Privacy Policy
Revision Date: January 27, 2025
Effective Date: January 27, 2025
Privacy Policy Overview
Wehere (hereinafter referred to as "the Company") establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to handle related complaints promptly and smoothly.
Article 1 (Purpose of Personal Information Processing)
The Company processes personal information for the following purposes. Personal information being processed will not be used for purposes other than those stated below, and if the purpose of use changes, the Company will take necessary measures, including obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
1. Service Provision
- Providing AI-based customer service
- Providing customer service management and monitoring features
- Providing customer service data analysis and reports
2. Member Management
- Member registration and authentication
- Member identification and verification
- Maintaining and managing membership
- Preventing fraudulent use of services
3. Customer Service and Inquiry Processing
- Contacting for inquiry confirmation and fact-finding
- Notifying processing results
- Analysis for service improvement
4. FAQ Generation and Service Improvement
- Automatic FAQ generation based on customer messages and AI responses
- Analysis of consultation data to improve AI-based service quality
- Analysis of customer question patterns and providing customized responses
- Generating FAQ suggestions for store owners (published after owner approval)
⚠️ Important Notice
Customer messages and AI responses may be transmitted to AI service providers (OpenAI) for FAQ generation and service improvement. Messages may contain personal information, so please do not include sensitive information in messages.
Article 2 (Processing and Retention Period of Personal Information)
1. The Company processes and retains personal information within the period of retention and use of personal information in accordance with laws and regulations, or within the period of retention and use of personal information agreed upon when collecting personal information from the data subject.
| Category | Retention Period | Legal Basis |
|---|---|---|
| Member Information | Until membership withdrawal | Data Subject Consent |
| Service Usage Records | 3 years | Communications Secrets Protection Act |
| Consultation Records | 3 years | E-Commerce Act |
| Conversation Data for FAQ Generation | Immediately deleted after FAQ generation or 3 years | Data Subject Consent and E-Commerce Act |
Article 3 (Items of Personal Information Processed)
1. Required Items
- Name, email address, contact information
- Service usage records, access logs, cookies, IP address information
- Consultation content and records
2. Optional Items
- Profile photo, company name, position
- Marketing information reception consent
3. Automatically Collected Information
- IP address, MAC address, service usage records, visit records
- Fraudulent usage records, device information (OS, browser type, etc.)
4. Information for FAQ Generation and Service Improvement
- Customer messages and AI response content
- Consultation context and consultation history
- Store information (used for FAQ generation)
- Existing FAQ data (for duplicate prevention and quality improvement)
※ The above information is collected and used for automatic FAQ generation and AI service quality improvement.
Article 4 (Provision of Personal Information to Third Parties)
1. The Company processes personal information of data subjects only within the scope specified in Article 1 (Purpose of Personal Information Processing), and provides personal information to third parties only in cases corresponding to Article 17 of the Personal Information Protection Act, such as consent from the data subject or special provisions of laws.
Current Status of Third-Party Provision
Currently, the Company does not provide personal information to third parties. If third-party provision becomes necessary in the future, the Company will obtain prior consent from the data subject before providing such information.
Article 5 (Entrustment of Personal Information Processing)
1. For smooth personal information processing, the Company entrusts personal information processing tasks as follows:
| Trustee | Entrusted Tasks | Entrustment Period |
|---|---|---|
| Supabase Inc. | Database management and hosting | Service provision period |
| Google Cloud Platform | AI services and cloud infrastructure | Service provision period |
| OpenAI Inc. | AI model services (customer service response generation, automatic FAQ generation) | Service provision period |
⚠️ Personal Information Transmission to AI Service Providers
The Company transmits customer messages and AI responses to OpenAI Inc. for FAQ generation and AI-based customer service provision.
- Transmission Purpose: Automatic FAQ generation, AI-based customer service response generation
- Transmission Items: Customer messages, AI response content, store information, existing FAQ data
- Transmission Method: Transmission through encrypted API
- Retention and Use Period: Immediately deleted after FAQ generation completion or retained during service provision period
- OpenAI Privacy Policy: https://openai.com/policies/privacy-policy
Customer messages may contain personal information, so please do not include sensitive information (social security numbers, credit card information, account numbers, etc.) in messages.
2. When entering into an entrustment contract, the Company specifies in documents such as contracts matters such as prohibition of personal information processing for purposes other than the entrusted tasks, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of trustees, and compensation for damages in accordance with Article 26 of the Personal Information Protection Act, and supervises whether trustees process personal information safely.
Obligation to Notify Personal Information Processing Entrustment
Business operators are obligated to specify Wehere as a personal information trustee in accordance with relevant laws and regulations regarding personal information processing entrustment, and to include in their privacy policy that they entrust customer personal information processing tasks to Wehere.
Article 6 (Rights and Obligations of Data Subjects and Methods of Exercise)
1. Data subjects may exercise the following rights related to personal information protection against the Company at any time:
- Request to suspend personal information processing
- Request to access personal information
- Request to correct or delete personal information
- Request to suspend personal information processing
2. Exercise of rights under paragraph 1 may be made to the Company in writing, by telephone, email, facsimile transmission (FAX), etc. in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
3. If a data subject requests correction or deletion of errors in personal information, the Company will not use or provide the personal information until the correction or deletion is completed.
Article 7 (Measures to Ensure Personal Information Security)
The Company implements the following technical, administrative, and physical measures necessary to ensure security in accordance with Article 29 of the Personal Information Protection Act:
1. Minimization and Training of Personal Information Handling Staff
The Company designates and limits staff handling personal information to specific personnel to minimize and manage personal information.
2. Access Restrictions to Personal Information
The Company takes necessary measures to control access to personal information by granting, changing, or revoking access rights to database systems that process personal information, and uses intrusion prevention systems to control unauthorized access from outside.
3. Encryption of Personal Information
Personal information is safely stored and managed through encryption and other methods.
4. Technical Measures Against Hacking
The Company installs security programs to prevent leakage and damage of personal information due to hacking or computer viruses, conducts regular updates and inspections, installs systems in areas with controlled access from outside, and monitors and blocks technically and physically.
Article 8 (Personal Information Protection Officer)
1. The Company is responsible for overall personal information processing tasks and has designated a Personal Information Protection Officer as follows to handle complaints and damage relief related to personal information processing:
Personal Information Protection Officer
Name: Wonseok Jung
Contact: support@wehere.ai
Position: CEO
2. Data subjects may inquire with the Personal Information Protection Officer about all matters related to personal information protection, complaint handling, and damage relief that occur while using the Company's services. The Company will respond to and handle inquiries from data subjects without delay.
Article 9 (Cookie Policy)
1. The Company uses 'cookies' to store and retrieve user information from time to time to provide personalized and customized services to users.
Purpose of Cookie Use
- Analysis of user access frequency and visit time
- Understanding user preferences and interests and tracking activities
- Understanding event participation and visit frequency
- Providing customized services
How to Refuse Cookie Settings
Users have the right to choose whether to install cookies. Therefore, users can allow all cookies, check each time a cookie is stored, or refuse to store all cookies by setting options in their web browser.
Article 10 (Data Retention and Deletion Policy)
1. The Company destroys personal information without delay after the purpose of collection and use is achieved.
2. However, the following information is retained for the periods specified below for the following reasons:
| Retention Items | Retention Period | Legal Basis |
|---|---|---|
| Records on contracts or subscription withdrawal | 5 years | E-Commerce Act |
| Records on payment and supply of goods | 5 years | E-Commerce Act |
| Records on consumer complaints or dispute resolution | 3 years | E-Commerce Act |
| Website visit records | 3 months | Communications Secrets Protection Act |
3. Procedures and methods for personal information destruction:
- Destruction procedure: After the purpose of use is achieved, information is moved to a separate database and stored for a certain period in accordance with internal policies and other related laws, or destroyed immediately.
- Destruction method: Information in electronic file format is destroyed using technical methods that make it impossible to reproduce records.
Article 11 (Privacy Policy Changes)
1. This Privacy Policy takes effect from the effective date, and if there are additions, deletions, or corrections to the content in accordance with laws and policies, notice will be given through announcements from 7 days before the implementation of the changes.
2. The change history of previous privacy policies can be viewed on the Change History page.
Contact
If you have any questions about this Privacy Policy, please contact us below.
Email: privacy@wehere.ai
Customer Service: Weekdays 09:00 - 18:00 (Closed on weekends and holidays)