top of page

VLLOプライバシーポリシー

Last Updated: June 4, 2026

Vimosoft Co., Ltd. (the "Company," acting as the personal information controller) values your personal information and complies with the Personal Information Protection Act and other applicable laws and regulations. This Privacy Policy describes the categories of personal information collected, the purposes for which it is used, the retention periods, and the measures taken to protect your rights in connection with your use of the VLLO service (the "Service").

Categories of Personal Information Collected and Methods of Collection

The Company collects only the minimum personal information necessary to provide the Service, pursuant to Article 15(1)(iv) of the Personal Information Protection Act.

  • Automatically collected: App information and performance (crash logs, diagnostics, performance data), location information (approximate location), app activity (interactions, installed apps), device or other identifiers

  • Upon purchase of an educational account: Institution name, contact person's name, phone number, email address, proof of eligibility, etc.

  • Upon use of web services and membership registration: Account ID, name, phone number, and other information entered at the time of registration

  • Upon social login: Social ID, name, phone number

  • Upon customer support: Email address, inquiry content, and device information for the purpose of providing smooth support

  • Upon refund request: Email address, Google order number (GPA)

  • Upon use of AI Services: Personally identifiable information contained in content directly input or submitted by the user in the course of using the AI Services

Use of Device Permissions

 

Pursuant to Article 15(1)(i) of the Personal Information Protection Act, the Company uses the following device permissions with the user's consent for the purpose of providing certain features within the Service.

  • Camera and photo library: For importing files and capturing footage for video editing purposes

  • The information accessed through these permissions is processed solely within the Service, and permissions may be revoked at any time through the device settings.

Purposes of Use of Personal Information

 

The Company uses the collected information for the following purposes:

  • Service provision and management: Content delivery, service quality improvement, and statistical analysis

  • Membership registration: User identification and authentication, prevention of unauthorized use of the Service

  • Performance of contracts and payment processing: Issuance of educational accounts, confirmation and management of paid service payments (general in-app payments are processed through the App Store or Google Play, and the Company does not store payment method information)

  • Customer support: Processing of inquiries

  • Refund processing: Payment cancellations and refund processing

  • Marketing and advertising: Information on new services and events (only where consent has been obtained)

  • Provision of AI Services: Generation and delivery of AI-based feature outputs using external AI APIs

Processing of Personal Information in Connection with AI Services

The Company uses external third-party AI APIs to provide AI Service features. When using these services, certain data may be transmitted to external providers.

  • Content directly input or submitted by the user when using the AI Services is transmitted to external AI API providers for the purpose of generating AI outputs.

  • Transmitted data is used solely for the purpose of generating AI outputs. The Company does not use such data for AI improvement, training, or similar purposes.

※ For details on data processing subcontracting and cross-border transfers, please refer to the "Subcontracting and Third-Party Provision of Personal Information Processing" section below.

Notes on Use of AI Services

  • AI Services are available only to users aged 19 and above.

  • When using AI Services, please do not input content that includes the personal information of third parties, such as their voice or likeness. Users bear full legal responsibility for any violations.

  • Due to the technical nature of AI Services, even upon a user's request for deletion of personal information, information held by external third parties may not be immediately destroyed. In such cases, the Company will request that the relevant third party destroy the personal information it received, and the information will be handled in accordance with each third party's privacy policy.

Subcontracting and Third-Party Provision of Personal Information Processing

The Company does not provide personal information to external parties without the user's consent. However, pursuant to Article 17(1)(ii) and Article 15(1)(iv) of the Personal Information Protection Act, the Company transfers or subcontracts the processing of personal information as set forth below for the purpose of providing smooth service delivery.

Personal Information Processing Subcontracting Status

Third-Party Provision of Personal Information (for Targeted Advertising and Marketing Purposes)​

  • Recipients: Meta (Facebook, Instagram, etc.), Google (Google Ads, etc.)

  • Purpose: Providing targeted advertising and analyzing marketing effectiveness

  • Data provided: Device identifiers (ADID/IDFA), app usage and visit records

  • Retention period: Until service withdrawal or withdrawal of marketing consent

Cross-Border Transfer of Personal Information

The Company transfers personal information to third countries as set forth below for the purposes of providing global services, data analytics, payment processing, and AI Services. If you do not wish to have your personal information transferred abroad, you may refuse by contacting the Company's customer service center; however, this may result in restrictions on the use of certain services.

Legal basis for cross-border transfers: Article 28-8(1)(iii) of the Personal Information Protection Act (subcontracting of overseas processing for the performance of a contract) and Article 28-8(1)(i) (consent of the data subject)

Cross-Border Transfer Status

Retention and Use Period of Personal Information

The Company will destroy personal information without delay upon the achievement of the purpose for which it was collected. However, where retention is required by applicable laws and regulations, the Company will retain such information for the periods set forth below.

  • Records relating to contracts and withdrawal of offers: 5 years (Article 6(1)(ii) of the Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce)

  • Records relating to payment and supply of goods and refunds: 5 years (Article 6(1)(iii) of the Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce)

  • Records relating to consumer complaints and dispute resolution: 3 years (Article 6(1)(iv) of the Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce)

  • Website/app visit records and access logs (including IP addresses): 3 months (Article 15-2 of the Protection of Communications Secrets Act and Article 41 of the Enforcement Decree thereof)

Retention Period for Information Collected in Connection with AI Services

  • Content directly input or submitted by the user when using AI Services: Destroyed immediately upon completion of AI output generation

  • However, logs retained by external third parties (e.g., ElevenLabs) for operational, security, or quality management purposes may be retained separately in accordance with each third party's policies.

Procedures and Methods for Destruction of Personal Information

The Company will destroy personal information without delay when it becomes unnecessary due to the expiration of the retention period or the achievement of the processing purpose.

  • Where personal information must continue to be retained under applicable laws notwithstanding the expiration of the agreed retention period or the achievement of the processing purpose, such personal information will be transferred to a separate database or stored in a separate location.

  • Destruction procedure: The Company selects the personal information subject to destruction and destroys it upon approval of the Personal Information Protection Officer.

  • Destruction method: Electronic files are destroyed using technical methods that prevent recovery; paper documents are shredded or incinerated.

  • Limitations on destruction relating to AI Services: As the AI Services provided by the Company utilize external third-party AI APIs, user information may be transmitted to such third parties. Users are advised that, due to the technical nature of AI Services, information held by third parties may not be immediately destroyed upon a user's request for destruction of personal information.

Age Restrictions on Use of AI Services

By selecting "Agree and Get Started" on the information pop-up displayed upon first use of the AI Services, the user is deemed to have confirmed that they are 19 years of age or older.

  • Users who falsely consent despite being under the age of 19 bear full legal responsibility for any consequences arising from such use.

Rights of Users and How to Exercise Them

You may at any time request access to, portability of, correction of, deletion of, suspension of processing of, or withdrawal of consent to the processing of your personal information (collectively, "exercise of rights"). Web members may request withdrawal (withdrawal of consent) through My Page or the customer service center.

  • For children under the age of 14, rights must be exercised directly by the legal guardian. Minors aged 14 and above may exercise their rights themselves or through a legal guardian.

  • Rights may be exercised in writing, by telephone, by email, by fax, or via the internet. The Company will take action without delay.

  • The right to request access to or suspension of processing of personal information may be restricted pursuant to Article 35(4) and Article 37(2) of the Personal Information Protection Act.

  • Where personal information is expressly designated as a subject of collection under other applicable laws, deletion of such information may not be requested.

  • The Company will verify that the person exercising rights is the data subject or a duly authorized representative.

Department for Receipt and Processing of Personal Information Rights Requests

  • Department: CX Team

  • Address: 4th Floor, 11-35, Siminuero 327beon-gil, Dongan-gu, Anyang-si, Gyeonggi-do, Republic of Korea (Gwanyang-dong)

  • Email: cs@vimosoft.com

  • Phone: 031-689-3635

Processing of Personal Information of Children Under the Age of 14

  • The Company restricts website membership registration and collection of personal information from children under the age of 14, who require the consent of a legal guardian. (The VLLO app service itself, which does not involve the collection of personal information, is available without restriction.)

  • The Company does not conduct separate identity verification at the time of membership registration. If the Company becomes aware that personal information has been collected from a child under the age of 14 due to a false statement of age, the child's personal information and membership information will be destroyed without delay, and any payments made will be refunded and other necessary measures will be taken.

Security Measures for Personal Information

  • The Company implements technical and administrative safeguards, including encrypted storage of passwords and security systems against hacking. Please note that perfect security on the internet cannot be guaranteed.

  • The Company does not use content data provided by users for the purpose of AI improvement, research, or training. Data transmitted to external third parties for AI Services is used solely for the purpose of generating AI outputs and is deleted from the Company's servers immediately upon completion of processing.

Personal Information Protection Officer and Contact Information

For all inquiries relating to personal information arising during your use of the Service, please contact us at the information below.

Personal Information Protection Officer: Gyeong-hyeon Lee (CEO) / Email: cs@vimosoft.com

Users may direct all inquiries, complaints, and requests for remedies relating to personal information protection arising in connection with the Company's services to the Personal Information Protection Officer and the personal information protection department.

Remedies for Infringement of Rights

Users who seek remedies for infringement of personal information may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Personal Information Infringement Reporting Center, or other relevant organizations. For reporting and consultation regarding personal information infringement, please contact the organizations below.

  • Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)

  • Personal Information Infringement Reporting Center: 118 (privacy.kisa.or.kr)

  • National Police Agency: 182 (ecrm.police.go.kr)

Changes to This Privacy Policy

  • This Privacy Policy may be amended in accordance with changes in applicable laws or the Service, and any changes will be announced through the Service's notice section prior to taking effect.

  • This Privacy Policy is effective as of June 4, 2026.

  • Previous versions of this Privacy Policy are available on the Company's website.

Additional Provisions for Users Residing in the European Union (EU) and European Economic Area (EEA)

This section applies exclusively to users residing in the European Union (EU), European Economic Area (EEA), and the United Kingdom (UK), and shall prevail over any conflicting provisions of this Privacy Policy set forth above.

1. Applicable Law​

This section is based on the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and the equivalent UK GDPR.

2. Legal Bases for Processing Personal Information

The Company processes your personal information on the following legal bases:

  • Performance of a contract (Article 6(1)(b)): Membership registration, provision of paid services, payment processing, refund processing

  • Legitimate interests (Article 6(1)(f)): Service quality improvement, statistical analysis, security and prevention of unauthorized use, collection of app performance data

  • Consent (Article 6(1)(a)): Provision of information for marketing and advertising purposes, processing of content when using AI Services, targeted advertising

  • Compliance with a legal obligation (Article 6(1)(c)): Retention of records required by applicable laws

3. Rights of Data Subjects

EU/EEA/UK users hold the following rights. To exercise any of these rights, please contact cs@vimosoft.com. The Company will respond within thirty (30) days of receiving the request.

  • Right of Access: The right to confirm and request a copy of personal information processed by the Company

  • Right to Rectification: The right to request correction of inaccurate or incomplete personal information

  • Right to Erasure (Right to be Forgotten): The right to request deletion of personal information under certain conditions

  • Right to Restriction of Processing: The right to request temporary suspension of the processing of personal information under certain conditions

  • Right to Data Portability: The right to receive personal information provided by the data subject in a structured format, or to request transfer to another controller

  • Right to Object: The right to object to the processing of personal information based on legitimate interests

  • Right not to be Subject to Automated Decision-Making: The right not to be subject to decisions based solely on automated processing, including profiling, that produce significant effects

  • Right to Withdraw Consent: The right to withdraw consent to processing based on consent at any time (withdrawal does not affect the lawfulness of processing carried out prior to withdrawal)

4. Cross-Border Data Transfers

The Company may transfer your personal information outside the EU/EEA as set forth in the Cross-Border Transfer Status table above. In such cases, the Company protects your personal information through appropriate safeguards, including Standard Contractual Clauses pursuant to Article 46 of the GDPR.

5. Right to Lodge a Complaint with a Supervisory Authority

EU/EEA/UK users who have concerns about the Company's processing of personal information have the right to lodge a complaint with the data protection supervisory authority in their country of residence.

6. Age Restrictions

For users residing in the EU/EEA, the processing of personal information of children under the age of 16 requires the consent of the child's parent or legal guardian.

bottom of page