Privacy Policy
Effective Date: April 4, 2026
This English version is provided for reference. In case of any discrepancy between the Korean and English versions, the Korean version shall prevail.
HEYJAMES Inc. (the "Company") has established and publicly discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act (PIPA) of the Republic of Korea, to protect the personal information of data subjects and to handle related grievances promptly and effectively.
Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes:
- Registration and identity verification: Member identification, verification of intent to register, prevention of fraudulent use
- Service provision: Class search, booking, schedule management, timezone conversion
- Payment processing: Class payments, refund processing, payment history management
- Instructor settlement: Earnings settlement, tax reporting (3.3% business income tax)
- Service improvement: Access statistics analysis, service quality enhancement
- Customer support: Complaint handling, dispute resolution
Article 2 (Types of Personal Information Collected)
1. General Members
- Required: Name, email address, password (hashed)
- Optional: Timezone, currency preference
- Google Login: Google account identifier (provider, uid)
2. Instructors (Additional Collection)
- Profile: Display name, bio, Instagram URL, homepage URL, profile photo
- Settlement info: Legal name, resident registration number (encrypted), bank name, account number, account holder name
3. Payment Information
- Payment amount, currency, payment date
- Toss Payments payment key and order ID
- Lemon Squeezy order ID
4. Automatically Collected Information
- Visitor identifier, IP address, User-Agent (browser information)
- Page path accessed, referrer URL
5. User-Generated Content
- Class reviews (rating, content)
- Bookmarks (wishlist), cart items
Article 3 (Retention Period)
The Company processes and retains personal information within the retention period required by law or agreed upon at the time of collection.
| Category | Retention Period | Legal Basis |
|---|---|---|
| Member information | Until withdrawal (deleted immediately upon withdrawal) | — |
| Contract and withdrawal records | 5 years | E-Commerce Act |
| Payment and supply records | 5 years | E-Commerce Act |
| Consumer complaint and dispute records | 3 years | E-Commerce Act |
| Access logs (page_views) | 3 months | Protection of Communications Secrets Act |
| Resident registration number (Instructors) | 5 years after settlement | Income Tax Act |
Article 4 (Third-Party Disclosure)
The Company processes personal information only within the purposes specified in Article 1 and discloses it to third parties in the following cases:
| Recipient | Purpose | Items Provided |
|---|---|---|
| Toss Payments | Domestic payment processing | Payment amount, order ID |
| Lemon Squeezy | International payment processing | Email, payment amount, order ID |
| Google (OAuth) | Member authentication | Authentication identifier (provider, uid) |
Information may also be disclosed when required by law, such as requests from investigative authorities.
Article 5 (Cross-Border Data Transfer)
The Company transfers personal information overseas for the provision of services as follows:
| Recipient | Country | Purpose | Items |
|---|---|---|---|
| Lemon Squeezy Inc. | United States | International payment processing | Email, payment information |
| Google LLC | United States | Member authentication (OAuth) | Authentication identifier |
Article 6 (Destruction of Personal Information)
- The Company destroys personal information without delay when it is no longer needed, such as when the retention period has expired or the processing purpose has been achieved.
- Personal information is immediately destroyed upon member withdrawal. Information that must be retained by law is stored separately and destroyed upon expiration of the retention period.
- Destruction methods: Electronic files are permanently deleted using methods that prevent recovery. Paper documents are shredded.
Article 7 (Rights of Data Subjects)
- Data subjects may exercise the following rights at any time:
- Request to access personal information
- Request correction of errors
- Request deletion
- Request suspension of processing
- Rights may be exercised by contacting james@heyjames.ai. The Company will take action without delay.
- Members may directly delete their accounts from the Settings page.
- In accordance with Articles 35 through 38 of the Personal Information Protection Act.
Article 8 (Security Measures)
The Company takes the following measures to ensure the security of personal information:
- Password encryption: Passwords are hashed using the bcrypt algorithm. Plain text passwords are never stored.
- RRN encryption: Instructor resident registration numbers are encrypted using Active Record Encryption.
- Communication encryption: SSL/TLS is applied to encrypt data in transit.
- Access control: Admin roles are separated to minimize access to personal information.
- Access log retention: Access logs for the personal information processing system are maintained.
Article 9 (Cookies and Automatic Collection)
- Session cookies: Used to maintain login status. Deleted when the browser is closed.
- Locale cookie: Stores language preference (Korean/English).
- Visit records: Visitor identifiers, page paths, IP addresses, and User-Agent information are collected for service improvement.
- How to refuse cookies: You can refuse cookie storage through your web browser settings. However, refusing cookies may limit the use of some services such as login.
Article 10 (Data Protection Officer)
Operator
Legal name: HEYJAMES Inc. (주식회사 헤이제임스)
Representative: Sunghoon Lee
Business Registration No.: 362-81-00644
Mail-Order Sales License: 2024-Seoul Dongjak-0832
Address: 2803, 43 Boramae-ro 5-gil, Dongjak-gu, Seoul, Republic of Korea
Data Protection Officer
Name: Sunghoon Lee
Position: Representative
Email: james@heyjames.ai
Phone: 010-9391-6522
Article 11 (Remedies for Rights Infringement)
If you need to report or consult about personal information infringement, you may contact the following organizations:
- Personal Information Infringement Report Center (KISA): 118 / privacy.kisa.or.kr
- Personal Information Dispute Mediation Committee: 1833-6972 / www.kopico.go.kr
- Supreme Prosecutors' Office Cyber Investigation Division: 1301 / www.spo.go.kr
- National Police Agency Cyber Bureau: 182 / ecrm.police.go.kr
Supplementary Provisions
This Privacy Policy shall take effect on April 4, 2026.
