ColorTone (hereinafter referred to as the "Company") values the personal information of its users and complies with relevant laws and regulations, including the "Personal Information Protection Act" and the "Act on Promotion of Information and Communications Network Utilization and Information Protection." Through this Privacy Policy, the Company informs users of the purposes and methods for which the personal information they provide is used, as well as the measures being taken to protect that information.
Protection of Personal Information for Children Under 14
Due to the nature of the service, the Company restricts membership registration for children under the age of 14, who require the consent of a legal representative, and does not collect personal information from children under 14.
1. Items of Personal Information Collected and Collection Method
1.1 Personal Information Items Collected
| Category | Collected Items | Purpose of Collection |
|---|---|---|
| Upon Registration (Required) | ID, password, name, date of birth, gender, email, mobile phone number, encrypted user verification value (CI) | User identification and service provision |
| Profile Settings (Optional) | Favorite colors, favorite seasons, preferred places, MBTI | Customized content recommendations and personalization of AI-generated results |
| Service Usage (Required) | Uploaded image/video files, prompt text, generated content | Provision of AI image and video analysis/generation services |
| Payment (Required) | Order number, payment amount, payment date/time, transaction history | Credit purchase and payment processing |
| Automatic Collection (Required/Optional) | IP address, cookies, service usage records, access logs, behavioral information | Service improvement and security enhancement |
1.2 Collection Method
- Direct input by the user during membership registration, profile setting, and service use
- During image/video uploads and the use of AI services
- Collection via Payment Gateway (PG) companies during the payment process
- Automatic collection through generation information collection tools and web log analysis tools
2. Purpose of Collection and Use of Personal Information
The Company utilizes the collected personal information for the following purposes:
2.1 Service Provision
- User identification and identity verification
- Providing customized AI results reflecting personal tastes (color, season, place, MBTI, etc.)
- AI-based image analysis and transformation services
- Image and video generation services
- User gallery management features
- Credit recharge and usage history management
2.2 Service Improvement and Development
- Development of new services and provision of customized services
- Service usage statistics and analysis
- ※ The Company does not provide user image and text data as training data for external AI models (OpenAI, Google, etc.).
2.3 Customer Support
- Handling customer inquiries and complaints
- Delivery of announcements and service-related guidance
2.4 Payment and Settlement
- Payment processing for credit purchases
- Refund processing and transaction history management
3. Retention and Use Period of Personal Information
In principle, the Company destroys personal information without delay after the purpose of collection and use is achieved. However, the following information is preserved for the periods specified below:
3.1 Information Retention According to Internal Policy
- Member Information (including optional items): Until membership withdrawal (unless retention is required by law)
- Image/Video Files and Generated Content: Until deleted by the member or upon membership withdrawal
- Credit Transaction History: 5 years after the conclusion of the transaction
3.2 Information Retention According to Relevant Laws
| Preservation Item | Legal Basis | Preservation Period |
|---|---|---|
| Records on contracts or withdrawal of subscription, etc. | Act on Consumer Protection in Electronic Commerce | 5 years |
| Records on payment and supply of goods, etc. | Act on Consumer Protection in Electronic Commerce | 5 years |
| Records on consumer complaints or dispute resolution | Act on Consumer Protection in Electronic Commerce | 3 years |
| Records on labeling/advertising | Act on Consumer Protection in Electronic Commerce | 6 months |
| Website visit records | Protection of Communications Secrets Act | 3 months |
4. Provision of Personal Information to Third Parties
The Company does not provide users' personal information to third parties in principle, except in the following cases:
- When the user has given prior consent
- In accordance with the provisions of laws or at the request of an investigative agency following legal procedures and methods
Information Provision for Payment Processing
For credit purchases, the following information is provided to the Payment Gateway (PG) for processing:
- Recipient: Toss Payments (domestic KRW) / Toss Payments → PayPal (overseas USD payments)
- Items Provided: Order number, payment amount, order name, currency, and for PayPal payments, the information required by PayPal to complete the transaction
- Purpose: Payment processing and transaction history management
- Retention Period: 5 years after transaction conclusion
USD payments are authorized, captured, cancelled, and refunded in accordance with Toss Payments' and PayPal's terms. Exchange rate differences between the original charge and any refund are borne by the member.
5. Entrustment and Overseas Transfer of Personal Information
5.1 Entrustment of Personal Information Processing
The Company entrusts personal information processing to external professional companies as follows:
| Trustee | Content of Entrusted Work |
|---|---|
| Amazon Web Services (AWS) | Server hosting, data storage, and management |
| OpenAI | AI image analysis and generation API service |
| Text/image analysis and video generation via Gemini model API | |
| FAL.AI | Image and video generation via FAL.AI API (Grok, etc.) |
| Kuaishou (Kling) | Image and video generation via Kling model API |
| Toss Payments | Payment processing and settlement (KRW) |
| Toss Payments (Overseas Easy Pay) → PayPal | USD payment authorization, capture, cancellation, and refund for overseas users |
5.2 Overseas Transfer of Personal Information
The Company transfers (entrusts) personal information abroad for smooth cloud server operation and optimal AI services.
| Recipient (Country) | Transferred Information | Purpose of Transfer | Retention Period |
|---|---|---|---|
| Amazon Web Services, Inc. (USA) | Server data (images, videos, text, etc.) | Cloud infrastructure and data storage | Until withdrawal or contract termination |
| OpenAI, L.L.C. (USA) | Prompt text, uploaded original images | AI image analysis and generation | Destroyed immediately after AI processing |
| Google LLC (USA) | Prompt text, uploaded images/videos | Gemini-based analysis and generation | Destroyed immediately after AI processing |
| fal, Inc. (USA) | Prompt text, uploaded images/videos | FAL.AI-based analysis and generation | Destroyed immediately after AI processing |
| Kuaishou Technology (China) | Prompt text, uploaded images/videos | Kling-based high-quality generation | Destroyed immediately after AI processing |
💡 Guidance on AI Training Data Protection
The Company does not provide users' images, videos, or text data to external AI models (OpenAI, Google, FAL.AI, Kuaishou, etc.) for their own training purposes. All data is transmitted one-time via API solely for the purpose of the service requested by the user and is either destroyed immediately or safely protected after processing.
6. Destruction Procedure and Method
In principle, the Company destroys personal information without delay after the purpose of collection and use is achieved.
6.1 Procedure
- Information entered by the user is transferred to a separate DB after the purpose is achieved and is destroyed after being stored for a certain period according to internal policies and relevant laws.
- This personal information will not be used for any purpose other than retention unless required by law.
6.2 Method
- Electronic files: Deleted using technical methods that make records unrecoverable
- Paper documents: Shredded or incinerated
7. Rights of Users and Legal Representatives
Users may view, modify, or request the cancellation of their registered personal information at any time.
- Inquiry/Modification: Available via "Edit Member Info" menu after login
- Withdrawal: Contact Customer Center (Email: rovinkr@daum.net)
- Right to Access: Users may request access in accordance with Article 35 of the Personal Information Protection Act.
Exercise of Rights
Users may exercise the following rights toward the Company in accordance with relevant laws:
- Request to access personal information
- Request for correction in case of errors
- Request for deletion
- Request for suspension of processing
8. Installation, Operation, and Refusal of Automatic Collection Devices
8.1 Use of Cookies
The Company uses 'cookies' to save and retrieve user information to provide personalized services.
- Purpose: Maintaining login status and analyzing service usage patterns
- Refusal: You can refuse cookie storage through browser settings (Tools > Internet Options > Privacy).
- Consequences of Refusal: Difficulties may occur in using customized services.
8.2 Use of Web Log Analysis Tools
The Company uses web log analysis tools to improve usability. Users can refuse collection at any time.
- Google Analytics: Analysis of sessions and visit history (Opt-out: Google Analytics Opt-out Add-on)
- Microsoft Clarity: Analysis of behavior patterns like mouse movement and scrolling (Opt-out: Enable tracking protection in browser)
8.3 Personalized Advertising (Google AdSense)
The Company displays advertisements on its website through Google's advertising service (Google AdSense), a third-party ad vendor, to support the operation of the service.
- Use of Cookies: Third-party ad vendors, including Google, use cookies (e.g., advertising identifiers such as the DoubleClick cookie) to serve relevant ads based on a user's visits to this site and other websites.
- Information Collected/Used: In the course of serving and measuring ads, information such as IP address, cookie identifiers, device information, and visit history (behavioral information) may be collected and used by Google.
- Opting Out of Personalized Ads: Users may disable personalized advertising via Google Ads Settings (ads.google.com/settings), and may opt out of third-party vendors' use of personalized advertising cookies at www.aboutads.info/choices.
- How Google Uses Data: For more information on how Google uses data when you use our site, see "How Google uses data from sites or apps that use our services".
9. Technical and Administrative Protection Measures
The Company takes the following measures to ensure the safety of personal information:
9.1 Technical Measures
- Password Encryption: Passwords are encrypted for storage.
- Countermeasures: Use of antivirus programs and SSL/TLS encryption for data transmission.
9.2 Administrative Measures
- Minimization: Minimized and trained staff who handle personal information.
- Privacy Organization: Designation of a Privacy Officer to oversee protection duties.
10. Privacy Officer and Department
The Company has designated a Privacy Officer to protect information and handle complaints.
Privacy Officer
- Name: Hyuk-ju Kwon
- Position: Representative
- Phone: 010-5963-7091
- Email: rovinkr@daum.net
For other reports or consultations regarding personal information infringement, please contact:
- Personal Information Infringement Report Center (privacy.kisa.or.kr / 118)
- Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
- Supreme Prosecutors' Office Cybercrime Investigation Division (www.spo.go.kr / 1301)
- National Police Agency Cyber Bureau (cyberbureau.police.go.kr / 182)
11. Changes to the Privacy Policy
This policy is effective from the enforcement date. Any changes will be announced 7 days prior.
- Announcement Date: January 1, 2025
- Effective Date: January 1, 2025