SaForus Personal Information Collection and Usage Agreement (Mandatory)
(Effective Date: March 1, 2025)

MarkAny Co., Ltd. (hereinafter referred to as the "Company"), which operates SaForus (saforus.com), prioritizes the protection of personal information of data subjects (hereinafter referred to as "Users"). The Company complies with personal information protection regulations under applicable laws, including the "Act on Promotion of Information and Communications Network Utilization and Information Protection, etc." and the "Personal Information Protection Act." It has established a personal information processing policy to protect Users' rights and comply with relevant laws.

The Company will notify Users of any changes to this Privacy Policy through the website notice or individual notifications.

​

1. Categories of Personal Information Collected

The Company collects the minimum amount of personal information necessary to fulfill the essential functions of its services during initial registration. Additional information may be collected depending on the services used.

The Company categorizes personal information into "mandatory consent items" and "optional consent items," allowing Users to provide consent individually for each category. The Company does not deny services to Users who refuse to provide personal information beyond the minimum required.

The personal information collected by the Company is used solely for the purposes described below and is not provided to third parties without the User's consent.

​

1. Information Collected

The Company collects the following personal information for membership registration, service application and usage, and customer support:

​

Membership Registration Information

• Required: Name, Email, Password, Company Name, Country of Business Operation

• Optional: Mobile Phone Contact, Company Name, Site Name, Postal Code, Address (Street Name, City, Region)

• Purpose:

  • Membership registration and login

  • Member management

  • Providing SaForus services through company affiliation

• Retention Period:

  • Until membership withdrawal (subject to relevant laws and regulations)

​

Access Logs and IP Information

• Purpose: To ensure service security, SaForus collects logs and IP information of customers accessing the SaForus web service.

• Retention Period: Until the company requests deletion (upon termination of service use) (subject to relevant laws and regulations)

 

Service Usage Records

• Purpose: To enhance user convenience and provide technical support, service usage records are collected per SaForus product:

  • Digital Forensic Watermarking Service

    • Order history for watermark embedding and detection

    • Session history

  • Illegal Leakage Detection Service

    • Application and processing history for watermark detection in illegally leaked content

  • Enterprise Security Service

    • Watermark configuration details and modifications

    • Registered user information and access history

• Retention Period: Until membership withdrawal (subject to relevant laws and regulations)

​

Payment Records

• Purpose: Collection for SaForus service fee payment, card registration, and payment user management.

• Retention Period: Until the company requests deletion (upon termination of service use) and as required by relevant laws and regulations.

 

Customer Consultation and Service Adoption Information: Name, Company or Organization Name, Email, Phone Number

• Purpose: Providing SaForus customer consultation services

• Retention Period: Until membership withdrawal (subject to relevant laws and regulations)

 

Marketing Information (Optional): Email, Phone Number, Name, Company or Organization Name

• Purpose: Utilized for SaForus marketing activities

• Retention Period: Until withdrawal request is made

​

In addition to the information collected above, the following data may be automatically generated, stored, combined, and analyzed during the course of service use or business processes:

• Service usage records, cookies, IP address, restrictions and usage suspension records, issue-related information, device information, operating system information

• For credit card payments: credit card number, card expiration date

​

2. Collection Methods

The Company collects personal information through the following methods:

• Website (membership registration, customer inquiries, adoption inquiries, etc.), email, phone, written documents, fax

• Information provided by business operators

• Information provided by partner companies

• Automated collection tools

​

2. Purpose of Using Collected Personal Information

The Company utilizes the collected personal information for the following purposes:

1. Fulfillment of contracts related to service provision and fee settlements

2. Membership management

3. Provision of various services and notifications

4. Development of new services and delivery of promotional materials or marketing activities

​

3. Retention and Usage Period of Personal Information

The Company retains and uses personal information collected during membership registration, inquiries, and service application for specific durations as follows:​

​

1. Retention Periods for Personal Information

The Company retains personal information from the date of service subscription until membership cancellation. Additionally, information may be retained for dispute resolution or in compliance with legal requirements. Retention periods include:

• Preserved Items (Individuals ): Name, billing address, phone number, email, fee payment details (amount charged, amount paid, payment date, payment method)

• Preserved Items (Businesses) : Company name, business registration number, representative name, corporate registration number, fee payment details

• Legal Basis :  Article 85-3 of the National Tax Basic Act

• Retention Period : 5 years

​

​2. Legal Retention Periods

Certain personal information is retained as required by applicable laws:

• Records of contracts or subscription withdrawals: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)

• Records of payments and supply of goods or services: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)

• Records of consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)

• Records of credit information collection/processing and usage: 3 years (Credit Information Use and Protection Act)

​

4. Destruction of Personal Information

​

1. Destruction Procedures

Personal information is destroyed after achieving the purpose for which it was collected. Information subject to destruction includes personal data that exceeds its retention period or is no longer required under applicable laws.

​

2. Destruction Methods

Personal information is securely deleted using industry-standard methods to prevent restoration or misuse.

​

5. Provision and Delegation of Personal Information

The Company uses the collected personal information within the scope specified in the "2. Purpose of Using Collected Personal Information" section of this Privacy Policy or within the terms of the service agreement. The Company does not use or provide the information beyond this scope without prior consent, except in the following cases:

1. When necessary for billing or settlement related to service provision

2. When personal information is necessary to fulfill a contract for service provision, and it is exceptionally difficult to obtain the usual consent due to economic or technical reasons

3. When it is legally required by special provisions under relevant laws

​

To improve its services, the Company entrusts certain personal information to external entities. In such cases, the Company ensures the safe management of personal information by stipulating necessary measures in its delegation agreements as required by relevant laws. The entrusted entities and their respective responsibilities are as follows:

​

Amazon Web Service

• Entrusted Task: Storage and management of customer data

• Retention and Usage Period of Personal Information: Until membership withdrawal or termination of the entrusted contract

 

Toss Payments Co., Ltd.

• Entrusted Task: Storage and management of data for payment processing

• Retention and Usage Period of Personal Information: Until membership withdrawal or termination of the entrusted contract

​

6. Overseas Transfer of Personal Information​

​

Amazon Web Service (aws-korea-privacy@amazon.com)

• Transferred Personal Information Items: All data, including personal information collected and stored by the company

• Country of Transfer: United States

• Time and Method of Transfer: Transferred remotely via an encrypted channel at the time of membership registration

• Purpose of Use: Data storage and infrastructure operation

• Retention and Usage Period: In accordance with the retention period specified in this privacy policy

​

7. User Rights and How to Exercise Them

1. Users may review, modify, or request deletion of their registered personal information at any time. If a User requests corrections for errors, the personal information will not be used or provided until the corrections are complete.

2. Users can log in using their ID and password to review or edit their personal information via their account settings.

3. Membership withdrawal inquiries should be directed to the Company. Withdrawal may be delayed if the User has outstanding payments or liabilities to the Company.

4. SaForus (http://saforus.com) does not collect personal information from children under the age of 14 requiring consent from legal representatives, and it does not accept membership applications from children under the age of 14.

​

8. Use of Cookies

The Company uses cookies to provide personalized and customized services to Users. Cookies are small text files sent by a website's server to the User’s browser and stored on the User's hard disk. These files help store User preferences for future visits and provide tailored services.

​

Session

• Description: Session cookies are used to maintain the application's state.

• Cookie Management: Can be accepted or rejected through browser settings.

 

Load Balancing

• Description: Load balancing cookies are used to distribute assets globally and reduce server load.

• Cookie Management: Can be accepted or rejected through browser settings.

 

User

• Description: User ID cookies are used to allow users to verify their own information.

• Cookie Management: Can be accepted or rejected through browser settings.

 

Security

• Description: Security cookies are used for security management and monitoring.

• Cookie Management: Can be accepted or rejected through browser settings.

​

Cookies do not automatically or actively collect personally identifiable information. Users can reject or delete these cookies at any time through browser settings.

​

9. Technical and Administrative Measures for Personal Information Protection

The Company employs the following measures to ensure the safe management of personal information:

​

1. Technical Measures

• The Company uses separate security tools (e.g., firewalls, intrusion prevention systems) to prevent unauthorized access or hacking.

• Anti-virus and patch programs are regularly updated to protect against computer viruses.

• Encryption algorithms, such as SSL, are employed to safely transmit personal information over networks.

​

2. Administrative Measures

• Access to personal information is limited to essential personnel, such as those involved in marketing, privacy management, and unavoidable data processing.

• Employees undergo regular training to prevent personal information leaks or misuse.

• Procedures are in place to securely transfer responsibilities during personnel changes, ensuring accountability for personal information even after resignation.

​

In the event of internal errors or technical issues leading to personal information breaches, the Company will promptly notify affected Users and take appropriate measures, including compensation if applicable.

​

10. Personal Information Inquiries and Complaints

For questions or complaints regarding personal information, Users may contact the designated Privacy Protection Officer:

• Name: Choi Go

• Email: support@saforus.com

• Phone: +82-2-2262-5222

​

11. Reporting and Dispute Resolution

For further assistance regarding personal information violations, Users may contact the following organizations:

• Personal Information Dispute Mediation Committee: 1833-6972

• Personal Information Infringement Report Center: 118

• Supreme Prosecutor’s Office Cyber Crime Investigation Center: 1301

• Cybercrime Investigation System (ECRM): 182

​

12. Note

This Privacy Policy does not apply to personal information collection practices by external websites linked to the Company’s website.

​​

13. Notification of Changes

In case of any changes, additions, or deletions to this Privacy Policy, the Company will provide prior notice at least seven days in advance via email.​