Privacy Policy
UCSS (hereinafter “we” or “the Company”) respects your privacy. We have established certain standards regarding how we collect, handle, store, and protect your personal information. The personal information we collect when you use the Service is managed in accordance with this Privacy Policy.
As a fundamental principle, we collect only the minimum information necessary for the operation of the Service. We do not collect browsing history, data content, or DNS queries. However, when you use our Korean servers, we may collect certain data pursuant to legal obligations.
This Privacy Policy applies in conjunction with our Terms of Service (hereinafter “the Terms”). When you agree to the Terms, you are deemed to have simultaneously agreed to this Privacy Policy (hereinafter “the Privacy Policy”). The latest version of this Privacy Policy is available at any time on this Site.
Article 1: Handling of Personal Information
We collect your personal information to the extent necessary for the provision of the Service and the App, payment processing, fraud prevention, support, and other business operations. This Article sets forth the categories of information we collect, the purposes of use, retention periods, and provision to third parties.
Account Creation
The name, email address, and IP address you provide when registering for the Service. These are necessary for account creation, password recovery, and to exclude registration from invalid regions. Your email address is used for the following purposes:
- To provide access to the Service
- To send information regarding payments
- To send updates and notifications
- To provide customer support
- To provide marketing information
Retention Period: Throughout the duration of your account. After account termination, we retain your information for the longer of the retention period prescribed by applicable laws or the statute of limitations relating to contractual or transactional rights and obligations.
Social Login
When you use social login services (such as Google, X (formerly Twitter), or Naver), your account data is automatically collected by each respective platform. We will not use this information for any purpose other than enabling your login.
Identity Verification
Information collected by identity verification platforms (e.g., Stripe), bank payment proof, and phone numbers. These are necessary to verify your identity when providing business plans, high-value services, or processing applications that may conflict with our policies. We will not use this information for any purpose other than identity verification.
For information on how each platform handles personal data, please refer to their respective privacy policies.
Retention Period: Until the purpose of identity verification has been achieved. However, where a retention period is prescribed by applicable laws, such period shall apply.
Payment
Information automatically collected by credit card payment processors (e.g., Stripe). This includes the purchase amount, IP address of the payer, name, and credit card information. For information on how each payment processor handles personal data, please refer to their respective privacy policies.
In accordance with Article 6 of the Terms, in order to respond to chargeback disputes and to defend our legitimate rights, we may obtain information regarding your transactions held by payment processors, acquiring banks, card issuers, and payment network operators, and provide such information to relevant parties.
Retention Period: The retention period prescribed by applicable laws (such as tax-related laws).
Communications
To control communication volume and maintain high-quality communication, we collect the following technical information:
- Timestamps when you connect to our servers
- Total packet volume (download/upload)
This information is used for the operation of the Service, enforcement of the refund policy under Article 4 of the Terms, management of the Fair Use Policy (FUP) under Article 8 of the Terms, and fraud prevention.
Retention Period: For the period necessary for the operation of the Service.
For Korean servers only, in accordance with the Korean “Enforcement Rule of the Protection of Communications Secrets Act,” we collect the following information and retain it for a maximum of 90 days. We are obligated to provide information from Korean servers upon issuance of a warrant by Korean investigative authorities. However, we do not record such information on servers in other regions.
- Access destinations from servers located in the Republic of Korea
- Timestamps related to such access destinations
Handling of Connection Information
Connection information necessary for the use of the Service (such as subscription URLs) constitutes confidential data linked to your account, which we manage strictly. The treatment of any leakage, public disclosure, or sharing of connection information with third parties by you is governed by Article 7 of the Terms.
Customer Support
To improve the quality of support, we retain the content of support inquiries submitted through the Site or the Service together with our responses. We may retain your email address and any additional information you submit, depending on the method of contact.
For support, we may use third-party platforms such as Slack. For the personal information collected by such platforms, please refer to their respective privacy policies.
Retention Period: The period necessary to maintain and improve support quality and to prevent recurrence of issues following resolution.
Affiliate Program
When you participate in our Affiliate Program, we require submission of the registrant’s name, email address, referral method, and remittance information. We may share remittance information with payment processing operators to the extent necessary for the payment of affiliate rewards. For specific terms, please refer to the Affiliate Terms.
Restrictions on Sharing with Third Parties, Processing Entrustment, and Legal Disclosure
Except as set forth in this Privacy Policy, we will not share, sell, or transfer your personal information to third parties.
In providing the Service, we may entrust the handling of personal information, to the extent necessary, to server hosting providers, data center operators, payment processors, identity verification service providers, customer support platform providers, and other legitimate business contractors. We contractually require such contractors to implement appropriate security management measures.
By way of exception, if our Service is used for child pornography, phishing or spam, or any other serious crime, and a legally valid warrant is issued, we are obligated to disclose the relevant personal information to Korean legal authorities. The personal information we collect is managed exclusively by us, including systems and servers owned by our group subsidiaries.
Article 2: Protection of Personal Information
We strictly manage the personal information we collect. To prevent loss, misuse, alteration, unauthorized access, and leakage of personal information, we implement physical, technical, and organizational security measures. We do not use physical media such as paper to manage your personal information.
Physical Measures
The servers we use are housed in data centers with robust security. The core servers used for the Service are servers assembled with parts sourced through our partner company and installed in data centers operated under the highest level of management systems. The network connected to the data center is also contracted directly by us and connected to the server-related equipment.
Technical Measures
We protect your personal information through multi-layered defenses, including firewalls, intrusion detection and prevention systems, and isolated databases. Data is encrypted both at rest and in transit using the latest encryption technology. The infrastructure we use is regularly updated, and we continuously monitor for vulnerabilities.
Organizational Measures
We limit access to your personal information to personnel who require it for their duties, and we restrict the access rights of each such person to the minimum necessary scope. Personnel are bound by confidentiality obligations, and we conduct education and awareness training regarding information security. We also contractually require our business contractors to implement equivalent security management measures.
Response to Data Breaches
In the unlikely event that we determine a leak, loss, or other security breach of your personal information has occurred or is likely to have occurred, we will, in accordance with applicable laws, promptly conduct necessary investigations and remedial actions, and notify the relevant authorities and affected customers.
Limitations of Security Measures
While we take every reasonable measure based on the latest security technologies, no technology can provide complete protection, and no company can guarantee absolute security. The foregoing does not guarantee 100% the security of personal information collected by us through the Service. For the scope of our liability related to your use of the Service, please refer to Articles 11 and 12 of the Terms.
Article 3: Cookies
We may use cookies (Cookies), mobile identifiers, and other similar technologies for the provision of the Service and for analyzing usage. While cookies contain information regarding your access to the Service, they do not contain information that directly identifies an individual.
What Cookies Are
Cookies are text files used to store information about your access to a website on your device. By enabling cookies, we can record settings such as login state and language preferences, and provide certain functionality. The cookies we use may change due to service updates or improvements.
Types of Cookies We Use
We use the following types of cookies according to their purpose:
- Strictly Necessary Cookies: Cookies required for the basic functionality of the Service, such as maintaining login sessions and providing security features
- Functional Cookies: Cookies used to remember your usage environment, such as language settings
- Analytics Cookies: Cookies used to understand the usage of this Site in an anonymized form through third-party analytics services
- Affiliate Cookies: Cookies used to identify access through our Affiliate Program
Some information obtained through cookies may be transmitted to processing contractors (such as analytics providers and affiliate management providers) referred to in Article 1 “Restrictions on Sharing with Third Parties, Processing Entrustment, and Legal Disclosure.”
Retention Period: The retention period of cookies varies depending on their type and purpose. Session cookies are deleted when you close your browser, while persistent cookies are retained for a predetermined period or until manually deleted.
Mobile Identifiers and Other Technologies
On mobile devices, in addition to cookies, advertising identifiers (such as IDFA and ADID) and other similar technologies may be used. These do not contain information that directly identifies an individual, but may enable identification on a per-device basis.
Management of Cookies
You may control, delete, or block cookies at any time through your browser or device settings. However, if you disable strictly necessary cookies, certain functions of the Service may not operate properly.
Article 4: Third-Party Products
The links displayed on our Site or within the Service may include external applications, websites, services, or products that we do not own or manage (hereinafter collectively, “Third-Party Products”). Each Third-Party Product is subject to its own terms of use and privacy policy.
Provision of Personal Information to Third Parties
When you use Third-Party Products, personal information may be provided directly by you to such third parties. We are not involved in the collection, use, storage, or other handling of your personal information by such Third-Party Products, and such handling falls outside the scope of this Privacy Policy. Before using any Third-Party Product, please review the terms of use and privacy policy of each respective third party.
Distinction from Processing Contractors
In this Article, “Third-Party Products” refers to external products and services that you use at your own discretion. The handling of personal information by processing contractors that we engage for the provision of the Service (such as server hosting providers, payment processors, and identity verification service providers) is governed by Article 1 “Restrictions on Sharing with Third Parties, Processing Entrustment, and Legal Disclosure.”
Scope of Liability
For the scope of our liability regarding the content, quality, safety, and privacy protection status of Third-Party Products, please refer to Article 11 of the Terms.
Article 5: Users from the European Union (EU) and the European Economic Area (EEA)
We respect the privacy rules established by each jurisdiction. The General Data Protection Regulation (hereinafter “GDPR”) of the European Union (hereinafter “EU”) and the European Economic Area (hereinafter “EEA”) requires us to explain to EU/EEA customers how we collect and process personal information.
This Article sets forth the matters applicable to customers residing in the EU/EEA under the GDPR.
Legal Basis for Processing Personal Data
In accordance with Article 6 of the GDPR, we collect and process the personal data disclosed in this Privacy Policy on one of the following legal bases, depending on the circumstances:
- Performance of a Contract (GDPR Article 6(1)(b))
- Provision of the Service requested by you
- Management of subscriptions and processing of payments related to the Service
- Provision of customer support
- Our Legitimate Interests (GDPR Article 6(1)(f))
- Improvement of the quality, reliability, and effectiveness of the Service
- Prevention of misuse and ensuring security
- Communication of important information to you
- Compliance with Legal Obligations (GDPR Article 6(1)(c))
- Retention of records as prescribed by tax and other relevant laws
- Retention of logs in accordance with the Korean “Enforcement Rule of the Protection of Communications Secrets Act” (applicable only when Korean servers are used)
- Response to lawful warrants and other legal requests
- Your Consent (GDPR Article 6(1)(a))
- Provision of marketing information
- Other purposes for which you have separately given consent
You may withdraw your consent at any time. Withdrawal takes effect only prospectively and does not affect the lawfulness of processing carried out before the withdrawal.
International Data Transfers
We are located in the Republic of Korea, and your personal data may be transferred outside the EU/EEA (to the Republic of Korea or other regions) for the provision of the Service. The Republic of Korea has obtained an adequacy decision under the GDPR from the European Commission (2021), and such transfers are conducted on a lawful basis.
Your Rights
Customers residing in the EU/EEA have the following rights with respect to the personal information we handle, under the GDPR. Please note that these rights may be subject to specific exceptions or limitations prescribed by applicable laws.
- Right of Access: The right to access your personal information held by us
- Right to Rectification: The right to request the correction of inaccurate or incomplete personal information held by us
- Right to Erasure: The right to request the deletion of your personal information. Deletion may render us unable to provide the Service.
- Right to Restriction and to Object: The right to restrict the processing of your personal information, or to object to such processing
- Right to Data Portability: The right to request and receive your personal information in a commonly used format
- Right to Withdraw Consent: The right to withdraw consent that serves as the legal basis for processing
- Right to Lodge a Complaint: The right to lodge a complaint with the data protection supervisory authority in your jurisdiction
Procedure for Exercising Rights
To exercise the above rights, please contact us at the contact information set forth in Article 8 “Contact Us.” For matters relating to the GDPR, you may also contact our Data Protection Officer (DPO) directly.
You may also exercise these rights through an agent duly authorized by you. In such case, a power of attorney signed by you must be submitted to us.
Identity Verification
To ensure your privacy and security, we may take reasonable measures to verify your identity, such as sending a confirmation message to your registered email address, verifying login to your account, or other reasonable measures.
Response Period and Fees
We will respond to your requests within one month of receipt, in accordance with applicable laws. If the complexity or number of requests requires additional time to respond, we may extend this period as reasonably necessary, and we will notify you of the reasons for any such delay.
The exercise of these rights is, in principle, free of charge. However, if requests are manifestly unfounded or repetitive, we may, to the extent permitted by applicable laws, charge a reasonable fee or refuse to act on the request.
Limitations on the Exercise of Rights
The exercise of the above rights may be restricted, to the extent permitted by applicable laws, in the following cases:
- Where we are required to retain information to fulfill legal obligations (such as tax-related laws)
- Where retention is necessary for the defense of our legitimate rights (such as chargeback disputes or litigation)
- Where the exercise would unduly harm the rights or freedoms of third parties
- With respect to the right to erasure, where we are within the retention period necessary for the performance of the Service
Article 6: Use by Minors
We do not provide a service intended for use by minors. We do not knowingly collect personal information from any person under 18 years of age, or any person who has not reached the legal age of majority in their place of residence (hereinafter “Minors”). Minors are requested not to submit personal information to us.
If we become aware that personal information of a Minor has been submitted to us, we will promptly delete the relevant data, in principle within one month from the date of awareness.
If you believe that a Minor is using our Service, or that a Minor has submitted personal information to us, please notify us at the contact information set forth in Article 8 “Contact Us.” We will respond appropriately to inquiries from parents or legal representatives.
Article 7: Changes to the Privacy Policy
We may amend this Privacy Policy from time to time due to changes in applicable laws, changes in the content of the Service, or other business circumstances.
If an amendment has a material effect on your rights or obligations, we will, prior to the effective date of the amendment, notify you by means of an announcement on this Site, by email, or by other reasonable means.
The amended Privacy Policy shall take effect upon being posted on this Site. Your continued use of the Service and access to this Site shall be deemed your agreement to the amended Privacy Policy.
The date of the latest revision of this Privacy Policy is shown at the end of this Privacy Policy.
Article 8: Contact Us
For any inquiries regarding this Privacy Policy, or if you wish to exercise your rights relating to privacy, please contact us at the following:
General Inquiries
Email: [email protected]
Inquiries to the GDPR / Data Protection Officer (DPO)
In compliance with the GDPR, you may also contact our Data Protection Officer (DPO) directly with any inquiries regarding this Privacy Policy.
Email: [email protected]
Last Updated: 2026/05/25