Logo
SajuNova
Articles

Privacy Policy

SajuNova Service Privacy Protection Policy

December 1, 2025: December 1, 2025

Privacy Officer: support@sajunova.com

Table of Contents

  1. Purpose of Personal Information Processing
  2. Personal Information Items Collected
  3. Personal Information Processing and Retention Period
  4. Provision of Personal Information to Third Parties
  5. Consignment of Personal Information Processing
  6. Rights of Data Subjects and Exercise Methods
  7. Security Measures for Personal Information
  8. Cookie Operation and Rejection
  9. Privacy Officer and Contact Information
  10. Changes to Privacy Policy
  11. Personal Information Infringement Report Centers

Article 1 (Purpose of Personal Information Processing)

The Company (Stocel, hereinafter "Company") processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those stated below, and if the purpose of use changes, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

Service Provision

  • Collection and processing of birth date/time information for Saju analysis
  • Generation and provision of Saju analysis results
  • Provision of AI-powered personalized fortune interpretation
  • Delivery of analysis results via email (including PDF)

Payment and Settlement

  • Processing payments for paid services
  • Management of payment history and refund processing
  • Issuance of receipts and tax invoices

Customer Support

  • Responding to customer inquiries and handling complaints
  • Providing service usage guidance and notices
  • Statistical analysis for service improvement and quality enhancement

Legal Compliance

  • Record retention according to E-Commerce Act, Consumer Protection Act, and other relevant laws
  • Dispute resolution and civil complaint handling

Article 2 (Personal Information Items Collected)

The Company collects the minimum personal information necessary to provide services.

Required Collection Items

  • Birth Date/Time Information: Birth date, birth time, birth location time zone (for timezone calculation)
  • Email Address: For delivering Saju analysis results and customer support
  • Payment Information: Payment method, payment amount (Note: Sensitive payment information such as card numbers is processed directly by the payment gateway and is not stored by the Company)

Optional Collection Items

  • Name or Nickname: Used for personalized analysis results (optional input)

Automatically Collected Items

  • Service Usage Records: Access logs, IP address, cookies, visit date/time, service usage records
  • Device Information: Browser type, OS type, screen size, etc.

The Company does not collect personal information of children under 14 years of age. If a child under 14 wishes to use the service, consent from a legal guardian is required.

Article 3 (Personal Information Processing and Retention Period)

The Company processes and retains personal information within the period required by law or the period agreed upon when collecting personal information from data subjects.

Saju Analysis Service Related Information

Immediately destroyed after service provision completion: Immediately destroyed after service provision completion

Birth date/time information and Saju analysis results are immediately deleted after email delivery. However, they may be temporarily stored until the user requests re-analysis or deletion.

Payment and Transaction Information

Immediately destroyed after service provision completion: 5 years

The following information is retained according to the E-Commerce Act:

  • Records of contracts or withdrawal of subscription: 5 years
  • Records of payment and supply of goods: 5 years
  • Records of consumer complaints or dispute resolution: 3 years

Service Usage Records

Immediately destroyed after service provision completion: 3 months

Service usage records such as access logs and IP addresses are retained according to the Protection of Communications Secrets Act.

Marketing and Advertising Consent Information

Immediately destroyed after service provision completion: Until consent withdrawal

Retained and used until the data subject withdraws consent or the purpose is achieved.

Personal Information Destruction Procedures and Methods

The Company destroys personal information without delay when the retention period expires or the processing purpose is achieved.

Destruction Procedure

Information entered by users is transferred to a separate DB (separate documents in case of paper) after purpose achievement and stored for a certain period according to internal policies and relevant laws before destruction.

Destruction Method

Information in electronic file format is deleted using technical methods that prevent record reproduction, and personal information printed on paper is destroyed by shredding or incineration.

Article 4 (Provision of Personal Information to Third Parties)

The Company processes personal information only within the scope specified in Article 1 (Purpose of Personal Information Processing) and provides personal information to third parties only when consent of the data subject, special provisions of law, or cases under Articles 17 and 18 of the Personal Information Protection Act apply.

PostHog

Service usage analysis and improvement: Service usage analysis and improvement

Service usage records, device information: Service usage records, device information

Until account deletion or contract termination: Until account deletion or contract termination

PostHog is a US-based product analysis platform compliant with GDPR.

Amazon Web Services (AWS)

Service usage analysis and improvement: Service infrastructure provision and data storage

Service usage records, device information: Service usage records, log data

Until account deletion or contract termination: During service provision period

AWS holds ISO 27001 and SOC 2 certifications, processing data in the Seoul region.

The Company does not provide personal information without consent of data subjects except for the third-party provisions above. However, the following cases are exceptions:

  • When there are special provisions in laws
  • When the data subject or legal representative is unable to express intent or prior consent cannot be obtained due to unknown address, and it is clearly recognized as necessary for urgent life, body, or property interests of the data subject or third party
  • When providing personal information in a form that cannot identify specific individuals for purposes such as statistical compilation and academic research

Article 5 (Consignment of Personal Information Processing)

The Company consigns personal information processing tasks as follows to provide smooth services.

Vercel

Website hosting and deployment: Website hosting and deployment

Access logs, IP address: Access logs, IP address

During service provision period: During service provision period

Supabase

Website hosting and deployment: Database management and authentication

Access logs, IP address: Email, payment information, Saju analysis results (temporary storage)

During service provision period: During service provision period

  • When concluding consignment contracts, the Company specifies in documents such as contracts matters related to prohibition of personal information processing other than the purpose of consignment work, technical and managerial protective measures, restrictions on re-consignment, management and supervision of trustees, and liability for damages in accordance with Article 26 of the Personal Information Protection Act, and supervises whether trustees safely process personal information.
  • If the content of consigned work or trustees change, it will be disclosed through this Privacy Policy without delay.

Article 6 (Rights of Data Subjects and Exercise Methods)

Data subjects may exercise the following personal information protection rights against the Company at any time.

Request for Access to Personal Information

Users may request access to their personal information. However, cases where access is restricted or prohibited by law are exceptions.

Request for Correction or Deletion of Personal Information

Users may request correction or deletion of their personal information held by the Company. However, if the personal information is specified as a collection target in other laws, deletion cannot be requested.

Request for Suspension of Personal Information Processing

Users may request suspension of processing of their personal information. However, requests for processing suspension may be denied in cases where there are special provisions in law or it is unavoidable to comply with legal obligations.

Methods of Exercising Rights

Data subjects may exercise their rights by the following methods:

  • Email: Submit request to support@sajunova.com
  • Written mail: Send request by mail to the Company's address (identity verification required)
  • Notification of processing results within 10 business days after receiving request
  • The Company will take action within 10 days from the date of receiving a request to exercise data subject rights, and will notify the data subject of the reason if action is impossible.
  • If a data subject requests correction or deletion of errors in personal information, the Company will not use or provide the personal information until the correction or deletion is completed.
  • For children under 14 years of age, legal guardians may exercise rights regarding the child's personal information.

Article 7 (Security Measures for Personal Information)

The Company takes the following measures to ensure the security of personal information.

Administrative Measures

  • Establishment and implementation of internal management plans
  • Minimization of personal information processing staff and training
  • Regular self-audits

Technical Measures

  • Encryption of personal information: Important personal information such as birth date/time and email is encrypted for storage and transmission
  • Technical measures against hacking: Installation of firewalls, operation of intrusion detection systems
  • Storage and tampering prevention of access records: Personal information processing system access records are stored for at least 6 months
  • Installation and periodic update of security programs: Installation and update of antivirus programs

Physical Measures

  • Access control to computer rooms and data storage rooms: Control of entry to physical locations where personal information is stored

The Company continuously improves security systems to protect personal information and applies the latest security technologies to ensure safe management of personal information.

Article 8 (Cookie Operation and Rejection)

The Company uses cookies to provide personalized and customized services to users.

What are Cookies?

Cookies are small pieces of information sent by the server operating a website to the user's browser and stored on the user's computer hard drive. The Company stores user preferred settings through cookies to provide users with a fast and convenient web environment.

Purpose of Cookie Use

  • Analyzing user access frequency and visit times for service improvement
  • Understanding user interests to provide customized information
  • Identifying website visit and usage patterns
  • Temporary storage of information entered during service use
  • Marketing and advertising optimization

Cookie Installation, Operation, and Rejection

Users have the option to install cookies. Therefore, by setting options in the web browser, you can allow all cookies, go through confirmation each time a cookie is stored, or refuse storage of all cookies.

  • Chrome: Settings > Privacy and Security > Cookies and Other Site Data
  • Safari: Preferences > Privacy > Cookies and Website Data
  • Firefox: Settings > Privacy and Security > Cookies and Site Data
  • Edge: Settings > Cookies and Site Permissions

However, refusing cookie storage may cause difficulties in using some services that require login.

Article 9 (Privacy Officer and Contact Information)

The Company designates a privacy officer as follows to take overall responsibility for personal information processing and handle complaints and remedy damages related to personal information processing by data subjects.

Privacy Officer: SajuNova Operations Team

support@sajunova.com: support@sajunova.com

Response within 3 business days: Response within 3 business days

Data subjects may contact the privacy officer regarding all personal information protection-related inquiries, complaint handling, damage remedy, etc. that occur while using the Company's services. The Company will respond and process data subject inquiries without delay.

Article 10 (Changes to Privacy Policy)

  • This Privacy Policy applies from December 1, 2025.
  • Previous Privacy Policies can be found below.
  • If there are additions, deletions, or modifications to the Privacy Policy, it will be announced through the website's notice at least 7 days before the revision.
  • For significant changes, announcements will be made at least 30 days in advance, and individual notifications will be sent via email if necessary.

Privacy Policy Change History

  • v1.0 (December 1, 2025): Initial enactment

Article 11 (Personal Information Infringement Report Centers)

Data subjects may apply for dispute resolution or counseling to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc. to receive remedy for personal information infringement.

Personal Information Dispute Mediation Committee

1833-6972 (without area code): 1833-6972 (without area code)

www.kopico.go.kr: www.kopico.go.kr

Personal Information Infringement Report Center (Operated by Korea Internet & Security Agency)

1833-6972 (without area code): 118 (without area code)

www.kopico.go.kr: privacy.kisa.or.kr

Supreme Prosecutors' Office Cyber Crime Investigation Division

1833-6972 (without area code): 02-3480-3573

www.kopico.go.kr: www.spo.go.kr

National Police Agency Cyber Safety Bureau

1833-6972 (without area code): 182 (without area code)

www.kopico.go.kr: cyberbureau.police.go.kr

Those whose rights or interests have been infringed by dispositions or non-actions by the head of a public institution in response to requests under Article 35 (Access to Personal Information), Article 36 (Correction or Deletion of Personal Information), and Article 37 (Suspension of Personal Information Processing) of the Personal Information Protection Act may file an administrative appeal in accordance with the Administrative Appeals Act.

SajuNova - Korean Fortune Telling for $1