TempleRo(the “Company”) processes personal information lawfully and manages it safely in compliance with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Act on the Protection, Use, Etc. of Location Information, and other applicable laws. Pursuant to Article 30 of the Personal Information Protection Act, the Company establishes and discloses this Privacy Policy to inform data subjects of the procedures and standards for processing personal information.
Article 1 (Purposes of Processing Personal Information)
- Member registration and management: identification, authentication, prevention of misuse
- Service provision: temple information, visit check-ins, stamp collection, mission progress, and related features
- Complaint handling: identity verification, investigation, notification of results
- Marketing and promotions (optional): announcements of new services and events (only with user consent)
Article 2 (Categories and Methods of Personal Information Collected)
1. Items Collected
a. At sign-up
- Required: email address, password (stored as bcrypt hash)
- Optional: nickname, profile image
b. Upon social login (Google, Kakao, Naver)
- Google: email, name, profile image
- Kakao: email, nickname, profile image
- Naver: email, nickname, profile image
- Provider-specific unique identifier (Provider Account ID)
c. Automatically collected during service use
- IP address, access logs, cookies, device information (User Agent), visit timestamps
- Personal location information (only with user consent, for check-in purposes). See the Location-Based Service Terms for details.
- Service usage records (visits, stamps, mission progress, posts, comments, favorites, etc.)
2. Collection Methods
- Direct input by the user at sign-up and during service use
- Provided by social login providers (Google, Kakao, Naver) with user consent
- Automatically generated and collected during service use
Article 3 (Retention and Use Period)
- Member information: deleted immediately upon account withdrawal (except where retention is required by law)
- Service usage records: deleted immediately upon account withdrawal
- Access logs (login history, IP, etc.): 90 days (per the Enforcement Decree of the Protection of Communications Secrets Act)
- Fraudulent use records: 1 year
- Location information records: automatically retained for 6 months pursuant to Article 16 of the Act on the Protection, Use, Etc. of Location Information, then destroyed
Article 4 (Provision to Third Parties)
The Company processes personal information only within the scope specified in Article 1 and provides it to third parties only with the data subject’s consent or in cases provided by Articles 17 and 18 of the Personal Information Protection Act. Currently, the Company does not provide personal information to third parties.
Article 5 (Entrusted Processing and Cross-Border Transfer)
For efficient service delivery, the Company entrusts personal information processing to the following parties. Some processors are located outside the Republic of Korea. In compliance with Article 28-8 of the Personal Information Protection Act, the Company discloses the following:
| Processor | Purpose | Country | Transfer Method |
|---|---|---|---|
| Resend, Inc. | Email delivery (verification, reset, notices) | United States | HTTPS API call |
| Google LLC | Google account OAuth | United States | HTTPS API call |
| Kakao Corp. | Kakao account OAuth | Republic of Korea | HTTPS API call |
| NAVER Cloud Corp. | Naver OAuth, maps | Republic of Korea | HTTPS API call |
| Cloudflare, Inc. | CDN / Tunnel / DNS security | United States (global CDN) | HTTPS network transit |
· Items transferred: email, profile identifier, access IP and related identifiers
· Timing: in real time upon service use
· Retention period: as per each processor’s privacy policy
· Purpose: within the scope of each entrusted task
· User rights: you may refuse cross-border transfer; refusal may limit certain services
Article 6 (Rights of Data Subjects)
- Right to access personal information
- Right to correction and deletion
- Right to request suspension of processing
- Right to withdraw consent and terminate membership
These rights may be exercised directly via the My Page section of the service or by written correspondence, phone, or email. The Company will respond without delay.
Article 7 (Destruction of Personal Information)
The Company destroys personal information without delay once retention periods expire or the purposes of processing are achieved.
- Procedure: Data entered by the user is moved to a separate database upon purpose completion and stored for a period required by law or internal policy before destruction.
- Method: Electronic files are irreversibly deleted using technical means; printed documents are shredded or incinerated.
Article 8 (Security Measures)
- Administrative: internal management plans, periodic staff training
- Technical: bcrypt password hashing, HTTPS encryption, JWT session security, access control, login-attempt logging
- Physical: controlled access to server rooms and document storage
Article 9 (Cookies)
The Company uses “cookies” to store and retrieve user information to provide personalized services. Cookies are used solely for login session maintenance and user preferences. You may refuse cookies via your browser settings; however, some services may be limited as a result.
Article 10 (Protection of Children’s Personal Information)
This service is intended for users aged 14 and older. Children under the age of 14 are not permitted to register. The Company verifies this at sign-up. Any account identified as belonging to a child under 14 will be suspended and deleted. Upon discovery that personal information of a child under 14 has been collected, the Company will destroy such information without delay.
Article 11 (Processing of Location Information)
The Company processes personal location information in compliance with the Act on the Protection, Use, Etc. of Location Information. Details of location information collection, use, and provision are governed by the Location-Based Service Terms. Collection and use of location information is based on the user’s separate consent.
Article 12 (Privacy Officer & Location Information Manager)
The Company designates the following officer to protect personal information and location information and to handle related complaints.
Chief Privacy Officer & Location Information Manager
- Name: Wanlim Kim
- Organization: Adriven Co., Ltd.
- Contact: [email protected]
Article 13 (Remedies for Rights Violations)
To seek remedy for personal information infringements, data subjects may contact the Korea Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Privacy Infringement Report Center, and other relevant bodies:
- Personal Information Dispute Mediation Committee: 1833-6972 / www.kopico.go.kr
- Privacy Infringement Report Center: 118 / privacy.kisa.or.kr
- Supreme Prosecutors’ Office Cyber Investigation: 1301 / www.spo.go.kr
- National Police Agency Cyber Bureau: 182 / ecrm.police.go.kr
Article 14 (Changes to This Policy)
This Privacy Policy takes effect from the effective date above. Any additions, deletions, or modifications will be announced via the service notice at least 7 days prior to the effective date of the change.
Addendum
This policy is effective as of April 18, 2026.