'Phone Studio' (hereinafter referred to as the 'Service') values users' personal information and complies with the "Personal Information Protection Act" and the "Act on Promotion of Information and Communications Network Utilization and Information Protection, etc."
Through this Privacy Policy, the Service informs users of the purposes and methods for which the personal information provided by users is being used, and what measures are being taken to protect their personal information.
The Service collects the following personal information for purposes such as membership registration, customer counseling, and service application.
1. Items Collected:
Email Sign-up: Email address, password (encrypted and stored on the server)
Social Login (Google, Apple): Social identifier (ID), email address, profile name (optional)
Service Usage: Images (photos) uploaded by the user
Automatically Collected Items: Service usage history, access logs, cookies, connection IP information, device information (OS version, model name), app crash/error logs, payment records
2. Method of Collection:
Account registration and login procedures within the app
Direct user uploads through in-app features
The Service utilizes the collected personal information solely for the following purposes:
Member Management: Identity verification for member-based services, confirmation of intent to register, restriction of registration for children under the age of 14, and handling complaints or civil grievances.
Service Provision: Providing image enhancement and generation results utilizing AI technology.
Service Improvement: Analyzing app errors, improving performance, and developing new services.
In principle, after the purpose of collecting and using personal information is achieved, the information is destroyed without delay.
Member Information: Retained until account withdrawal. However, if an investigation or inquiry is underway due to a violation of relevant laws and regulations, the information will be retained until the conclusion of the relevant investigation or inquiry.
AI Processing Data: Images uploaded for AI processing are destroyed from the temporary in-app storage upon completion of the result generation, when the app is closed, or upon the user's request for deletion. The original photos are not permanently stored on the developer's server. Generated results are encrypted and stored in the app's local storage (the user's smartphone) and are not stored on the developer's server.
To ensure smooth service provision, the Service entrusts the processing of personal information as follows, and the corresponding data is transferred overseas for processing.
Entrusted Company (Data Processor): Google LLC
Country of Transfer: United States and worldwide (Google Cloud Data Centers)
Description of Entrusted Work: Member registration and login authentication, database hosting, app usability analysis and crash reporting, AI image generation processing
Items Transferred: Email, password (encrypted), social login identifier information, uploaded images, device information
Retention and Use Period:
Member Information: Until account withdrawal
Uploaded Images: In accordance with Google's "AI Trust & Safety" policy, encrypted images may be retained for up to 30 days to detect policy violations such as child sexual exploitation material, hate speech, etc. (This data is not used for AI model training.)
To use the service, permissions to access specific functions within the device are required.
Required Access Permissions: None
Optional Access Permissions:
Camera/Album: Uploading photos for profile registration and AI image generation, and saving generated results.
Notification: Receiving service-related notifications.
You can use the service even if you do not agree to the optional access permissions, except for the specific functions that require those permissions.
In principle, the Service does not provide users' personal information to external parties. Exceptions are made only when required by law or when requested by investigative agencies in accordance with the procedures and methods prescribed by law for investigative purposes.
Destruction Procedure: Information entered by members is stored for a certain period according to internal policies and other relevant laws after the purpose is achieved, and then destroyed.
Destruction Method: Information in the form of electronic files is deleted using technical methods that render the records irrecoverable. (An in-app 'Delete Account' feature is provided.)
Users can terminate their personal information use contract at any time via the "Settings > Delete Account" menu within the app. Upon withdrawal, the collected personal information managed directly by the developer is immediately destroyed, or destroyed after a certain period according to the policy of the entrusted company (e.g., Google backups).
The Service oversees the processing of personal information and has designated a Chief Privacy Officer as follows to handle user complaints and remedy damages related to personal information processing.
Name / Title: Kim Hyun-sik / Chief Privacy Officer
Contact (Email): phone.studio@monadlogic.com
This Privacy Policy shall take effect from the enforcement date. In the event of any addition, deletion, or correction of modifications in accordance with laws and policies, notice will be given through the in-app notice section at least 7 days prior to the enforcement of the changes.
Pursuant to Article 29 of the "Personal Information Protection Act," the Service takes the following technical, administrative, and physical measures necessary to ensure safety so that personal information is not lost, stolen, leaked, forged, altered, or damaged.
1. Administrative Measures
Establishment and implementation of internal management plans, and regular security education for employees.
Minimizing the number of personnel handling personal information and managing access permissions.
2. Technical Measures
Secure user authentication through Firebase Authentication.
Encrypted storage in Firebase Cloud Firestore / Storage (applying TLS/HTTPS during transmission).
Granular data access control through Firebase Security Rules.
Storing sensitive personal information (such as passwords) using one-way encryption.
3. Physical and Other Measures
Utilizing the physical and network security measures of Firebase (Google Cloud) data centers.
Maintaining access records and conducting regular inspections.
Installing security programs and preventing malicious code.
※ The Service entrusts the processing of personal information to Google LLC and actively utilizes state-of-the-art security technologies (encryption, access control, audit logs, etc.) provided by Google's cloud infrastructure.
Announcement Date: April 20, 2026
Enforcement Date: April 20, 2026