Privacy Policy
Indent Corporation (https://spray.io hereinafter referred to as 'Company', 'Spray') complies with the personal information protection regulations of relevant laws and regulations that information and communication service providers must comply with, such as the Communications Secrets Protection Act, the Telecommunications Business Act, the Personal Information Protection Act, and the Act on Promotion of Information and Communications Network Utilization and Information Protection, and is committed to protecting the rights and interests of users by establishing a privacy policy in accordance with relevant laws and regulations.
The privacy policy may be changed if there are changes in laws or guidelines related to personal information, or if the company's policy changes, but we will notify members of the changes without delay and post them on the privacy policy change history page so that you can check them at any time.
The Company's Privacy Policy contains the following contents.
1.
Items of personal information to be collected and methods of collection
2.
Purpose of collection and use of personal information
3.
Provision of personal information to third parties
4.
Consignment of personal information processing
5.
Retention and use period of personal information
6.
Procedures and methods for destroying personal information
7.
Rights of users and legal representatives and how to exercise them
8.
Matters concerning the installation/operation and rejection of automatic personal information collection devices
9.
Measures to ensure the safety of personal information
10.
Contact information of the person in charge of personal information protection and the person in charge
11.
Notification of changes and request for consent
12.
Cross-Border Transfers
1. Items of Personal Information to be Collected and Methods of Collection
A. Items of personal information to be collected (Campaigner/Creator):
•
Name, date of birth, gender, mobile phone number, shipping address, email address, SNS ID, PayPal ID, Bank account number, Swift Code, Bank name
•
Additional personal information required for participation in campaigns (e.g., size information, color information, skin type, age, etc.)
•
Payout & Settlement Information (for Creators/Affiliates): bank name, account holder name, account number, bank code or SWIFT/BIC (for international transfers), payout currency, and legally required tax identifiers (e.g., business registration number, taxpayer ID).
•
The Company does not collect online banking passwords, one-time authentication codes, or other financial authentication credentials.
B. Collection Method
•
Personal information is collected after you express your intention to participate in the campaign.
•
Payout information is collected when Creators/Affiliates enroll or update payout settings through secure channels such as designated forms or dashboards. The Company does not collect payout information through unsecured channels such as email or instant messaging.
2. Purpose of Collecting and Using Personal Information
Spray collects and utilizes necessary information related to the operation of affiliate marketing campaigns.
User data collected through Google Workspace APIs (including Gmail API) is used restrictively as follows:
1.
No data collected through Google Workspace APIs will be used for the development, improvement, or training of generalized artificial intelligence (AI) or machine learning (ML) models.
2.
The collected data will only be used to provide direct functionality of Spray service.
3.
We comply with Google's API Services User Data Policy.
4.
Payout & Settlement: to execute commission payments, refunds, and adjustments to Creators/Affiliates.
5.
Accounting & Tax Compliance: to maintain records, prepare mandatory statements, and comply with reporting obligations.
6.
Fraud Prevention: to detect and prevent fraudulent or abnormal payout activities.
7.
Customer Support: to respond to inquiries about payout status, corrections, or trace requests.
3. Provision of Personal Information to Third Parties
Spray does not provide personal information to third parties except in cases falling under Article 17 of the Personal Information Protection Act, such as separate consent of the information subject, special provisions of the law, etc.
When executing payouts, and only with the consent of the Creator/Affiliate or as necessary to perform the contract, Spray may provide the minimum necessary information (e.g., name, bank name, account number, tax ID) to financial institutions, payment processors, or tax authorities, solely for settlement and compliance purposes.
4. Consignment of Personal Information Processing
Spray consigns personal information as follows to improve its services, and stipulates the necessary matters to ensure that personal information is managed safely in the consignment contract in accordance with the relevant laws and regulations.
•
Service-based infrastructure operation. Entrustee (Trustee): Amazon Web Services, Inc (Korea)
Contents: Operation of infrastructure where personal information is stored.
•
Consignee (Trustee): Summers Platform (BizM)
Contents: Consignment of Kakao Alert Talk to campaign participants.
Additional entrusted parties (if applicable):
•
Payment Processor / Settlement Agency: handling domestic and international payouts and reconciliation.
•
Banks / Financial Institutions: executing bank transfers and handling related compliance checks.
Retention period: Until withdrawal, statutory expiration, or end of the consignment contract.
5. Retention and Use Period of Personal Information
Grounds for Retention | Records Retained | Retention Period |
Act on the Protection of Communications Secrets | Personal information related to service use (login records) | 3 months |
Act on Consumer Protection in Electronic Commerce, etc. | Personal information related to service use (login records) | 5 years |
Act on Consumer Protection in Electronic Commerce, etc. | Records on payment and supply of goods, etc. | 5 years |
Act on Consumer Protection in Electronic Commerce, etc. | Records on consumer complaints or dispute handling | 3 years |
Company internal policies | Records of fraudulent or abnormal usage: Mobile phone number, email address, IP, log records | 1 year |
Electronic Financial Transactions Act | Payout and settlement transaction records | 5 years |
Framework Act on National Taxes / Corporate Tax Act | Accounting and tax records related to payouts and commissions | 5 years |
Commercial Act | Commercial books and important business documents (if applicable) | 10 years |
6. Destruction of Personal Information
In principle, the Company destroys the collected personal information immediately after the purpose of use is achieved.
Payout information (e.g., bank account numbers, tax identifiers) is encrypted while stored. After the applicable retention period has expired, it is irreversibly deleted from active systems and scheduled for deletion from backups. Where payout information was shared with processors, Spray requires such processors to delete or anonymize the information once their legal retention obligations expire.
•
A. Destruction Procedure: After retention period, destroyed without delay.
•
B. Method of Destruction:
◦
Electronic files → permanent technical deletion
◦
Paper documents → shredding or incineration
7. Rights of Users and Legal Representatives and How to Exercise Them
Members and their legal representatives may request access, modification, withdrawal of consent, deletion, etc. of personal information processed by the Company at any time, and may also request deletion of their accounts.
Creators/Affiliates may request access to, correction of, or deletion of payout information at any time. Where laws require retention for accounting or tax purposes, Spray may retain the minimum necessary information for the mandated period, after which it will be deleted.
8. Installation/Operation and Refusal of Automatic Personal Information Collection Devices
In order to provide appropriate services to visitors to the Company's website, the Company uses 'cookies' to store and retrieve users' information from time to time. Cookies are small amounts of information sent to the user's computer browser by the server (HTTP) used to operate the website, and are also stored on the hard disk of the user's PC computer.
A. Purpose of use of cookies Cookies are used to store and retrieve information of users. Cookies are used to prevent duplicate notifications of pop-up notices. Cookies are used to prevent pop-ups for writing reviews.
B. Installation/operation and refusal of cookies You have the option to install cookies. Therefore, you can accept all cookies, confirm each time a cookie is saved, or refuse to save all cookies by setting options in your web browser.
To refuse to set cookies, you can accept all cookies, confirm each time a cookie is saved, or refuse to save all cookies by selecting options in your web browser. - Example settings (for Internet Explorer): Tools > Internet Options > Privacy at the top of your web browser.
9. Measures to secure the safety of personal information
In accordance with Article 29 of the Personal Information Protection Act, Spray takes the following technical/administrative and physical measures necessary to ensure safety:
A. Minimization of personal information processing staff Spray designates employees who process personal information and implements measures to manage personal information by minimizing access rights.
B. Establishment and implementation of internal management plan Spray establishes and implements an internal management plan for the safe processing of personal information. Spray conducts regular in-house and external training for employees who handle personal information on acquiring new security skills and their obligations to protect personal information. The handover of personal information-related tasks is carried out thoroughly while maintaining security, and responsibilities for personal information accidents are clarified after joining and leaving the company. We prevent information leakage by employees in advance by requiring newly hired employees to sign an information protection pledge or privacy pledge, and we have established and continuously implement internal procedures to audit the implementation of the privacy policy and compliance by employees. In addition, if your personal information is lost, leaked, altered, or damaged due to an internal manager's mistake or technical management accident, Spray will immediately notify you and take appropriate measures and compensation.
C. Encryption of Personal Information Your personal information is stored and managed with an encrypted password so that only you can know it, and for important data, we use separate security functions such as encrypting file and transmission data or using a file lock function.
D. Restriction of access to personal information We take necessary measures to control access to personal information by granting, changing, or canceling access rights to the database system that processes personal information, and we use an intrusion prevention system to control unauthorized access from the outside.
10. Personal Information Protection Officer
Spray is responsible for the overall handling of personal information and designates the person in charge of personal information protection as follows to handle complaints and remedy damages of information subjects related to the handling of personal information.
•
Personal Information Protection Officer: Chung soo Kim (COO)
Email: chungsoo.kim@indentcorp.com
•
Department in charge: Customer Support
Email: contact@indentcorp.com
11. Notification of Changes and Request for Consent
This Privacy Policy is applicable from the effective date. If the company changes the privacy policy, the company will continuously disclose the timing of the change and implementation, and the changed contents, and the changed contents will be disclosed at least 7 days in advance by comparing the before and after changes so that members can easily check them.
12. Cross-Border Transfers
If Spray uses an overseas payment processor or financial institution to execute payouts, the Company will provide prior notice and obtain consent as required by applicable laws. This includes disclosing the destination country, recipient, items transferred, purpose, retention period, and safeguards in place.·
•
Effective Date: April 10, 2025
