Privacy Policy
Moii Privacy Policy
illuni Inc. (hereinafter referred to as the “Company”) operates the “moii” app service (hereinafter “Service”). In accordance with the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as the ‘Information Communications Network Act’), we have established and are operating the following personal information processing policy to protect the privacy and rights of users.
Article 1) Guide on Personal Information Collection, Use, and Retention Period
The Company collects the minimum amount of personal information necessary for service provision, varying the purpose of collection, items, and retention and use periods for the services provided, as follows:
- Membership Registration and Customer Management
– Collection Purpose: Self-service membership registration, mobile phone number verification, customer management
– Mandatory Collected Items: Mobile phone number, location information (Geo IP), device information (model name, OS version, unique device identifier, carrier information)
– Optional Collected Items: Nickname, gender, date of birth, profile picture
– Retention and Usage Period: Until membership withdrawal
- Service Use
– Collection Purpose: Profile management, social calling and matching, service use and search algorithm functionality, profile image use
– Mandatory Collected Items: Call content (voice), automatically collected information
– Retention and Usage Period: Until membership withdrawal
- Service Quality Improvement
– Collection Purpose: Data analysis and statistics for service quality improvement
– Mandatory Collected Items: Device ID, call history, other service usage records
※ Note: Information that can identify individuals is not included in the analysis items.
– Retention and Usage Period: Until the purpose of data analysis is achieved
– Collection Purpose: Monitoring of fraudulent users and prevention of re-registration
– Mandatory Collected Items: Nickname, unique identifier ID, call history, other service usage records (purchase history, call content)
– Retention and Usage Period: Personal information of permanently banned users is permanently preserved in accordance with the service usage policy.
- Customer Inquiries
– Collection Purpose: Service inquiry response
– Mandatory Collected Items: Unique identifier ID, inquiry content confirmation
– Retention and Usage Period: Until membership withdrawal
- Event Participation (Optional)
– Collection Purpose: Identification of event participants and awarding and dispatching prizes
– Mandatory Collected Items: Unique identifier ID, mobile phone number
– Retention and Usage Period: Until membership withdrawal or a separate retention period agreed by the customer
※ Note: Event participation contents included in the service promotional materials are not automatically deleted upon membership withdrawal.
- Consent to Receive Promotional Information (Optional)
– Collection Purpose: Consent to receive service benefits and event information via text, email, push notifications
– Mandatory Collected Items: Nickname, KakaoTalk ID, mobile phone number
– Retention and Usage Period: Until membership withdrawal or consent withdrawal
- Personal Information Processing Notice
– The Company does not provide its services to minors under the age of 14 and does not collect their personal information.
– For details on personal information processing for call policy, please refer to the operation policy.
– The Company collects personal information in the following ways and obtains prior consent before collection:
① Directly from users during the service use process.
② Automatically generated and collected during the service use process, such as connection logs and usage records.
Article 2) Installation and Refusal of Automatic Personal Information Collection Devices
During the service use process, the following information can be automatically generated/collected from users and used for the following purposes:
- Guide to Automatic Collection of Personal Information and Refusal Method
– Collected Items: Visit records, access IP information, service usage records, type of mobile communication terminal, model name, OS version, location-based, all activity communications within the app, network connection status, network type
[Mobile]
– For Android: Application Information > Storage Space > Clear Cache and Data
- For iOS: Settings > General > iPhone Storage > Select App > Offload App
Article 3) Retention and Use Period of Personal Information and Destruction
The Company processes the collected personal information within the personal information retention and use period agreed upon at the time of collection from users or as prescribed by relevant laws. Once the purpose is achieved and the retention period has elapsed, the personal information will be destroyed without delay in a manner that makes it unrecoverable or irreproducible.
- Member Information
① If a user withdraws from the service membership, the Company will store personal information for one year to prevent misuse. In this case, personal information is stored in an unidentifiable state, and re-registration with the same ID is not possible. However, information on permanently suspended accounts is not deleted.
② User accounts that have not used the service for one year will be changed to a dormant state, and their personal information will be safely stored separately from the operating member database.
③ Even if a member withdraws, if there is a need to preserve personal information under relevant laws, the Company will comply with the provisions of the respective laws.
- Obligatory Retention Periods According to Related Laws
| Law | Basis | Period |
| A. Records on display and advertising | Act on Consumer Protection in Electronic Commerce, Etc. | 6 months |
| B. Records on contracts or withdrawal of offers | Act on Consumer Protection in Electronic Commerce, Etc. | 5 years |
| C. Records on payment and supply of goods, etc. | Act on Consumer Protection in Electronic Commerce, Etc. | 5 years |
| D. Records on consumer complaints or dispute resolution | Act on Consumer Protection in Electronic Commerce, Etc. | 3 years |
| E. Records on access | Protection of Communications Secrets Act | 3 months |
| F. Records on electronic financial transactions | Electronic Financial Transactions Act | 3 years |
Article 4) Delegation of Personal Information Processing
The company delegates the processing of personal information as follows for the smooth handling of personal information tasks.
The company outsources only part of the necessary tasks for service provision to external companies and, at the time of concluding a delegation contract, stipulates matters related to the prohibition of personal information processing for purposes other than the performance of delegated tasks, technical and managerial protective measures, restrictions on re-delegation, management and supervision of the trustee, and responsibilities for compensation, etc., in the contract, etc., according to related laws. It also stipulates and supervises necessary matters to ensure the trustee processes personal information safely in accordance with the related laws.
- Personal Information Processing Delegation Tasks and Trustee Information
| Trustee Company | Content of Delegated Tasks |
| KG Inicis Co., Ltd., Kakao Pay Corp., Korea Cyber Payment Inc., Naver Corporation, NHN Payco Corp., eBay Korea Co. Ltd., Samsung Electronics Co., Ltd., Google Payment Korea LLC, Apple Inc. | Provision of Electronic Payment Methods |
| KG Mobilians Co., Ltd. | Identity Verification |
| SK Telink | Safe Number Service |
| NHN Corp. | Operation of Kakao Biz Message and Text Message Services |
| AWS | Service Operation |
| Firebase | Authentication |
| AWS, Firebase, Singular | Analysis of Service Usage Behavior |
Article 5) Provision of Personal Information to Third Parties공
The company processes users' personal information only within the scope specified below and provides personal information to third parties only with the user's consent or in cases corresponding to special provisions of the law. Without the prior consent of users, it does not use personal information beyond the scope of consent or, in principle, provide personal information to external parties.
Currently, the company does not provide personal information to third parties, except when necessary for the performance of the delegated tasks mentioned in the previous article. If personal information is to be provided to third parties for purposes other than those of the aforementioned delegated tasks, the company will specify ① the recipient of the personal information, ② the purpose for which the recipient will use the personal information, ③ the items of personal information to be provided, ④ the retention and use period of the personal information, and will seek prior consent from the user, specifying the right to refuse consent and any disadvantages that may arise from such refusal.
Article 6) Overseas Transfer of Personal Information
The company does not provide users' personal information to business operators outside the country.
Article 7) Measures to Ensure the Safety of Personal Information
The company implements the following protective measures to ensure the safety of users' personal information and to prevent it from being lost, stolen, leaked, altered, or damaged in handling.
- Technical Protective Measures
- Users' personal information is protected by passwords and important data is encrypted or locked with file locking functions. Separate security features are used for important data.
- The company uses antivirus programs to prevent damage caused by computer viruses. These programs are regularly updated, and in the event of a sudden virus outbreak, the vaccine is provided immediately to prevent personal information breaches.
- The company adopts security devices (SSL) that use encryption algorithms to safely transmit personal information over the network.
- To prepare for hacking and other external intrusions, intrusion prevention systems and vulnerability analysis systems are utilized on each server to ensure maximum security.
- Managerial Protective Measures
The company restricts access to users' personal information to a minimum number of personnel, including:
① Those who deal directly with users for marketing purposes (only if consented to marketing)
② Those handling customer complaints and inquiries
③ Personal information protection officer and staff
④ Others who unavoidably handle personal information in their duties
The company prevents information leakage by employees through security pledges at the time of joining and has internal procedures to audit the implementation of the personal information processing policy and employee compliance.
The transfer of personal information-related tasks is conducted securely, and the company clearly defines responsibility for personal information incidents before and after joining the company.
The company is not responsible for incidents arising from users' personal mistakes or inherent risks of the internet. Users should manage their IDs and passwords properly and bear the responsibility for their protection.
If personal information is lost, leaked, altered, or damaged due to an internal manager's mistake or a technical management accident, the company will immediately notify users and seek appropriate measures and compensation.
- Maintaining and managing access logs to the personal information processing system to prevent tampering (for more than 1 year)
- Encryption of personal information
- Technical measures against hacking, including installation of security programs and regular inspections
- Restricting access control to personal information
Article 7) Rights of Users and Legal Representatives and How to Exercise Them
The company is committed to safely managing users' personal information to prevent its loss, theft, leakage, alteration, or damage, and is implementing necessary technical, managerial, and physical measures.
- Users may request access to their personal information, correction of errors, if any, or deletion at any time.
- These rights can be exercised via written documents, phone calls, emails, or fax transmission to the company, and the company will take immediate action.
- If a user requests correction or deletion of personal information due to errors, etc., the company will not use or provide the personal information until correction or deletion is complete.
- Users must not infringe on their own or others' personal information and privacy by violating relevant laws such as the Information and Communications Network Act and the Personal Information Protection Act.
Article 8) Opinion Gathering and Complaint Handling
The company values the opinions of its users and believes that users have the right to receive sincere answers to any inquiries at any time.
The company operates a customer center to facilitate smooth communication with users, and the contact details are as follows:
| Category | Details |
| contact@illuni.com | |
| Phone Number | 070-4128-9007 |
| Address | 39, Hyoryeong-ro 29-gil, Seocho-gu, Seoul, Jeonil Building, Room 302 |
The company is obligated to sincerely respond to consultations received via email from users. However, if consultation is received after working hours, on weekends, or public holidays, it is the company's principle to handle it on the first business day following the weekend or holiday.
For consultations related to personal information, users can inquire via the company's aforementioned email. If reporting or consultation with government agencies is necessary, you may contact the following for assistance:
| Personal Information
Infringement Report Center | 118
http://privacy.kisa.or.kr/ |
| --- | --- |
| Information Protection Mark Certification Committee | 02-550-9500
http://www.eprivacy.or.kr/ |
| Supreme Prosecutors' Office Cybercrime Investigation Division | 02-3480-2000
http://www.spo.go.kr |
| National Police Agency Cyber Security Bureau | 182
https://cyberbureau.police.go.kr/ |
Article 9) Link Sites
The company may provide users with links to websites or materials of other companies. In this case, the company has no control over external sites and materials and cannot be responsible or guarantee the usefulness of the services or materials provided from them. If users click a link contained in the company's site and move to another site's page, the privacy policy of that site is unrelated to the company, so it is advised to review the newly visited site's policies.
Article 10) Personal Information Protection Officer and Remedies for Infringement of User Rights
The company oversees and is responsible for personal information processing tasks, and designates a Personal Information Protection Officer as below for user complaint handling and damage remedies related to personal information processing:
<Personal Information Protection Officer>
| Category | Details |
| Name | Hyuk-jae Choi |
| contact@illuni.com | |
| Phone Number | 070-4128-9007 |
Users can consult with the Personal Information Protection Officer regarding all matters related to inquiries, complaint handling, and remedies for personal information protection arising from using the service. The company will respond and process these inquiries without delay.
Article 11) Changes to the Personal Information Processing Policy
The personal information processing policy will be applied from the date of implementation, and in case of any addition, deletion, or correction of changes according to related laws and policies, it will be promptly announced through the website.