Privacy Policy

Effective Date: March 11, 2026

ShareInvest Corp. (hereinafter the "Company") respects the personal information of data subjects who use PageMint and related services (the "Service"), and processes personal information lawfully and safely in accordance with the Personal Information Protection Act and other applicable laws. To inform data subjects of the procedures and standards for the processing of their personal information, and to handle related grievances promptly and smoothly, the Company establishes and publishes this Privacy Policy.

This Privacy Policy applies together with the PageMint Terms of Service. This English version is provided for convenience only. In the event of any discrepancy or inconsistency between the Korean version and this English version, the Korean version shall prevail.

Key Data Processing at a Glance

This summary is provided to help data subjects quickly understand the Company's data practices. The detailed provisions and legal effect are governed by the articles below.

1. Information Collected
• Name, email address, profile image, OAuth identifier
• Generation requests, uploaded Content, projects, and Output
• Payment status, transaction identifiers, order information
• Access records, IP address, browser and device information, error logs

2. Purposes of Use
• Member registration and login, identity verification
• Provision and operation of the Service
• Customer support, security, and fraud prevention
• Paid Services, payment, and refund handling
• Usage statistics and feature improvement
• Compliance with legal obligations, dispute response, and rights protection

3. Retention Periods
• Member information: until membership withdrawal
• Projects, Output, and related data: until membership withdrawal or termination of the user agreement (may be retained for up to 30 additional days for recovery, dispute response, or operational needs)
• Information required to be retained by law: for the statutory retention period

4. Third-Party Provision and Cross-Border Transfer
• Selected information is provided to Paddle for payment processing
• Cross-border processors include social login (Apple, Meta, Google), file storage (AWS S3 in the Tokyo region), AI generation (OpenAI, Anthropic), and search (Exa)
• Kakao Corporation (Kakao Login) is processed domestically in the Republic of Korea

5. AI Training
• The Company does not provide User Content as identifiable public training data beyond the scope disclosed in this Policy or separately consented to.
• Generation requests are processed within the scope permitted by OpenAI's and Anthropic's commercial and API policies.

Article 1 (Purposes of Processing)

The Company processes the minimum personal information necessary for the following purposes. Personal information being processed shall not be used for any purpose other than those listed below, and if the purpose of use changes, the Company shall take necessary measures in accordance with applicable law.

1. Member registration and login, identity verification, and authentication
2. Provision and operation of the Service
3. Responding to user inquiries and customer support
4. Prevention of fraudulent use, security, and stability of the Service
5. Provision of Paid Services, payment, and refund handling
6. Service usage statistics and feature improvement
7. Compliance with legal obligations, dispute response, and rights protection

Article 2 (Items of Personal Information Processed)

The Company may process the following personal information.

1. Member registration and login (social login via Apple, Facebook, Google, Kakao)
• Name or nickname
• Email address (including any anonymous relay address where the provider offers one)
• Profile image (where the provider supplies one)
• Identifier issued by the social login provider and authentication information necessary for account linkage
• Actual items collected follow each social login provider's policies and the scope of the User's consent.

2. Information directly provided by Users while using the Service
• Detail-page generation requests and prompts
• Uploaded images, text, files, and other Content
• Saved projects and Output
• Information provided during customer support (email, inquiry content, etc.)

3. Information processed when using Paid Services
• Payment status, payment method-related information, transaction identifiers, and information necessary for payment and refund handling
• Sensitive payment information such as credit card numbers is not stored by the Company directly; it may be processed directly by the payment provider or Merchant of Record.

4. Information that may be automatically generated or collected during Service use
• Access date and time, IP address
• Browser type, OS information, device information
• Usage records, access logs, error logs
• Information generated by cookies, session storage, or similar technologies

Article 3 (Non-Collection of Sensitive and Unique Identification Information)

As a matter of principle, the Company does not process sensitive information concerning ideology, beliefs, union or political party membership, political views, health, sexual life, and similar matters (sensitive information under Article 23 of the Personal Information Protection Act), nor unique identification information such as resident registration numbers (Article 24 of the Personal Information Protection Act). Where exceptional collection or use is required by law, the Company shall obtain separate consent from the data subject and process the information in accordance with applicable legal procedures.

Article 4 (Processing and Retention Periods)

The Company processes and retains personal information within the retention and use periods prescribed by law or consented to by the data subject.

1. Member information: until membership withdrawal. Where retention is required under applicable law, it shall be retained for the period specified by that law.
2. User-generated projects, Output, and related data: until membership withdrawal or termination of the user agreement. The Company may retain such data for up to thirty (30) days thereafter to support recovery, dispute response, or Service operations before deletion.
3. Customer inquiry and dispute handling records: 3 years
4. Records on contracts or withdrawal of offers: 5 years (Act on the Consumer Protection in Electronic Commerce)
5. Records on payment and supply of goods: 5 years (Act on the Consumer Protection in Electronic Commerce)
6. Records on consumer complaints or dispute resolution: 3 years (Act on the Consumer Protection in Electronic Commerce)
7. Records on labeling and advertising: 6 months (Act on the Consumer Protection in Electronic Commerce)
8. Access logs: 3 months (Protection of Communications Secrets Act)

The Company shall promptly destroy personal information when the retention period has elapsed or the processing purpose has been achieved. Where retention is required by other laws, such personal information shall be stored separately for the period prescribed by the applicable law.

Article 5 (Processing of Personal Information of Children Under the Age of 14)

The Company does not permit membership registration by children under the age of fourteen (14). If the Company confirms after registration that a User is under the age of fourteen, the Company shall promptly suspend the Account and take necessary measures.

Article 6 (Provision of Personal Information to Third Parties)

The Company processes personal information only within the scope of the purposes set forth in this Policy, and provides personal information to third parties only with the data subject's consent, pursuant to special provisions of law, or as otherwise permitted by applicable law.

As a general rule, the Company does not provide User personal information to third parties. The following are exceptions:
1. Where the data subject has given prior consent
2. Where there are special provisions of law or where it is unavoidable to comply with legal obligations
3. Where it is necessary to protect the urgent life, body, or property interests of the data subject or a third party
4. Where the information is provided in pseudonymized or anonymized form for purposes such as statistics, scientific research, or public-interest record-keeping

The Company may provide personal information to the following third party in connection with Paid Services.

Paddle.com Market Limited (Payment Provider, Merchant of Record)
• Purpose: Payment processing, taxation, refund handling, and fraud prevention
• Items: Email address, transaction identifiers, order information related to payment
• Retention and use period: The period prescribed by applicable law or Paddle's policies

Article 7 (Outsourcing of Personal Information Processing)

The Company outsources personal information processing tasks to external parties in order to provide the Service smoothly. When entering into outsourcing contracts, the Company specifies personal information protection matters in the contract in accordance with applicable law and supervises whether the outsourcee processes personal information safely.

The work currently outsourced or processed via external services is as follows.

1. Apple Inc.
• Outsourced work: Apple Sign In social login authentication
• Information processed: Name, email (including Apple's private email relay), Apple user identifier

2. Meta Platforms, Inc.
• Outsourced work: Facebook social login authentication
• Information processed: Name, email address, profile image, Facebook user identifier

3. Google LLC
• Outsourced work: Google OAuth social login authentication and email send/receive (only where Google Workspace is used)
• Information processed: Name, email address, profile image, Google user identifier

4. Kakao Corporation
• Outsourced work: Kakao Login social login authentication
• Information processed: Nickname, email address, profile image, Kakao user identifier
• Note: Kakao Corporation is headquartered in the Republic of Korea and processes the above information domestically. This processing is not a cross-border transfer.

5. Amazon Web Services, Inc.
• Outsourced work: Object storage (Amazon S3) for images, files, and other Output uploaded or generated by Users
• Region: Asia Pacific (Tokyo) region (ap-northeast-1)

6. OpenAI, L.L.C.
• Outsourced work: AI generation services including title generation, storyboards, blueprints, image generation, and vision analysis
• Information processed: User prompts, generation request content, uploaded images and text, and other information necessary for generation

7. Anthropic, PBC
• Outsourced work: Conversational AI generation services via the Claude API. The Company calls the Anthropic API through the Claude Agent SDK running inside its own hermes-engine AI runtime, which is hosted on the same machine as the Service backend.
• Information processed: User prompts, conversation context, generation request content, and the results of tool calls made by the agent

8. Exa Labs, Inc. (exa.ai)
• Outsourced work: Web search services
• Information processed: Search keywords generated by the User or the agent (the underlying User Content itself is not transmitted)

The Company shall disclose any changes to outsourcees or outsourced work through this Privacy Policy.

Article 8 (Cross-Border Transfer of Personal Information)

The Company transfers personal information across borders as necessary for Service operations, as follows.

1. Apple Inc.
• Country of transfer: United States
• Items transferred: Name, email address (including Apple's private email relay), Apple user identifier
• Purpose: Apple Sign In social login authentication
• Method and timing: Network transmission at the time of Service use
• Retention and use period: The period prescribed by Apple's policies or applicable law

2. Meta Platforms, Inc.
• Country of transfer: United States
• Items transferred: Name, email address, profile image, Facebook user identifier
• Purpose: Facebook social login authentication
• Method and timing: Network transmission at the time of Service use
• Retention and use period: The period prescribed by Meta's policies or applicable law

3. Google LLC
• Country of transfer: United States
• Items transferred: Name, email address, profile image, Google user identifier
• Purpose: Google OAuth social login authentication; email send and receive where applicable
• Method and timing: Network transmission at the time of Service use
• Retention and use period: The period prescribed by Google's policies or applicable law

4. Amazon Web Services, Inc.
• Country of transfer: Japan (Asia Pacific Tokyo region, ap-northeast-1)
• Items transferred: Images, files, and other Output uploaded or generated by Users
• Purpose: Object storage (Amazon S3)
• Method and timing: Network transmission at the time of upload or generation
• Retention and use period: Until membership withdrawal or termination of the user agreement (with up to thirty (30) days of additional retention to support recovery)

5. OpenAI, L.L.C.
• Country of transfer: United States
• Items transferred: User prompts, generation request content, uploaded images and text
• Purpose: AI generation services including title generation, storyboards, blueprints, image generation, and vision analysis
• Method and timing: Network transmission at the time of each generation request
• Retention and use period: The period prescribed by OpenAI's policies or applicable law

6. Anthropic, PBC
• Country of transfer: United States
• Items transferred: User prompts, conversation context, and generation request content
• Purpose: Conversational AI generation services via the Claude API (routed through the Company's hermes-engine runtime)
• Method and timing: Network transmission at the time of each generation request
• Retention and use period: The period prescribed by Anthropic's policies or applicable law

7. Exa Labs, Inc.
• Country of transfer: United States
• Items transferred: Search keywords generated by the User or the agent
• Purpose: Web search services
• Method and timing: Network transmission at the time of each search request
• Retention and use period: The period prescribed by Exa's policies or applicable law

8. Paddle.com Market Limited
• Countries of transfer: United Kingdom (headquarters) and other countries such as the United States where data may be processed in the course of Service delivery
• Items transferred: Email address, transaction identifiers, order information related to payment
• Purpose: Payment, refund, and taxation
• Method and timing: Network transmission at the time of payment
• Retention and use period: The period prescribed by Paddle's policies or applicable law

Note: Under OpenAI's and Anthropic's commercial and API policies, customer input data is, as a general rule, not used to train their models; however, specific conditions and exceptions are governed by each provider's then-current policies.

Article 9 (Processing of Pseudonymized Information)

Where necessary for statistics, scientific research, Service quality improvement, performance evaluation, safety assurance, or algorithm improvement, the Company may process personal information in pseudonymized form.

When processing pseudonymized information, the Company shall separately store additional information necessary to identify individuals in accordance with Article 28-2 of the Personal Information Protection Act and other applicable laws, and shall manage pseudonymized information securely so that specific individuals cannot be re-identified.

Article 10 (Procedure and Method of Personal Information Destruction)

The Company shall promptly destroy personal information when the retention period has elapsed, the processing purpose has been achieved, or when the information otherwise becomes unnecessary.

1. Destruction procedure: The Company identifies personal information for which a destruction reason has arisen and destroys it in accordance with internal procedures.

2. Destruction method
• Electronic files: Deleted by technical means that prevent recovery or regeneration
• Paper documents: Shredded or incinerated

Where retention is required under other laws, such personal information shall be stored and managed separately in a distinct database or storage location.

Article 11 (Rights of Data Subjects and Legal Representatives and How to Exercise Them)

Data subjects may exercise the following rights against the Company at any time.

1. Request to access personal information
2. Request to correct or delete personal information
3. Request to suspend processing of personal information
4. Request to withdraw consent
5. Request to withdraw membership and delete the Account

Rights may be exercised by email or through other means provided by the Company, and the Company shall take action without delay in accordance with applicable law. Certain rights may be limited as provided by law.

Article 12 (Cookies and Similar Technologies)

The Company may use cookies or similar technologies to provide Service convenience, maintain login sessions, analyze usage patterns, and preserve security.

Users may refuse cookies or delete already-stored cookies through their browser settings. However, refusing cookies may limit certain features of the Service, such as session persistence for login.

Article 13 (Measures to Ensure the Security of Personal Information)

The Company takes the following measures to ensure the security of personal information.

1. Minimization of personal information access privileges
2. Access control and authentication systems
3. Encryption of personal information or equivalent protective measures
4. Installation and operation of security programs
5. Retention of access logs and prevention of tampering
6. Establishment and implementation of internal management plans

Article 14 (Privacy Officer and Contact)

The Company assumes overall responsibility for personal information processing, and designates a Privacy Officer and a responsible department to handle data subjects' inquiries, complaints, and remedies related to personal information processing, as follows.

1. Privacy Officer
• Name: PARK SANGWOO
• Position: Representative
• Email: [email protected]

2. Privacy Department
• Department: Customer Support
• Email: [email protected]

3. Company Information
• Company: ShareInvest Corp.
• Representative: PARK SANGWOO
• Business Registration Number: 779-87-00484
• Address: 579 Jungbu-daero, Giheung-gu, Yongin-si, Gyeonggi-do, Republic of Korea

Data subjects may direct all inquiries, complaints, and remedy requests arising from Service use to the contact above.

Article 15 (Remedies for Infringement of Rights)

Since the Service is operated under Korean law, data subjects may consult or report to the following Korean authorities to seek remedies for personal information infringement. The websites below are primarily provided in Korean.

• Personal Information Dispute Mediation Committee of Korea: 1833-6972 (www.kopico.go.kr)
• Korea Privacy Infringement Report Center (KISA): 118 (privacy.kisa.or.kr)
• Supreme Prosecutors' Office of the Republic of Korea: 1301 (www.spo.go.kr)
• Korean National Police Agency Cybercrime Report: 182 (ecrm.cyber.go.kr)

Article 16 (Changes to this Privacy Policy)

The Company may amend this Privacy Policy as required by applicable law, Service changes, or internal policy changes. When this Privacy Policy is amended, the Company shall announce the changes through in-Service notice or other appropriate means.

Supplementary Provisions

This Privacy Policy takes effect on March 11, 2026.

An unhandled error has occurred. Reload 🗙

Rejoining the Vendo...

Rejoin failed... trying again in seconds.

Failed to rejoin.
Please retry or reload the page.

The session has been paused by the Vendo.

Failed to resume the session.
Please retry or reload the page.