Privacy Policy

Article 1 (Purpose of Processing Personal Information)

This Privacy Policy explains how TWMS (hereinafter "Company") processes personal information for the following purposes. Personal information being processed will not be used for purposes other than those stated below, and if the purpose of use changes, necessary measures such as obtaining separate consent will be implemented.

• Member Registration and Management: Personal information is processed for the purpose of confirming membership registration intent, identification and authentication for membership services, maintaining and managing membership status, and preventing fraudulent use of services.
• Service Provision: Personal information is processed for Instagram integration, automatic DM sending service provision, content delivery, and service usage record management.
• Customer Inquiry Response: Personal information is processed for verifying the identity of complainants, confirming complaints, contacting for fact-finding investigations, and notifying processing results.

Article 2 (Personal Information Items Collected)

The Company collects the following personal information for service provision:

• Required Items: Email address, password, Instagram account information (username, profile information)
• Automatically Collected Items: Service usage records, access logs, IP address, cookies, device information
• When Linking Instagram: Instagram access token, business account information, post and comment information

Article 3 (Processing and Retention Period of Personal Information)

1. The Company processes and retains personal information within the retention and use period prescribed by law or the period agreed upon when collecting personal information from data subjects.
2. The processing and retention periods for each type of personal information are as follows:
   • Member Information: Until membership withdrawal (however, if retention is required by relevant laws, for that period)
   • Service Usage Records: 3 years
   • Login Records: 1 year

Article 4 (Provision of Personal Information to Third Parties)

1. The Company processes personal information of data subjects only within the scope specified in Article 1 and provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as consent of the data subject or special provisions of the law.
2. For smooth service provision, the Company provides personal information to the minimum extent necessary with the consent of the data subject in the following cases:
   • Meta (Facebook/Instagram): Account information for service integration

Article 5 (Entrustment of Personal Information Processing)

The Company entrusts personal information processing as follows for smooth handling of personal information tasks:

• Cloud Service: Data storage and server operation
• Email Service: Member authentication and notification emails

When entering into entrustment contracts, the Company stipulates necessary matters in accordance with relevant laws to ensure that the trustee safely processes personal information.

Article 6 (Rights and Obligations of Data Subjects and How to Exercise Them)

Data subjects may exercise the following rights related to personal information protection against the Company at any time:

1. Request to access personal information
2. Request for correction if there are errors
3. Request for deletion
4. Request to stop processing

You can exercise your rights through the settings page within the service or by email, and the Company will take action without delay.

Article 7 (Destruction of Personal Information)

1. The Company destroys personal information without delay when it becomes unnecessary, such as when the retention period has elapsed or the purpose of processing has been achieved.
2. If personal information must continue to be retained under other laws despite the expiration of the retention period agreed upon by the data subject or the achievement of the purpose of processing, the personal information will be moved to a separate database (DB) or stored in a different location.
3. Procedures and methods for destruction of personal information:
   • Electronic files: Permanently deleted in a way that prevents recovery and reproduction
   • Records, printouts, documents: Shredded or incinerated

Article 8 (Measures to Ensure Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information:

• Personal Information Encryption: Important information such as passwords is encrypted for storage and management.
• Technical Measures Against Hacking: Security programs are installed with regular updates and inspections, and systems are installed in areas with controlled external access and monitored and blocked technically and physically.
• Retention and Tampering Prevention of Access Records: Records of access to personal information processing systems are retained and managed for at least 1 year.
• Restriction of Access to Personal Information: Necessary measures are taken to control access to personal information through granting, changing, and revoking access rights to database systems that process personal information.

Article 9 (Use of Cookies)

1. The Company uses 'cookies' that store and retrieve usage information to provide individualized customized services to users.
2. Cookies are small pieces of information sent by the server operating the website to the user's computer browser and may be stored on the hard disk of the user's PC.
3. Users can refuse to store cookies through web browser settings. However, in this case, service use may be restricted.

Article 10 (Personal Information Protection Officer)

The Company designates a Personal Information Protection Officer as follows to take overall responsibility for personal information processing and to handle complaints and remedy damages of data subjects related to personal information processing:

Data subjects may contact the Personal Information Protection Officer for any inquiries, complaints, or damage relief related to personal information protection arising from using the Company's services.

Article 11 (Methods for Remedy of Rights Infringement)

Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc. for relief from personal information infringement:

• Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
• Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
• Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
• National Police Agency: 182 (ecrm.cyber.go.kr)

Article 12 (Changes to Privacy Policy)

This Privacy Policy is effective from January 15, 2026. If there are additions, deletions, or modifications to the content according to laws and policies, notice will be given through announcements 7 days before the implementation of the changes.