———-ENGLISH VERSION———-

Privacy Policy

Revised Date: December 31, 2025

Effective Date: January 1, 2026

Anonymous Co., Ltd. (hereinafter referred to as the “Company”) establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to promptly and smoothly handle related grievances.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. Personal information being processed will not be used for purposes other than those described below. If the purpose of use is changed, necessary measures such as obtaining separate consent under Article 18 of the Personal Information Protection Act will be implemented.

1. Membership Registration and Management

  • Confirmation of intent to join, identification/authentication for membership, and maintenance/management of membership status.

  • Prevention of unauthorized use of services and identity verification (if applicable) under the limited identification system.

  • Verification of the legal guardian’s consent when processing personal information of children under 14 years of age.

  • Notifications, customer consultation, and grievance handling.

2. Provision of Services

  • Provision of messenger and supplementary features; transmission, display, and storage of content (messages, photos, videos, etc.) within the scope necessary for service operation.

  • (If applicable) Age verification, payment/refund/settlement, and responding to user inquiries.

3. Safe Service Operation and Security

  • Management of service usage records, detection/response to abnormal use, and prevention of spam/abuse.

  • Response to disputes and fulfillment of legal obligations.

4. Marketing and Promotion (Optional/Consent-based)

  • Information on events/promotions and campaign operation (separate consent obtained where necessary).

Article 2 (Processing and Retention Period of Personal Information)

① The Company processes and retains personal information within the period of retention and use in accordance with relevant laws or within the period agreed upon by the data subject at the time of collection.

② In principle, personal information is destroyed without delay once the purpose of processing is achieved. However, if storage is required by relevant laws, it will be kept for the period specified by such laws.

Membership Registration and Management

  • Retention Period: Until membership withdrawal.

  • Exception: Until the conclusion of any ongoing investigation or inquiry regarding violations of relevant laws.

  • Exception: Until the settlement of any remaining claims or debts arising from service use.

Provision of Services (Including Payment/Settlement)

  • Retention Period: Until the completion of goods/service supply and payment/settlement.

  • Retention required by relevant laws (e.g., Act on the Consumer Protection in Electronic Commerce):

    • Records on display/advertising: 6 months

    • Records on contracts, withdrawal of subscription, payment, and supply of goods: 5 years

    • Records on consumer complaints or dispute resolution: 3 years

Communication Confirmation Data, etc. (If applicable)

  • Retention required by the Protection of Communications Secrets Act:

    • Date and time of telecommunication, start/end time, counterpart number, and base station location tracking data: 1 year

    • Computer communication/Internet log records, access tracking data: 3 months

Auto-Deletion Policy for Messages/Content (Service Characteristics)

  • The Company’s service may be designed and operated so that messages and content created/transmitted by users are automatically deleted, in principle, 7 days after transmission (or creation).

  • However, the minimum necessary records (e.g., access records, usage history) may be stored for a certain period for compliance with relevant laws and response to security/disputes.

  • Automatically deleted data may not be recoverable.

Article 3 (Items of Personal Information Processed)

The Company processes the following personal information items:

1. Membership Registration and Management

  • Required: Mobile phone number, user-input values (ID, nickname, date of birth, interests).

  • Optional: Information obtained during identity verification (e.g., name, gender, date of birth, unique identification key (CI/DI), mobile number, carrier, nationality/foreigner status), contact list (when using contact-based features).

2. Provision of Services (Content/Media)

  • Required: Capture information (date/time of capture, photos/videos, content metadata).

  • Optional: Location information (if allowed), age/adult status (if necessary).

3. Items Automatically Generated/Collected During Service Use

  • IP address, cookies, device identifier, OS/browser info, usage records, access logs, records of poor/unauthorized use, etc.

4. Payment/Refund (For paid services)

  • App Market Payments: The Company does not directly store payment method information such as card numbers; it may process transaction identification info (receipts/subscription status) for verification.

  • Direct PG Payments: Minimum information necessary for payment/refund processing may be processed (specific items are provided on the payment screen).

Article 4 (Provision of Personal Information to Third Parties)

① In principle, the Company does not provide personal information to third parties.

② However, it may be provided with the data subject’s consent or in response to a lawful request based on legislation.

Article 5 (Entrustment of Personal Information Processing)

① The Company may entrust personal information processing to provide smooth services.

② The Company implements protective measures, management, and supervision in accordance with relevant laws when entering into entrustment contracts.

(Current Status of Entrustment)

  • AWS: Infrastructure operation (Server/DB/Storage/Backup) / Items: Account info, usage records, service data / Period: Until purpose achievement or contract termination.

  • Google (Firebase Analytics): Usage statistics and service improvement / Items: Device info, service logs / Period: Until set retention period or purpose achievement.

  • Naver Cloud (SMS): Sending authentication/notification texts / Items: Mobile number, minimum info for sending / Period: Until sending purpose is achieved.

  • Apple (APNS), Google (FCM): Push notification relay / Items: Push tokens, minimum info for transmission / Period: Until sending purpose is achieved or token expiry/deletion.

Article 6 (Overseas Transfer of Personal Information)

① In principle, the Company processes and stores personal information within the Republic of Korea (AWS Seoul Region).

② However, personal information may be transferred to overseas providers (including processing entrustment) during service provision as follows:

  • Google (Firebase Analytics): (USA, etc.) Network transmission during service use for statistics/improvement.

  • Apple (APNS), Google (FCM): (USA, etc.) Network transmission during push delivery. Includes push tokens and (depending on settings) notification content (sender display name/message preview).

Article 7 (Rights and Obligations of Data Subjects and Method of Exercise)

Data subjects may request access, correction, deletion, or suspension of processing. The Company will take action without delay (a power of attorney is required for exercises by an agent).

Article 8 (Destruction of Personal Information)

① The Company destroys personal information without delay when it becomes unnecessary, such as upon the expiration of the retention period or achievement of the processing purpose.

② If storage is required by law, the information is moved to a separate database or stored in a different location.

Destruction Procedure: Selection of target data → Approval by the Privacy Officer → Destruction.

Destruction Method: Electronic files are deleted via non-restorable methods; paper documents are shredded or incinerated.

Article 9 (Measures to Ensure Safety of Personal Information)

  • Administrative: Internal management plans, regular training.

  • Technical: Access authority management, access control, encryption, security software installation.

  • Physical: Access control for the computer room/server room.

Article 10 (Installation/Operation of Automatic Collection Devices and Rejection)

① The Company may use cookies to provide customized services.

② Users can refuse to store cookies through web browser settings, but this may restrict the use of some service features.

Article 11 (App Access Permissions)

  • Optional Permissions: Camera/Photos (Capturing and uploading content), Notifications (Receiving push notifications).

  • Services can be used even if optional permissions are not granted.

Article 12 (Chief Privacy Officer)

  • Chief Privacy Officer: Kim Ba-ol

  • Contact: help@seerealbox.com

  • Department: Operations

Article 13 (Department for Access Requests)

  • Department: Operations

  • Contact: help@seerealbox.com

Article 14 (Remedies for Infringement of Rights)

Data subjects may apply for dispute resolution or consultation with the following agencies:

  • Personal Information Infringement Report Center (KISA): 118 / privacy.kisa.or.kr

  • Personal Information Dispute Mediation Committee: 1833-6972 / www.kopico.go.kr

  • Supreme Prosecutors’ Office Cybercrime Investigation Unit: 02-3480-3573 / www.spo.go.kr

  • Korean National Police Agency Cyber Bureau: 182 / cyberbureau.police.go.kr

Article 15 (Installation/Operation of Visual Information Processing Equipment)

The Company does not install or operate visual information processing equipment.

Article 16 (Changes to the Privacy Policy)

  • Version: 2.0

  • Notice Date: December 31, 2025

  • Effective Date: January 1, 2026

v1.2

v1.1

v1.0

© 2026 시리얼 SeeReal. All rights reserved

Privacy Preference Center

Privacy Preferences