Tokkipaw ("Company") protects user personal data and rights in accordance with the Personal Information Protection Act and other applicable laws. This Privacy Policy is hereby established and disclosed.
1. Purpose of Processing
- Email magic-link authentication
- Payment processing and receipt delivery
- Customer support including refunds and inquiries
- Identification of purchased paws and access management
- Statistical analysis for Service improvement (anonymized)
2. Personal Data Processed
Required:
Automatically collected:
- Device identifier (device_id) · for single-active-device policy
- IP address, browser/OS info (security, abuse prevention)
- Service usage records (paw usage count, access timestamps)
On payment:
- Amount and transaction ID (card/account details are handled by payment processors and not stored by the Company)
3. Retention and Use Period
- Email and device info: Deleted upon account deletion or user request
- Payment records: Retained for 5 years (E-Commerce Act Article 6 · identifying info anonymized)
- Fraud detection records: 1 year (Act on Promotion of Information and Communications Network Utilization)
- Cookies/auto-collected info: Until browser close or 1 year
4. Disclosure to Third Parties
The Company does not disclose personal data to third parties without user consent, except:
• As required by law (e.g., court warrants)
• With the user's explicit consent
5. Outsourced Processing
- Toss Payments (payment processing) · payment information
- Resend Inc. (email delivery) · email address
6. International Data Transfer
For Service operation, personal data is transferred to the following overseas providers (transfer timing: real-time during use; method: network transmission):
- Supabase Inc. (USA) · email, device, usage logs / database
- Vercel Inc. (USA) · email, usage logs / hosting and CDN
- Cloudflare Inc. (USA) · IP, access info / CDN and DDoS protection
- Resend Inc. (USA) · email address / transactional email
Users may refuse international transfer; however, refusal will limit Service availability.
7. User Rights
Users may exercise the following rights:
- Right to access
- Right to rectification/erasure
- Right to restrict processing
- Right to withdraw consent
Request: help@tokkipaw.com / processed within 14 business days
8. Automated Collection and Opt-Out
The Company automatically collects information via:
• device_id · single-active-device policy (issued once per browser)
• Authentication/session cookies · for magic-link auth state
Users may block/delete cookies via browser settings (note: blocking may prevent magic-link authentication and paw use).
9. Personal Data of Minors Under 14
The Company does not process personal data of users under 14. If detected, data collected without legal guardian consent will be immediately deleted.
10. Security Measures
- Transit encryption · HTTPS enforced, HSTS applied
- Authentication security · magic-link only (no passwords), single-active-device policy
- Access control · Row Level Security (RLS) applied to all tables
- Operator access logs · admin_audit_logs retained 1 year
- Incident response procedures (separate security operations manual)
11. Data Protection Officer
- DPO: Myunghwa Park (CEO)
- Contact: help@tokkipaw.com
12. Remedies for Rights Infringement
Reports and consultations regarding privacy violations may be filed with:
- Personal Information Protection Commission · privacy.go.kr (1833-6972)
- Personal Information Dispute Mediation Committee · kopico.go.kr (1833-6972)
- Supreme Prosecutors' Office Cybercrime Investigation · spo.go.kr (1301)
- National Police Agency Cyber Bureau · police.go.kr (182)
13. Changes to This Policy
Material changes will be notified via in-service announcements or email at least 7 days in advance (30 days for changes unfavorable to users).
Supplementary Provisions
This Privacy Policy is effective from May 1, 2026.
