In the course of providing the AI service, device information (OS information, device model, country code and language settings) and fortune analysis request history may be collected.
3) Customer Support Service
- Personal information items: (Required) Name, nickname, email address, inquiry details
- In the course of providing customer support services, device information (OS information, device model, country code and language settings, network type) and language settings may be generated and collected.
4) Events and Promotions
- Personal information items: (Optional) (As necessary) Information required for prize distribution
- When providing events or promotions, additional personal information may be requested for tax processing purposes depending on the prize. In such cases, a separate consent procedure for the collection and use of personal information will be conducted.
※ The Company does not process personal information of children under the age of 14 (hereinafter “Children”). If a legal representative believes that personal information of a Child is being processed through this Service, please contact the Personal Information Protection Officer by email. The Company will promptly guide you through the account deletion or personal information removal process.
2. Purposes of Processing Personal Information
The Company processes personal information for the following purposes. Personal information being processed will not be used for any purpose other than those listed below. If the purpose of use changes, the Company will take necessary measures, such as obtaining separate consent, in accordance with the Personal Information Protection Act and other applicable laws.
Non-personal data generated during the user's use of the Service (including fortune analysis results, input content, etc.) may be used for the purposes of analyzing the service usage environment, improving the Service, and enhancing the service experience.
1) Service Operation
- User identification and confirmation of intent to use the Service
- Prevention of fraudulent registration and use
- Analysis of the service usage environment and service improvement
- Payment processing, billing, and refunds
2) AI Fortune-Telling Service Operation
- User identification and confirmation of intent to use the Service
- Provision and operation of AI fortune analysis services
- Analysis of the service usage environment and service improvement
3) Customer Support Service
- Receiving and processing inquiries or complaints, improving user services
- Responding to service disruptions and ensuring service stability
- Preventing fraudulent use, protecting accounts, restricting violations of laws and the Company's Terms of Service
4) Events and Promotions
- Prize delivery, tax processing
- Prevention of duplicate participation and fraudulent winning
3. Provision of Personal Information to Third Parties
The Company uses personal information within the scope stated in “2. Purposes of Processing Personal Information” and, as a rule, does not use personal information beyond this scope or disclose it externally without the user's prior consent. However, the following cases are exceptions.
1) When there is an obligation to provide personal information under applicable laws
The Company will provide personal information when requested by administrative or investigative agencies in accordance with applicable laws, following lawful procedures such as warrants or written requests bearing the official seal of the agency head, as prescribed by law.
2) When separate consent has been obtained from the user
In order to provide better services, the Company may provide or share your personal information with affiliated companies. However, in such cases, you will be notified in advance of the recipient, the personal information items to be provided/shared, the reason and duration of the provision/sharing, and the protective measures for the shared information, and a separate consent process will be conducted. If you do not consent, the information will not be provided or shared.
4. Retention Period of Personal Information
As a general principle, users' personal information is destroyed or stored separately without delay once the purpose of collection and use has been achieved. Examples of when the purpose of collection and use is deemed to have been achieved include the following:
- When a user requests account deletion or personal information removal
- When the Company terminates the provision of services
- When the processing of a user's inquiry or complaint has been completed
- When all necessary procedures related to events or promotions (prize distribution, tax processing, etc.) have been completed
However, for the following reasons, the relevant information will be stored and managed separately from other information for a specified period, after which it will be destroyed or stored separately without delay.
1) Support for Account Deletion Reversal and Resolution of User Complaints/Disputes
When a user requests account deletion, personal information collected for service operation purposes will be retained for 15 days from the date of the request and then destroyed or stored separately.
2) Prevention of Fraudulent Registration and Use
Records of fraudulent use that occurred during service use will be retained for 1 year from the date of occurrence and then destroyed or stored separately.
3) Supplementary Services Such as Events
The retention period for personal information collected for events and similar purposes may vary depending on the type of event, and is subject to the retention period stated on each event page. As a general rule, the Company retains such information for 6 months from the conclusion of the event (end of promotion period, completion of prize distribution, completion of tax processing if applicable) and then destroys or stores it separately.
In addition, where preservation is required even after the purpose of collection and use has been achieved pursuant to applicable laws, the Company retains user information for the periods prescribed by such laws, as set forth below.
| Category | Personal Information Items | Legal Basis for Retention | Retention Period |
|---|---|---|---|
| Computer/internet communication log records and access tracking data | Access date/time, IP address | Protection of Communications Secrets Act (Article 15-2) | 3 months |
| Records related to consumer complaints or dispute resolution | All information directly or automatically collected for customer support services | Act on Consumer Protection in Electronic Commerce (Article 6) | 3 years |
| Records related to contracts or withdrawal of offers | Inquiry details and other information collected during customer support for contracts or withdrawal of offers | Act on Consumer Protection in Electronic Commerce (Article 6) | 5 years |
| Records related to payment and supply of goods | (If applicable) Purchase history (purchase date/time, item name, order number, amount), service usage history | Act on Consumer Protection in Electronic Commerce (Article 6) | 5 years |
| Records related to processing prescribed by tax laws | (If necessary) Information required for prize distribution | Framework Act on National Taxes (Article 85-3), Corporate Tax Act (Article 116), Income Tax Act (Article 160-2) | 5 years |
5. Procedures and Methods for Destruction of Personal Information
As a general principle, the Company destroys or stores personal information separately without delay once the retention periods specified in ‘4. Retention Period of Personal Information’ have elapsed. However, where there are special provisions in applicable laws, the information will be retained for the period prescribed by such laws before being destroyed. The detailed procedures and methods for destruction of personal information are as follows.
1) Destruction Procedures
When the conditions for destruction of personal information are met, the Company destroys the personal information in accordance with its internal policies.
2) Destruction Methods
Personal information recorded and stored in electronic file format is destroyed in a manner that prevents the records from being reproduced. Personal information recorded and stored on paper documents is destroyed by shredding or incineration.
6. Entrustment of Personal Information Processing
The Company entrusts the processing of personal information to external professional companies as described below for the purpose of providing smooth services and customer support, and has established regulations for the secure management of personal information by such entrusted companies. Some entrusted tasks involve the transfer of relevant personal information overseas. If there are any changes to the details of personal information processing entrustment, we will provide advance notice of such changes.
1) Domestic Personal Information Processing Entrustment
| Entrusted Company | Entrusted Tasks |
|---|---|
| Kakao Corp. | Provision of Kakao Login service, sending KakaoTalk notification messages |
| PortOne (formerly I'mport) | Payment processing required for service operation |
※ The Company may entrust delivery services for the purpose of prize distribution in the course of providing events or promotions. In such cases, the details regarding the processing and entrustment of personal information will be disclosed through a separate notice and consent procedure.
2) Overseas Personal Information Processing Entrustment (Cross-Border Transfer)
| Entrusted Company | Entrusted Tasks | Country of Transfer | Personal Information Items | Retention Period |
|---|---|---|---|---|
| Google Inc. (Firebase/Firestore) | Cloud database operation and management | United States | All personal information items specified in “Categories of Personal Information Collected and Methods of Collection” of this Privacy Policy | Until account deletion or termination of entrustment contract |
| OpenAI (GPT API) | Provision of AI fortune analysis services | United States | Date of birth, gender, time of birth, fortune analysis request content | Processed only at the time of service use (not stored) |
| Anthropic (Claude API) | Provision of AI fortune analysis services | United States | Date of birth, gender, time of birth, fortune analysis request content | Processed only at the time of service use (not stored) |
| Vercel Inc. | Provision of web hosting services | United States | Service usage records (access logs, IP address) | Until account deletion or termination of entrustment contract |
3) Management and Regulatory Provisions for Personal Information Processing Entrustment
- Purpose and scope of entrusted tasks
- Prohibition of processing personal information for purposes other than the entrusted tasks
- Technical and administrative security measures, including restrictions on access to personal information
- Restrictions on sub-entrustment
- The Company's supervisory obligations, including inspections of the management status of personal information held in connection with entrusted tasks
- Liability for damages and other matters arising from the entrusted company's violation of the above provisions
7. Rights of Users and Legal Representatives and Methods of Exercising Such Rights
1) In accordance with applicable laws, users have the right to refuse or restrict the processing of personal information, and to access, correct, delete, or transfer their personal information. If you have any questions regarding personal information-related matters, please contact the Personal Information Protection Officer by email at [email protected], and the officer will verify your identity through reasonable means. The Company will faithfully respond to users' exercise of their rights in accordance with applicable personal information protection laws.
1-1) Users may directly view or modify their personal information through the “My Page” menu on the website. If you wish to delete your personal information, you may request deletion through the “Settings” menu on the website or directly by email at [email protected]. However, when requesting deletion of personal information by email, the officer may verify your identity through reasonable means.
2) Each of the user's rights described in Paragraph 1) of this Article may be exercised through the user's legal representative. In such cases, the legal representative has all the rights of the user.
3) When a user's legal representative requests access to, correction/deletion of, or suspension of processing of personal information, the Company may request additional documentation, such as a power of attorney, to verify the legitimacy of the representative authority.
4) The Company will enable users and legal representatives to access the relevant personal information within 10 days of receiving an access request. However, if there is a legitimate reason that makes access impossible within this period, the Company will notify you and may extend the deadline. Once the reason ceases to exist, the Company will provide access to the personal information without delay.
5) The Company will correct or delete the relevant personal information within 10 days of receiving a correction or deletion request from users and legal representatives, and notify them of the result, unless other laws require specific procedures. However, if deletion is not possible, such as when the relevant personal information is specified as a collection item under other laws, the Company will notify the user and legal representative accordingly.
6) The Company will suspend processing of the relevant personal information without delay upon receiving a processing suspension request from users and legal representatives, and notify them of the result, unless there are special provisions in law or legal compliance obligations.
8. Technical and Administrative Safeguards for Personal Information
The Company has established and implemented the following best administrative, technical, and physical safeguards to ensure that users' personal information is not lost, stolen, leaked, altered, or damaged. However, it is difficult to guarantee the complete protection of all information. By providing personal information to the Company, users acknowledge these limitations and consent to them.
1) Administrative Safeguards
Establishment and implementation of internal management plans, regular employee training, supervision of entrusted companies' compliance with security requirements, etc.
2) Technical Safeguards
Management of access rights to personal information processing systems, installation and operation of access control systems, encryption of personal information, installation and operation of security software, etc.
3) Physical Safeguards
Access control for server rooms, data storage areas, etc.
4) Compliance with and Implementation of the Privacy Policy
- The Company monitors the implementation of this Privacy Policy and the compliance of responsible personnel, and endeavors to promptly correct and rectify any issues discovered.
- However, the Company assumes no liability for problems arising from the leakage of personal information, such as passwords, due to the user's own negligence or issues inherent to the internet.
9. Installation, Operation, and Opt-Out of Automatic Personal Information Collection Devices
The Company may automatically collect and use personal information for the purposes of providing personalized services and analyzing service usage patterns.
The Company uses ‘cookies’ that store and periodically retrieve user information in order to analyze and evaluate how users use the Company's services, identify demand, and improve and customize services for more efficient service delivery. A cookie is a very small text file sent by the server operating the Company's website to the user's browser and stored on the user's computer hard drive.
Users have the option to accept or decline cookie installation. You may configure your browser settings to allow all cookies, require confirmation each time a cookie is stored, or reject all cookies. However, refusing cookie installation may cause difficulties in using some website services.
1) How to Decline Cookies (Web Browser)
- Microsoft Edge: Click the More menu (top right) > [Settings] > [Cookies and site permissions] > [Manage and delete cookies and site data] > [Allow sites to save and read cookie data]
- Chrome: Click the More menu (top right) > [Settings] > [Privacy and security] (left menu) > [Cookies and other site data] > Select [Block third-party cookies] or [Block all cookies]
2) How to Decline Cookies (Mobile Browser)
- Safari: Go to [Settings] > Select [Safari] > Under [Privacy & Security], enable ‘Block All Cookies’ > Select [Clear History and Website Data]
- Chrome: Tap the [More (···)] menu (bottom left) > [Settings] > [Site settings] > [Cookies] > Select [Block third-party cookies] or [Block all cookies]
3) Analysis of Service Usage Patterns
The Company uses Google Analytics, a web analytics service provided by Google, to provide better services. Google Analytics collects behavioral information about the Company's website users through cookies; however, it only collects de-identified information that cannot identify individual users. Nevertheless, users may decline cookie usage through the methods described in 1) and 2) above, or opt out of Google Analytics by installing a browser add-on (https://tools.google.com/dlpage/gaoptout).
4) Online Targeted Advertising
The Company collects users' behavioral information using the advertising pixel provided by Toss (Viva Republica, Inc.) for the purpose of efficient service promotion. The collected behavioral information is provided to Viva Republica for the purpose of delivering targeted advertising. Users may decline cookie usage through the methods described in 1) and 2) above, or opt out of receiving advertisements through the Toss Privacy Policy (https://toss.im/policy/privacy).
| Recipient | Items Provided | Purpose of Provision | Retention and Use Period |
|---|---|---|---|
| Viva Republica, Inc. (Toss) | Visited page information, click information, advertising identifiers and other behavioral information | Delivery of targeted advertising | Until consent is withdrawn or the Service is terminated |
10. Contact Information for the Personal Information Protection Officer
The Company has designated a Personal Information Protection Officer as set forth below, who is responsible for overseeing all matters related to the processing of personal information, and for handling complaints and remedying damages related to personal information processing.
Personal Information Protection Officer
- Name: Gyuseob Shin
- Title: CEO
- Email: [email protected]
The following organizations are separate from the Company. If you are not satisfied with the Company's own complaint handling or damage remediation, or if you need further assistance, please contact:
- Personal Information Infringement Report Center (privacy.kisa.or.kr / 118)
- Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
- Supreme Prosecutors' Office Cyber Investigation Division (www.spo.go.kr / 1301)
- National Police Agency Cyber Bureau (ecrm.cyber.go.kr / 182)
11. Disclosure and Amendment of the Privacy Policy
If the Company amends this Privacy Policy, the effective date and details of the amendments will be specified, and notice will be provided on the website at least 7 days prior to the effective date. However, if there are significant changes to the rights of users, notice will be provided at least 30 days in advance.
Previous versions of the Privacy Policy may be viewed through the ‘View Previous Privacy Policy’ link at the bottom of this page.
Supplementary Provisions
This Privacy Policy is effective as of June 30, 2025.