Privacy Policy

Last updated: 2025년 12월 1일

Tayco (hereinafter referred to as the "Company") establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of Stellog service users and promptly and smoothly handle related complaints.

1. Purpose of Collection and Use of Personal Information

The Company processes collected personal information for the following purposes. Processed personal information is not used for purposes other than the following, and if the purpose of use changes, necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act will be implemented:

  • Member registration and management
  • Service provision (astrological disposition analysis, life patterns generation)
  • Payment and refund processing
  • Customer inquiry response and customer support
  • Service improvement and new service development

2. Personal Information Items Collected

Required Information:

  • Email address
  • Password (encrypted storage)

Service Usage Information:

  • Traveler information (name, date of birth, time of birth, place of birth)
  • Star Flakes transaction history
  • Generated life patternss

Payment Information:

  • Payment amount, payment date and time
  • Order number (processed through payment gateway, the Company does not directly store sensitive information such as card numbers)

Automatically Collected Information:

  • IP address, cookies, visit date and time
  • Service usage records

3. Retention and Use Period of Personal Information

The Company processes and retains personal information within the retention and use period of personal information in accordance with laws and regulations or the retention and use period of personal information agreed upon when collecting personal information from users.

Principle Retention Period:

  • Member registration information: Until member withdrawal
  • Service provision information: Until service provision is completed

Retention According to Related Laws:

In the following cases, information is retained for the period specified by the relevant law:

  • Records related to contracts or withdrawal of subscription: 5 years (E-Commerce Act)
  • Records related to payment and supply of goods: 5 years (E-Commerce Act)
  • Records related to consumer complaints or dispute resolution: 3 years (E-Commerce Act)
  • Records related to labeling and advertising: 6 months (E-Commerce Act)

4. Provision of Personal Information to Third Parties

The Company does not provide users' personal information to third parties in principle. However, the following cases are exceptions:

  • When the user has given prior consent
  • When required by investigative agencies in accordance with procedures and methods prescribed by law based on legal provisions or for investigative purposes

5. Personal Information Processing Entrustment and Overseas Transfer

Personal Information Processing Entrustment

The Company entrusts personal information processing as follows for service provision:

  • Firebase (Google LLC): Data storage and authentication
  • Toss Payments: Payment processing
  • OpenAI/Google: AI analysis services

Overseas Transfer of Personal Information

The Company transfers personal information overseas as follows for service operation:

Recipient: Google LLC (Firebase, Google Cloud Platform)

Transfer Country: United States

Transfer Items: Member information, traveler information, payment history, service usage records

Transfer Purpose: Data storage, backup, service provision stabilization

Retention and Use Period: Until member withdrawal or entrustment contract termination

6. Procedures and Methods for Destruction of Personal Information

The Company destroys personal information without delay when it becomes unnecessary due to the expiration of the retention period or achievement of the processing purpose.

Destruction Procedures:

Information entered by users is moved to a separate database (or separate documents in the case of paper) after the purpose is achieved, stored for a certain period according to internal policies and other related laws, and then destroyed.

Destruction Methods:

  • Electronic file format: Permanent deletion using technical methods that make recovery and regeneration impossible
  • Paper documents: Shredding with a shredder or incineration

7. Rights of Users and Legal Representatives and Methods of Exercise

Users may view or modify their registered personal information at any time, and if they do not agree to the processing of personal information, they may refuse consent or request membership cancellation (member withdrawal).

Rights Exercise Contents:

  • Request for access to personal information
  • Request for correction of personal information
  • Request for deletion of personal information
  • Request for suspension of personal information processing

Rights can be exercised via email (contact@tayco.kr), and the Company will take action without delay.

8. Personal Information Protection Officer

The Company is responsible for overseeing personal information processing tasks and has designated a Personal Information Protection Officer as follows to handle complaints and damage relief related to personal information processing.

Personal Information Protection Officer
Name: Han Tae-kyung
Email: contact@tayco.kr

※ If you need to report or consult about personal information infringement, you can contact the following agencies:
- Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
- Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
- Supreme Prosecutors' Office Cyber Crime Investigation Division (www.spo.go.kr / 1301 without area code)
- National Police Agency Cyber Safety Bureau (cyberbureau.police.go.kr / 182 without area code)

9. Measures to Ensure Safety of Personal Information

In accordance with Article 29 of the Personal Information Protection Act, the Company takes the following technical, administrative, and physical measures to ensure the safety of personal information:

  • Personal information encryption: Important information such as passwords is encrypted and stored and managed
  • Technical measures against hacking: Installation of security programs and periodic updates and inspections
  • Restriction of access to personal information: Granting, changing, and deleting access rights to personal information processing systems
  • Retention and prevention of tampering of access records: Retention and management for at least 1 year
  • Regular self-audits

10. Changes to Privacy Policy

This Privacy Policy will be notified through announcements from 7 days before the implementation of changes when there are additions, deletions, or modifications to the content due to changes in laws, policies, or security technology. However, if there are important changes to user rights, notification will be made at least 30 days in advance.

Announcement Date: December 1, 2025
Effective Date: December 1, 2025

Privacy Policy | Stellog