Privacy Policy (2026-04-30)
한국어Introduction
This Privacy Policy describes how Dotio, Inc. (hereinafter referred to as the “Company”) collects, uses, and protects the personal information of users in connection with the use of its BINDER cloud-based SaaS service (hereinafter referred to as the “Service”).
The Company complies with the Personal Information Protection Act of the Republic of Korea and other relevant laws, and establishes this Privacy Policy to protect usersʼ personal information and rights and to handle complaints promptly and appropriately.
This Policy also adheres to key principles of the EU General Data Protection Regulation(GDPR) and other applicable international data protection standards.
1. Purpose of Processing Personal Information
The Company processes personal information for the following purposes. The personal information being processed shall not be used for any purposes other than those stated herein, and if the purpose of use is changed, the Company will take necessary measures, such as obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act.
Service Sign-up and User Management
To confirm the intention to sign up for the Service; to identify and authenticate the users for the provision of Services; to maintain and manage user qualifications;
To enforce restrictions on users violating laws or Terms of Service; to prevent and sanction acts that interfere with the smooth operation of the Service, including fraudulent or unauthorized use.
To retain records for dispute resolution; to provide various notices and notifications; to handle complaints.
Provision of Goods or Service
To process purchases and payments for paid services; to deliver goods and services or send invoices; to collect fees.
Service Improvement and Analysis
To provide and improve services; to develop new services; to analyze and generate statistics on service usage; where necessary, to analyze usage patterns and service usage records for the purpose of enhancing service to the Customer and onboarding .
Response to User Request
To receive and handle user inquiries; to handle complaints; to contact and notify users for fact-finding; to resolve disputes.
Provision of Materials and Content
To process brochure, white papers and content download requests.
Application and Operation of Free Trial
To confirm free trial requests, issue accounts, provide user guidance; to provide information on switch and payment.
2. Items of Personal Information Processed
The Company processes personal information by categorizing the relevant items according to their respective legal bases, in accordance with the Personal Information Protection Act and other applicable laws and regulations.
1. Items of personal information processed without obtaining the data subject’s consent
The Company processes the following personal information without obtaining the data subject’s consent only where permitted by applicable laws, including where necessary for the conclusion and performance of a contract, compliance with legal obligations, or the achievement of legitimate interests.
Service sign-up and account/authentication (including email/password and SSO)
Legal basis: Article 15(1)4 of the Personal Information Protection Act (conclusion and performance of a contract)
Items of personal information collected and used
(email sign-up/login) email address (ID), password, and date of joining the company
(SSO login)
Google SSO basic identification information within the scope provided by the SSO provider and permitted by the user, such as email address, name, and profile image
SAML SSO identification and authentication information transmitted in accordance with the customer’s SSO configuration, such as email address, name, and employee number/user ID
SSO-linked identification information: OAuth/SAML identifiers and token/session identifiers
Provision and operation of Service
Legal basis: Article 15(1)4 of the Personal Information Protection Act (conclusion and performance of a contract)
Items of personal information collected and used
name, email address, company name, and authorization /role
mandatory information generated in the course of using the Service (such as account status and history of authorization changes)
Payment and settlement for paid services
Legal basis: Article 15(1)4 of the Personal Information Protection Act (conclusion and performance of a contract)
Items of personal information collected and used
billing contact information (name, email address, and phone number)
Response to user request
Legal basis: Article 15(1)4 of the Personal Information Protection Act (conclusion and performance of a contract)
Items of personal information collected and used
name, company name, email address, and phone number
Provision of Materials and Content
Legal basis: Article 15(1)4 of the Personal Information Protection Act (conclusion and performance of a contract)
(for the purpose of taking actions in response to requests for the provision of materials)
Items of personal information collected and used
name, company name, email address, and phone number
Application and Operation of Free Trial
Legal basis: Article 15(1)4 of the Personal Information Protection Act (conclusion and performance of a contract)
(for the purpose of taking actions in response to requests for the provision of a free trial)
Items of personal information collected and used
name, company name, email address, and phone number, position
usage records generated in the course of operating the free trial
2. Items of personal information processed on the basis of the data subject’s consent
The Company processes the following personal information with the data subject’s consent (please note that refusal to consent may result in certain portions of services being restricted).
User Profile / Contact Information
Legal basis: Article 15(1)1 of the Personal Information Protection Act (consent)
Items of personal information collected and used
(optional) mobile phone number
3. Items collected automatically
The following personal information may be automatically generated and collected in the course of using the Services
Legal basis: Article 15(1)4 of the Personal Information Protection Act (conclusion and performance of a contract) or Article 15(1)1 of the Personal Information Protection Act (consent)
(for the purposes of ensuring service stability, security, error response, and quality improvement)
Items of personal information collected and used
(conclusion and performance of a contract) service usage records, access logs, access time, cookies (essential cookies) - information directly necessary to provide the service functions
(consent) IP address, cookies (cookies for service analytics purposes), device information (browser/OS), error logs - for security and quality improvement purposes
3. Retention and Use Period of Personal Information
The Company processes and retains personal information only for the period required by applicable laws or as consented to by the data subject at the time of collection.
The Company destroys personal information without delay once the purpose of processing such personal information has been achieved. However, where it is necessary to retain the information under applicable laws, the Company may store it for the period prescribed by those laws.
The specific processing and retention periods are as follows: Service sign-up and account management:
Personal information collected for Service sign-up is retained (as necessary for operational purposes such as preventing fraudulent use and responding to disputes up to 90 days after service withdrawal, unless one of the following exceptions applies:
If an investigation or inquiry for violation of laws is in progress, until the investigation or inquiry is completed.
If obligations or debts related to the use of the service remain, until such obligations or debts are settled.
If a dispute or complaint handling process (such as litigation or mediation) is in progress: until the conclusion of the dispute.
Provision of goods or services: Personal information collected for providing goods or services is retained until the completion of delivery and payment.
However, when required by relevant laws, the following records shall be retained for the specified period: Under the Act on Consumer Protection in Electronic Commerce, etc.
Records of contracts, withdrawals, payments, and supply of goods: 5 years
Records of consumer complaints or dispute resolutions: 3 years
Records of advertisements and displays: 6 months
Under the Protection of Communications Secrets Act, Article 41
Computer communication logs, internet connection logs, and access tracking data: 3 months
Under the Value-Added Tax Act:
Tax invoices, receipts, and other transaction-related information: 5 years
4. Destruction of Personal Information
The Company destroys personal information without delay when the retention period expires or the processing purpose is achieved.
Notwithstanding the expiry of the retention period consented to by the data subject or the achievement of the processing purpose, if the Company is required to continue to retain the personal information under other laws, such personal information will be transferred to a separate database (DB) or stored in a different location.
The procedures and methods for destroying personal information are as follows:
Procedures of destruction: The Company selects the personal information for which a reason for destruction has arisen and destroys such personal information with the approval of the Company’s privacy officer.
Method of destruction
Electronic files: permanently deleted using secure, non-recoverable methods (e.g., low-level format)
Paper documents: shredded or incinerated securely
5. Provision of Personal Information to Third Parties
The Company processes data subject’s personal information only within the scope stated in Article 1 and does not disclose it to any third party without the data subject’s consent, except in the following cases:
When prior consent has been obtained from the data subject.
When information is provided in anonymized form for statistical, academic, or market research purposes.
When required by law or necessary to comply with legal obligations.
6. Entrustment of Personal Information Processing
The Company entrusts certain personal information processing tasks to third parties for efficient service delivery and supervises their compliance with personal information protection obligations.
Entrusted Company
Entrusted Operation
Channel Corporation, Inc.
Customer support and live chat service (ChannelTalk)
Amazon Web Services, Inc.
Server operation and data storage for service provision
Nice Payments Co., Ltd.
online card payment and escrow services
Alipeople Inc.
sending KakaoTalk notifications
Bolta Corporation
issuance of tax invoices for electronic payments
In accordance with Article 26 of the Personal Information Protection Act, the Company includes in its contracts clauses that prohibit entrusted companies from using personal information for purposes other than those entrusted, require technical and administrative protection measures, restrict re-entrustment, and establish accountability such as supervision and liability for damages. The Company regularly audits compliance with these requirements.
If there is any change in the content of entrusted work or the subcontractors, such updates will be disclosed promptly through this Privacy Policy.
In case of entrustment of personal information processing activities to an overseas service provider, please refer to Article 7 (Overseas transfer of Personal Information).
7. Overseas transfer of Personal Information
The Company transfers(entrusts) certain personal information to overseas service provider as follows
Company
Purpose of Transfer (Entrustment)
Country
Transfer Timing & Method
Data Protection Officer Contact
Transferred Data
Retention & Use Period
Google LLC
Service improvement and new feature development through behavioral analytics
United States
Transmitted to overseas servers during service use
googlekrsupport@google.com
Visit records, unique identifiers, browser and device settings, OS, network provider, IP address, timestamp, referrer URL
Until termination of the entrustment contract or 90 days after service withdrawal
Hotjar Ltd.
UX and behavioral analytics for service improvement
Malta
Transmitted via secure connection during service use
support@hotjar.com
Visit records, unique identifiers, browser settings, OS, referrer URL, system activity logs
Until termination of the entrustment contract or 90 days after service withdrawal
8. Measures to Ensure the Security of Personal Information
The Company implements the following measures to ensure the safety and security of personal information.
The Company has established and annually reviews an internal management plan for personal information protection, including the designation of a Chief Privacy Officer and the operation of a privacy management organization.
Access to databases containing personal information is restricted and controlled through access authorization management, preventing unauthorized internal or external access.
Records of system access by authorized personnel are stored and regularly reviewed to prevent misuse, loss, forgery, or alteration. Access logs are securely preserved to prevent tampering or loss.
The Company encrypts important information such as passwords for storage and management, and applies encrypted communication when transmitting personal information, thereby implementing necessary safeguards.
Physical storage areas containing personal data are managed with controlled access procedures and secured entry systems. The Company utilizes the physical safeguards of its cloud service providers and manages personal information securely through logical access controls such as account and authorization management.
9. Installation, Operation, and Refusal of Cookies and Other Automatic Collection Tools
The Company uses cookies to provide users with customized services and improve user experience.
A cookie is a small text file sent by the web server to the userʼs browser and also stored on the userʼs device.
Purpose of cookies: Cookies are used to identify user preferences, record access patterns, and maintain security sessions in order to provide optimized information.
Installation, operation, and rejection of cookies:
Chrome: Settings → Privacy and Security → Cookies and other site data → “Block/Allow”
Edge: Settings → Cookies and site permission → Cookies and site data → “Block/Allow”
Safari: Settings → Privacy → Block Cookies/ Manage website data
However, disabling cookies may limit certain personalized service features.
10. Rights and Obligations of Data Subjects and Their Legal Representatives
Data subjects may exercise their rights to access, correct, delete, or request suspension of processing of their personal information at any time.
In accordance with Article 41 1) of the Enforcement Decree of the Personal Information Protection Act, such rights may be exercised through written requests, email, or fax, and the Company will promptly take the necessary actions. When a data subject requests correction or deletion of inaccurate personal information, the Company will not use or provide such information until the correction or deletion is complete.
The rights under paragraph 1 may also be exercised through a legal representative or an authorized delegate. In this case, the power of attorney must be submitted in accordance with Form No. 11 of the Enforcement Rules of the Personal Information Protection Act.
Requests to access or suspend the processing of personal information may be restricted under Article 35 4) and Article 37 2) of the Personal Information Protection Act.
Requests for correction or deletion cannot be made when retention of the information is required by law.
When receiving a request for access, correction, deletion, or suspension of processing, the Company verifies that the requester is the data subject or their authorized representative.
11. Exception to the application of this Privacy Policy
The Company may provide links to third-party websites or materials through its service. In such cases, the Company does not have control over external websites or materials, and this Privacy Policy does not apply to any acts of personal information collection conducted by those external websites. Accordingly, the Company shall not be responsible or liable for any personal information infringement or damages that occur outside the Companyʼs website as a result of the user moving to other sites by clicking links included on the Companyʼs website.
12. Privacy Officer
The Company appoints a Privacy Officer responsible for overseeing personal information processing, handling complaints, and facilitating remedies.
Privacy Officer
Name: 송성재(Seongjae Song)
Position: CTO
Email: support@dotio.team
Data subjects may contact the Chief Privacy Officer for any inquiries, complaints, or relief regarding personal data. The Company will respond promptly and in good faith.
13. Relevant Authorities
For reports or consultations on personal information violations, users may also contact the following authorities:
Personal Information Infringement Report Center: privacy.kisa.or.kr
Supreme Prosecutorsʼ Office Cybercrime Division: spo.go.kr
National Police Agency Cyber Bureau: cyberbureau.police.go.kr
Personal Information Dispute Mediation Committee: www.kopico.go.kr
International users may directly contact hello@dotio.team for privacy-related inquiries and will receive responses in English if necessary.
14. Amendments to this Privacy Policy
This Privacy Policy is effective as of April 30, 2026.
- Date of Notice: April 23, 2026
- Effective Date: April 30, 2026
Previous versions of the Privacy Policy are available below.
- Applicable from November 29, 2024 to April 29, 2026
This Policy is governed by the laws of the Republic of Korea, and users outside Korea may also be subject to their local data protection laws (e.g., GDPR, CPRA).