Sally Privacy Policy

Sallylab Inc. (hereinafter "Company") protects user privacy in accordance with applicable laws including the Personal Information Protection Act. This policy applies to the Sally mobile application service (hereinafter "Service").

Article 1 (Information We Collect)

We collect the following personal information for membership registration, customer service, and service provision.

1. Information Collected

• a. Account Registration (Required)
  • SNS Login (Kakao, Google, Apple, Naver): User identifier, email, nickname, profile photo
  • Direct Registration: Email, password, nickname
• b. Service Usage (Optional/Analytics)
  • Profile Info: Gender, age range
  • Preference Data: Value test results (T/F), interest tags (Categories)
  • Activity Data: Vote history, video watch records, likes/bookmarks/comments, search history
• c. Pop-up Store Survey Participation
  • Contact Information: Email address, Instagram ID
  • Survey Responses: Multiple choice and open-ended answers
  • Demographic Info: Gender, age range (if included in survey)
  • Participation Timestamp: Survey completion date and time
• d. Location Data (Pop-up Store Only)
  • GPS Coordinates: For geofence verification only
  • Purpose: To restrict survey participation to in-store customers only
  • Retention: Immediately discarded after session ends (not stored on servers)
• e. Device Identification
  • Hashed Device ID: For duplicate participation prevention
  • LocalStorage Data: Participation history management
  • Purpose: Prevent duplicate gift redemption from same device
• f. Rewards and Events
  • Prize delivery: Recipient name, phone number, shipping address
  • Point redemption: Identity verification (if required), bank account info
• g. Automatically Collected Information
  • IP address, cookies, visit timestamps, service usage logs, device info (model, OS version, device ID, advertising ID)

Article 2 (Purpose of Collection and Use)

1. Service Provision and Member Management

• Identity verification, fraud prevention, membership confirmation
• Personalized content (short-form, polls) recommendation algorithm
• Point accumulation/usage, prize drawing and delivery

2. New Service Development and Marketing

• New service development and personalized service provision
• Event and promotional information delivery
• Service validity verification, access frequency analysis, usage statistics

3. Data Analysis and B2B Solutions (Core)

• Statistical Analysis: Opinion analysis and trend reports based on voting results and preference data
• Pseudonymized Data: Processed data that cannot identify individuals, provided to businesses and research institutions (※ No personally identifiable information is shared)

Article 3 (Data Sharing with Brand Partners)

For pop-up store surveys and B2B services:

• Shared with Partners: Anonymized survey statistics only (response distributions, demographic breakdowns)
• NOT Shared: Personal identifiers such as email addresses, Instagram IDs, or any contact information
• Sally Retains: All personal contact information is kept solely by Sally for prize distribution purposes

Article 4 (Retention Period)

We retain personal information for the duration consented by users or as required by law.

1. Upon Account Deletion

Personal information is deleted immediately upon account deletion. However, some information (email, device info) may be retained for 1 year to prevent fraudulent use.

2. Legal Retention Requirements

• Records related to display/advertising: 6 months
• Records related to contracts or withdrawal: 5 years
• Records related to payment and supply of goods: 5 years
• Records related to consumer complaints or disputes: 3 years
• Login records (access logs): 3 months

Article 5 (Data Destruction)

Personal information is destroyed without delay after the purpose of collection is achieved.

• Procedure: Information is transferred to a separate database and destroyed according to internal policies and legal requirements.
• Method: Electronic files are deleted using technical methods that prevent recovery.

Article 6 (Third-Party Disclosure)

We do not disclose personal information to third parties except in the following cases:

1. With prior user consent
2. As required by law or upon lawful request by investigative authorities
3. When provided in anonymized/pseudonymized form for statistical, academic, or market research purposes where individuals cannot be identified

Article 7 (Processing Delegation)

We delegate personal information processing as follows:

• Delegate: Cloud service providers (e.g., AWS, Firebase)
  Scope: Cloud server operation and data storage for service provision
• Delegate: Identity verification services (if applicable)
  Scope: User identity verification

Article 8 (User Rights)

1. Users may view, modify, or request deletion of their personal information at any time.
2. Access through [My Page > Settings > Edit Profile] or [Delete Account] in the app.
3. We will not use or provide personal information until any requested corrections are completed.

Article 9 (Security Measures)

We implement the following technical and administrative measures to protect personal information:

1. Password Encryption: Passwords are encrypted for storage and management.
2. Security Against Hacking: We use up-to-date antivirus software and encrypted communications to protect data.
3. Access Limitation: Personal information handling is limited to designated personnel only.

Article 10 (Privacy Officer)

For privacy-related inquiries or complaints:

• Privacy Officer: Jewel Kim (CEO)
• Department: Operations / Security Team
• Email: info@sallylab.io

Article 11 (Policy Updates)

Changes to this privacy policy will be announced at least 7 days before implementation through in-app notifications.

• Announcement Date: November 24, 2025
• Effective Date: November 30, 2025