Privacy Policy
Creator Brandlab Inc. (hereinafter the “Company”) and its creator analytics service Cpick (hereinafter “Cpick”) comply with the 「Personal Information Protection Act」 and other relevant laws and regulations, and establish and disclose this Privacy Policy in order to protect the personal data of Members.
This Policy is posted at all times within the Cpick service, and Members may review it at any time.
Article 1 (Personal Data Collected and Collection Methods)
The Company collects only the minimum personal data necessary to provide the service.
Users may decline to consent to the collection and use of their personal data; however, if a User declines consent to the required items, membership registration and use of the service may be restricted.
1. Items Collected
① Upon membership registration and use of the service
Required items
Email address
Nickname
Google account information (name, email address)
Google OAuth authentication information (identifier, access token, etc.)
Optional items
Profile image
When identity verification is performed: name, date of birth, gender, mobile phone number
※ The Company does not directly collect or store Members’ account passwords.
(Cpick uses only Google OAuth-based login.)
② Upon use of paid services
Payment information (payment method, transaction date and time, payment amount, PG company payment identification number, etc.)
③ Information automatically collected during use of the service
Service usage records, access logs, cookies, IP address
Payment records, records of use suspension and withdrawal
Device information (model name, OS information, etc.)
2. Collection Methods
Website membership registration and use of the service
Google OAuth login integration
Receipt of customer inquiries
Automatic collection through generated-information collection tools and cookies
Article 2 (Purposes of Use of Personal Data)
The Company uses the personal data it collects only for the following purposes.
Provision of services and performance of contracts
Provision of content, processing of payments and refunds for paid services
Identity verification and account management
Member management
Prevention of fraudulent use, management of service usage history
Retention of records for dispute resolution
Delivery of customer inquiries and notices
Marketing and service improvement (only where consent has been given)
Notification of new services and events
Analysis of service usage statistics and improvement of features
Processing of pseudonymized information
For the purposes of compiling statistics, scientific research, and preservation of records in the public interest
Pseudonymized information is stored and managed separately to prevent re-identification
Article 3 (Retention and Use Period of Personal Data)
The Company destroys personal data without delay once the purpose of its collection and use has been achieved.
However, the Company may retain it as follows in accordance with relevant laws and regulations.
1. Company Internal Policy
For the purpose of customer consultation and dispute response: 30 days after withdrawal
2. Retention pursuant to relevant laws and regulations
Records on contracts or withdrawal of subscription: 5 years
Records on payment and supply of goods: 5 years
Records on consumer complaints and dispute handling: 3 years
Service access logs and IP information: 1 year
Article 4 (Procedures and Methods for Destruction of Personal Data)
Destruction procedure
After the purpose has been achieved, personal data is moved to a separate database and destroyed once the retention period has elapsed.Destruction method
Electronic files: deleted using technical methods that render recovery impossible
Paper documents: shredded or incinerated
Article 5 (Rights of Users and How to Exercise Them)
Members may exercise the following rights at any time.
Request to view, correct, or delete personal data
Request to suspend the processing of personal data
Withdrawal of consent and membership withdrawal
Requests can be made through the [Settings] menu within the service or by email.
Article 6 (Installation, Operation, and Refusal of Cookies)
The Company uses cookies to provide customized services.
Users may refuse the storage of cookies through their browser settings; in this case, use of some services may be restricted.
Article 7 (Measures to Ensure the Security of Personal Data)
The Company implements the following measures to protect personal data.
Establishment of an internal management plan and regular training
Management of access privileges and retention of access records
Encryption of personal data and operation of security programs
Physical access controls
Article 8 (Personal Data Protection Officer)
Personal Data Protection Officer: Lee Chan-woo
Email: lucio@brandlabinc.com
Department in charge: Platform Biz
Article 9 (Transfer of Personal Data Overseas)
The Company may transfer personal data overseas as follows for the operation and improvement of the service.
Recipient of transfer: Google Analytics, Google Tag Manager
Items transferred: pseudonymized service usage information
Country of transfer: the United States and other countries where Google servers are located
Purpose of transfer: analysis of service usage and improvement of quality
Retention period: in accordance with Google’s Privacy Policy
In addition, the Company operates its service using Google Cloud Platform (GCP), and
in the course of operating the service, personal data may be stored and processed in Google data centers located overseas.
In such cases, the Company complies with the protective measures required by relevant laws and regulations.
Article 10 (Notice Regarding YouTube API Services)
This service uses YouTube API Services.
When a Member uses the service by linking a Google account, the Company may collect and process information provided through YouTube API Services.
By using Cpick, Members are deemed to have agreed to the YouTube Terms of Service and Google Privacy Policy.
Members may revoke Cpick’s data access permissions at any time through their Google security settings.
Article 11 (Outsourcing of Personal Data Processing)
The Company may outsource personal data processing tasks to external parties in order to provide the service.
Outsourced ProcessorOutsourced TaskRetention and Use PeriodToss PaymentsPayment processing and refundsUntil the purpose is achievedStibeeService notices and transactional email deliveryUntil the purpose is achieved
Article 12 (Changes to the Privacy Policy)
The Company may outsource personal data processing tasks to specialized external companies in order to provide the service.
When entering into outsourcing contracts, the Company manages and supervises the outsourced processors so that they handle personal data safely in accordance with personal data protection laws and regulations.
The Company outsources personal data processing tasks to Toss Payments for payment processing and refunds, and such personal data is retained and used until the purpose of payment and refund is achieved.
In addition, the Company outsources personal data processing tasks to Stibee for the delivery of service notices and transactional emails, and such personal data is retained and used until the purpose of email delivery is achieved.