COMUP Privacy Policy
Effective Date: December 8, 2025
COMUP (hereinafter the "Company") provides various reward-based mobile services that bring small benefits and joy to users' daily lives. The Company considers users' personal information to be of utmost importance and complies with applicable laws including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection.
This Privacy Policy applies to all reward services offered by the Company, including "Geumhandon" and related mobile applications and web services.
Article 1 (Items of Personal Information Collected and Collection Methods)
1. Items of Personal Information Collected
The Company may collect the following personal information for membership registration, identity verification, service provision, customer support, event participation, and more.
① When registering an account or using the service
| Type |
Items Collected |
Purpose |
| Required |
Email address (ID), password, nickname |
User identification, account management, basic service provision |
| Optional |
Profile image, gender, birth year, region of residence |
Personalized service, statistics, and analysis |
| Automatically Collected |
Device information (model, OS version), advertising ID (ADID/IDFA), app usage logs, access logs, cookies, IP address, violation records |
Service usage analysis, fraud prevention, personalized advertising, quality improvement |
② When providing rewards or using partner services
| Type |
Items Collected |
Purpose |
| Required |
Name, mobile phone number, shipping address (when sending physical goods) |
Delivery, prize notification, identity verification |
| Required (Tax Reporting) |
Name, Resident Registration Number |
Tax withholding and submission of income statements under the Income Tax Act |
| Optional |
Bank name, account number, account holder name (when selecting cash-type rewards) |
Cash reward payment, refunds, settlement processing |
※ Resident Registration Numbers are collected only to the extent required for tax withholding and reporting under the Income Tax Act. They are destroyed immediately after the purpose is fulfilled.
③ When contacting customer support
Email, mobile phone number, nickname, service usage history, inquiry content, attachments
→ Used for identity verification, customer support, and dispute management.
2. Methods of Collection
- Direct input by the user during app registration or service use
- Event/promotion pages, customer support channels
- Automatically generated data during service use (device info, log data, ad ID, etc.)
- Provided by partner companies with user consent
Article 2 (Purpose of Collecting and Using Personal Information)
- Membership verification, identity authentication, and account management
- Reward accumulation and payment (gold, coupons, physical goods), and tax processing
- Service usage tracking, statistics, and service improvement
- Prevention of fraudulent activity (macro use, virtual devices, abnormal clicks)
- Event notifications and marketing information (with prior consent)
- Customer support, dispute resolution, and compliance with legal obligations
Article 3 (Retention and Use Period of Personal Information)
- The Company destroys personal information without delay once the purpose of collection is fulfilled.
- However, certain information may be stored for a period mandated by law.
1. Retention under Company Policy
| Information |
Reason |
Period |
| Fraud records (penalty history, macro use, virtual device logs) |
Fraud prevention and recurrence prevention |
Up to 5 years |
2. Retention Required by Law
| Information |
Law |
Period |
| Contract and withdrawal records |
Consumer Protection Act |
5 years |
| Payment and supply of goods records |
Consumer Protection Act |
5 years |
| Complaint and dispute records |
Consumer Protection Act |
3 years |
| Log-in/log records |
Communications Privacy Act |
At least 3 months |
| Tax withholding information (name, RR number) |
Income Tax Act |
Up to 5 years after submission |
Article 4 (Provision of Personal Information to Third Parties)
- The Company does not provide personal information to third parties beyond the scope described in this Policy.
- Exceptions may apply:
- When the user has explicitly agreed in advance
- When required by law or requested by investigative agencies
- When provided in anonymized form for statistics or research
- When third-party sharing requires consent, the Company will notify users in advance.
Article 5 (Outsourcing of Personal Information Processing)
- The Company may outsource personal information processing to external service providers.
- Details of outsourced work and service providers are disclosed via app notices or the website.
- The Company supervises service providers in compliance with Article 26 of the Personal Information Protection Act.
Article 6 (User Rights and Methods of Exercising Rights)
- Users may request access, correction, deletion, or suspension of their personal information at any time.
- Legal guardians may exercise these rights for users under the age of 14.
- Requests may be made through app settings or customer support channels.
Article 7 (Procedures and Methods for Destruction of Personal Information)
- The Company destroys information without delay once the purpose is achieved.
- Electronic files are permanently deleted using secure technical methods; paper documents are shredded or incinerated.
- Sensitive information (such as RR numbers) is destroyed immediately after use or securely encrypted if retention is unavoidable.
Article 8 (Measures to Ensure Safety of Personal Information)
The Company implements the following measures to ensure the safety of personal information:
- Minimizing access authority and controlling access to personal information
- Encrypting important personal information and securing data transmission (e.g., SSL)
- Preventing malicious programs and conducting regular security inspections
- Providing regular training and management for employees who handle personal information
- Establishing and implementing internal management plans to prevent leakage, alteration, or damage of personal information
Article 9 (Personal Information Protection Officer and Manager)
The Company designates the following Personal Information Protection Officer to handle users’ inquiries and complaints regarding personal information processing:
| Personal Information Protection Officer |
Name: Sangchan Lee
Position: COMUP / Chief Privacy Officer
Email: comup.help@gmail.com
|
| Personal Information Manager |
Name: Hyojun Jeon
Email: comup.help@gmail.com
|
※ Actual contact information may change according to internal policy. Changes will be announced through the service notice or the official website.
Article 10 (Remedies for Personal Information Infringement)
If you wish to seek consultation or remedies regarding personal information infringement, you may contact the following organizations:
- Korea Internet & Security Agency (privacy.kisa.or.kr / 118)
- Supreme Prosecutors’ Office Cyber Crime Division (www.spo.go.kr / 1301)
- Korean National Police Agency Cyber Bureau (ecrm.cyber.go.kr)