Privacy Policy (2026-04-30)

한국어

Introduction

This Privacy Policy describes how Dotio, Inc. (hereinafter referred to as the “Company”) collects, uses, and protects the personal information of users in connection with the use of its BINDER cloud-based SaaS service (hereinafter referred to as the “Service”).

The Company complies with the Personal Information Protection Act of the Republic of Korea and other relevant laws, and establishes this Privacy Policy to protect usersʼ personal information and rights and to handle complaints promptly and appropriately.

This Policy also adheres to key principles of the EU General Data Protection Regulation(GDPR) and other applicable international data protection standards.

1. Purpose of Processing Personal Information

The Company processes personal information for the following purposes. The personal information being processed shall not be used for any purposes other than those stated herein, and if the purpose of use is changed, the Company will take necessary measures, such as obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act.

Service Sign-up and User Management

To confirm the intention to sign up for the Service; to identify and authenticate the users for the provision of Services; to maintain and manage user qualifications;

To enforce restrictions on users violating laws or Terms of Service; to prevent and sanction acts that interfere with the smooth operation of the Service, including fraudulent or unauthorized use.

To retain records for dispute resolution; to provide various notices and notifications; to handle complaints.

Provision of Goods or Service

To process purchases and payments for paid services; to deliver goods and services or send invoices; to collect fees.

Service Improvement and Analysis

To provide and improve services; to develop new services; to analyze and generate statistics on service usage;  where necessary, to analyze usage patterns and service usage records for the purpose of enhancing service to the Customer and onboarding .

Response to User Request

To receive and handle user inquiries; to handle complaints; to contact and notify users for fact-finding; to resolve disputes.

Provision of Materials and Content

To process brochure, white papers and content download requests.

Application and Operation of Free Trial

To confirm free trial requests, issue accounts, provide user guidance; to provide information on switch and payment.

2. Items of Personal Information Processed

The Company processes personal information by categorizing the relevant items according to their respective legal bases, in accordance with the Personal Information Protection Act and other applicable laws and regulations.

1. Items of personal information processed without obtaining the data subject’s consent

The Company processes the following personal information without obtaining the data subject’s consent only where permitted by applicable laws, including where necessary for the conclusion and performance of a contract, compliance with legal obligations, or the achievement of legitimate interests.

Service sign-up and account/authentication (including email/password and SSO)

Legal basis: Article 15(1)4 of the Personal Information Protection Act (conclusion and performance of a contract)

Items of personal information collected and used

(email sign-up/login) email address (ID), password, and date of joining the company

(SSO login)

Google SSO basic identification information within the scope provided by the SSO provider and permitted by the user, such as email address, name, and profile image

SAML SSO identification and authentication information transmitted in accordance with the customer’s SSO configuration, such as email address, name, and employee number/user ID

SSO-linked identification information: OAuth/SAML identifiers and token/session identifiers

Provision and operation of Service

Legal basis: Article 15(1)4 of the Personal Information Protection Act (conclusion and performance of a contract)

Items of personal information collected and used

name, email address, company name, and authorization /role

mandatory information generated in the course of using the Service (such as account status and history of authorization changes)

Payment and settlement for paid services

Legal basis: Article 15(1)4 of the Personal Information Protection Act (conclusion and performance of a contract)

Items of personal information collected and used

billing contact information (name, email address, and phone number)

Response to user request

Legal basis: Article 15(1)4 of the Personal Information Protection Act (conclusion and performance of a contract)

Items of personal information collected and used

name, company name, email address, and phone number

Provision of Materials and Content

Legal basis: Article 15(1)4 of the Personal Information Protection Act (conclusion and performance of a contract)

(for the purpose of taking actions in response to requests for the provision of materials)

Items of personal information collected and used

name, company name, email address, and phone number

Application and Operation of Free Trial

Legal basis: Article 15(1)4 of the Personal Information Protection Act (conclusion and performance of a contract)

(for the purpose of taking actions in response to requests for the provision of a free trial)

Items of personal information collected and used

name, company name, email address, and phone number, position

usage records generated in the course of operating the free trial

2. Items of personal information processed on the basis of the data subject’s consent

The Company processes the following personal information with the data subject’s consent (please note that refusal to consent may result in certain portions of services being restricted).

User Profile / Contact Information

Legal basis: Article 15(1)1 of the Personal Information Protection Act (consent)

Items of personal information collected and used

(optional) mobile phone number

3. Items collected automatically

The following personal information may be automatically generated and collected in the course of using the Services

Legal basis: Article 15(1)4 of the Personal Information Protection Act (conclusion and performance of a contract) or Article 15(1)1 of the Personal Information Protection Act (consent)

(for the purposes of ensuring service stability, security, error response, and quality improvement)

Items of personal information collected and used

(conclusion and performance of a contract) service usage records, access logs, access time, cookies (essential cookies) - information directly necessary to provide the service functions

(consent) IP address, cookies (cookies for service analytics purposes), device information (browser/OS), error logs - for security and quality improvement purposes

3. Retention and Use Period of Personal Information

The Company processes and retains personal information only for the period required by applicable laws or as consented to by the data subject at the time of collection.

The Company destroys personal information without delay once the purpose of processing such personal information has been achieved. However, where it is necessary to retain the information under applicable laws, the Company may store it for the period prescribed by those laws.

The specific processing and retention periods are as follows: Service sign-up and account management:

Personal information collected for Service sign-up is retained (as necessary for operational purposes such as preventing fraudulent use and responding to disputes up to 90 days after service withdrawal, unless one of the following exceptions applies:

If an investigation or inquiry for violation of laws is in progress, until the investigation or inquiry is completed.

If obligations or debts related to the use of the service remain, until such obligations or debts are settled.

If a dispute or complaint handling process (such as litigation or mediation) is in progress: until the conclusion of the dispute.

Provision of goods or services: Personal information collected for providing goods or services is retained until the completion of delivery and payment.

However, when required by relevant laws, the following records shall be retained for the specified period:  Under the Act on Consumer Protection in Electronic Commerce, etc.

Records of contracts, withdrawals, payments, and supply of goods: 5 years

Records of consumer complaints or dispute resolutions: 3 years

Records of advertisements and displays: 6 months

Under the Protection of Communications Secrets Act, Article 41

Computer communication logs, internet connection logs, and access tracking data: 3 months

Under the Value-Added Tax Act:

Tax invoices, receipts, and other transaction-related information: 5 years

4. Destruction of Personal Information

The Company destroys personal information without delay when the retention period expires or the processing purpose is achieved.

Notwithstanding the expiry of the retention period consented to by the data subject or the achievement of the processing purpose, if the Company is required to continue to retain the personal information under other laws, such personal information will be transferred to a separate database (DB) or stored in a different location.

The procedures and methods for destroying personal information are as follows:

Procedures of destruction: The Company selects the personal information for which a reason for destruction has arisen and destroys such personal information with the approval of the Company’s privacy officer.

Method of destruction

Electronic files: permanently deleted using secure, non-recoverable methods (e.g., low-level format)

Paper documents: shredded or incinerated securely

5. Provision of Personal Information to Third Parties

The Company processes data subject’s personal information only within the scope stated in Article 1 and does not disclose it to any third party without the data subject’s consent, except in the following cases:

When prior consent has been obtained from the data subject.

When information is provided in anonymized form for statistical, academic, or market research purposes.

When required by law or necessary to comply with legal obligations.

6. Entrustment of Personal Information Processing

The Company entrusts certain personal information processing tasks to third parties for efficient service delivery and supervises their compliance with personal information protection obligations.

Entrusted Company

Entrusted Operation

Channel Corporation, Inc.

Customer support and live chat service (ChannelTalk)

Amazon Web Services, Inc.

Server operation and data storage for service provision

Nice Payments Co., Ltd.

online card payment and escrow services

Alipeople Inc.

sending KakaoTalk notifications

Bolta Corporation

issuance of tax invoices for electronic payments

In accordance with Article 26 of the Personal Information Protection Act, the Company includes in its contracts clauses that prohibit entrusted companies from using personal information for purposes other than those entrusted, require technical and administrative protection measures, restrict re-entrustment, and establish accountability such as supervision and liability for damages. The Company regularly audits compliance with these requirements.

If there is any change in the content of entrusted work or the subcontractors, such updates will be disclosed promptly through this Privacy Policy.

In case of entrustment of personal information processing activities to an overseas service provider, please refer to Article 7 (Overseas transfer of Personal Information).

7. Overseas transfer of Personal Information

The Company transfers(entrusts) certain personal information to overseas service provider as follows

Company

Purpose of Transfer (Entrustment)

Country

Transfer Timing & Method

Data Protection Officer Contact

Transferred Data

Retention & Use Period

Google LLC

Service improvement and new feature development through behavioral analytics

United States

Transmitted to overseas servers during service use

googlekrsupport@google.com

Visit records, unique identifiers, browser and device settings, OS, network provider, IP address, timestamp, referrer URL

Until termination of the entrustment contract or 90 days after service withdrawal

Hotjar Ltd.

UX and behavioral analytics for service improvement

Malta

Transmitted via secure connection during service use

support@hotjar.com

Visit records, unique identifiers, browser settings, OS, referrer URL, system activity logs

Until termination of the entrustment contract or 90 days after service withdrawal

8. Measures to Ensure the Security of Personal Information

The Company implements the following measures to ensure the safety and security of personal information.

The Company has established and annually reviews an internal management plan for personal information protection, including the designation of a Chief Privacy Officer and the operation of a privacy management organization.

Access to databases containing personal information is restricted and controlled through access authorization management, preventing unauthorized internal or external access.

Records of system access by authorized personnel are stored and regularly reviewed to prevent misuse, loss, forgery, or alteration. Access logs are securely preserved to prevent tampering or loss.

The Company encrypts important information such as passwords for storage and management, and applies encrypted communication when transmitting personal information, thereby implementing necessary safeguards.

Physical storage areas containing personal data are managed with controlled access procedures and secured entry systems. The Company utilizes the physical safeguards of its cloud service providers and manages personal information securely through logical access controls such as account and authorization management.

9. Installation, Operation, and Refusal of Cookies and Other Automatic Collection Tools

The Company uses cookies to provide users with customized services and improve user experience.

A cookie is a small text file sent by the web server to the userʼs browser and also stored on the userʼs device.

Purpose of cookies: Cookies are used to identify user preferences, record access patterns, and maintain security sessions in order to provide optimized information.

Installation, operation, and rejection of cookies:

Chrome: Settings → Privacy and Security → Cookies and other site data → “Block/Allow”

Edge: Settings → Cookies and site permission → Cookies and site data → “Block/Allow”

Safari: Settings → Privacy → Block Cookies/ Manage website data

However, disabling cookies may limit certain personalized service features.

10. Rights and Obligations of Data Subjects and Their Legal Representatives

Data subjects may exercise their rights to access, correct, delete, or request suspension of processing of their personal information at any time.

In accordance with Article 41 1) of the Enforcement Decree of the Personal Information Protection Act, such rights may be exercised through written requests, email, or fax, and the Company will promptly take the necessary actions. When a data subject requests correction or deletion of inaccurate personal information, the Company will not use or provide such information until the correction or deletion is complete.

The rights under paragraph 1 may also be exercised through a legal representative or an authorized delegate. In this case, the power of attorney must be submitted in accordance with Form No. 11 of the Enforcement Rules of the Personal Information Protection Act.

Requests to access or suspend the processing of personal information may be restricted under Article 35 4) and Article 37 2) of the Personal Information Protection Act.

Requests for correction or deletion cannot be made when retention of the information is required by law.

When receiving a request for access, correction, deletion, or suspension of processing, the Company verifies that the requester is the data subject or their authorized representative.

11. Exception to the application of this Privacy Policy

The Company may provide links to third-party websites or materials through its service. In such cases, the Company does not have control over external websites or materials, and this Privacy Policy does not apply to any acts of personal information collection conducted by those external websites. Accordingly, the Company shall not be responsible or liable for any personal information infringement or damages that occur outside the Companyʼs website as a result of the user moving to other sites by clicking links included on the Companyʼs website.

12. Privacy Officer

The Company appoints a Privacy Officer responsible for overseeing personal information processing, handling complaints, and facilitating remedies.

Privacy Officer

Name: 송성재(Seongjae Song)

Position: CTO

Email: support@dotio.team

Data subjects may contact the Chief Privacy Officer for any inquiries, complaints, or relief regarding personal data. The Company will respond promptly and in good faith.

13. Relevant Authorities

For reports or consultations on personal information violations, users may also contact the following authorities:

Personal Information Infringement Report Center: privacy.kisa.or.kr

Supreme Prosecutorsʼ Office Cybercrime Division: spo.go.kr

National Police Agency Cyber Bureau: cyberbureau.police.go.kr

Personal Information Dispute Mediation Committee: www.kopico.go.kr

International users may directly contact hello@dotio.team for privacy-related inquiries and will receive responses in English if necessary.

14. Amendments to this Privacy Policy

This Privacy Policy is effective as of April 30, 2026.

Previous versions of the Privacy Policy are available below.

This Policy is governed by the laws of the Republic of Korea, and users outside Korea may also be subject to their local data protection laws (e.g., GDPR, CPRA).