Last updated: January 1, 2026
AMUSECARE Inc. (hereinafter "the Company"), the operator of the BEHAVE service (https://behave.im, hereinafter "the Service"), establishes and publicly discloses the following Privacy Policy to protect users' personal information and handle related complaints promptly and effectively in accordance with the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, and other applicable laws. The Service is a cloud-based software (SaaS) for users, and the Company collects and uses only the minimum personal information necessary for service provision.
1. Personal Information Items Collected The Company collects the following personal information for service provision: • Registration (Required): ID, password (stored encrypted/hashed), email, contact number, company name (or trade name), business registration number • Registration (Optional): Business address, representative name, industry/business type, profile image • Service Use: Service usage records, access logs, cookies, IP address, device information, browser type • Payment: Payment status, payment identifier, billing information (payment method type, last 4 digits, and other minimal information). Sensitive payment information such as card numbers is processed directly by the payment processor (Merchant of Record/PG) and is not stored by the Company. • Customer Support: Inquiry details, consultation records 2. Methods of Personal Information Collection • Direct input by users during website registration and service use • Automatically generated and collected during service use • Collected through consultations via customer support (support@behave.im) or in-service inquiries
The Company uses collected personal information for the following purposes: 1. Service Provision: Cloud SaaS features including CRM, consultation management, appointment management, message sending, payment management, landing page creation, AI-based analysis and summarization 2. Member Management: Identity verification, personal identification, prevention of unauthorized use by bad actors, complaint handling and other civil affairs processing 3. Security and Fraud Prevention: Unauthorized access detection, anomalous activity monitoring, account protection 4. Marketing and Advertising: New service development and customized services (only with separate consent) 5. Service Improvement: Usage frequency analysis, statistical analysis of service use, incident response and quality improvement 6. Legal Compliance: Fulfillment of obligations under applicable laws for accounting, tax, dispute resolution, etc.
The Company destroys personal information without delay after the purposes of collection and use have been achieved. However, when preservation is required by applicable laws, information is retained as follows: • Records of contracts or subscription withdrawal: 5 years (E-Commerce Act) • Records of payment and supply of goods: 5 years (E-Commerce Act) • Records of consumer complaints or dispute handling: 3 years (E-Commerce Act) • Records of advertising and promotion: 6 months (E-Commerce Act) • Service visit records: 3 months (Protection of Communications Secrets Act) Upon account withdrawal, the user's personal information is destroyed without delay except for legally mandated retention periods. Data uploaded by users to the Service (Customer Data, Content, etc.) is retained for 30 days after contract termination or withdrawal and then destroyed. Users are responsible for backing up their data before withdrawal.
The Company does not provide users' personal information to external parties as a matter of principle. However, exceptions apply in the following cases: • When the user has given prior consent • When required by law or requested by investigative agencies through procedures and methods prescribed by law When integration with Third-Party Services such as payment processing, message sending, or cloud infrastructure is required for service operations, this constitutes "outsourcing of personal information processing" and is separately addressed in Article 5.
The Company outsources personal information processing as follows for smooth service provision: • AWS (Amazon Web Services) - Outsourced Tasks: Cloud server operation, data storage and backup - Retention Period: Until termination of the outsourcing agreement - Server Location: Overseas (United States, etc.) — may constitute an overseas transfer • Payment Processor (Merchant of Record / PG) - Outsourced Tasks: Payment collection, receipt issuance, refund processing - Retention Period: Legally mandated retention period for payment records - Note: Sensitive payment information such as card numbers is processed directly by the payment processor and is not stored by the Company • Message Sending Agency - Outsourced Tasks: SMS/MMS/notification message sending - Retention Period: Legally mandated retention period after sending completion • AI Service Provider (e.g., OpenAI, etc.) - Outsourced Tasks: AI-based text summarization and analysis features - Retention Period: Deleted immediately after processing or after short-term retention The Company supervises to ensure that trustees safely process personal information in accordance with the Personal Information Protection Act. Changes to trustees will be announced through this policy.
Users (including legal representatives) may exercise the following rights regarding personal information protection at any time: 1. Request to access personal information 2. Request to correct or delete personal information 3. Request to suspend processing of personal information 4. Withdrawal of consent The above rights may be exercised through the "Account Settings" menu within the Service or through the following contacts: • Email: privacy@behave.im • Customer Support: support@behave.im The Company processes requests to exercise user rights without delay within the legally prescribed period from the date of receipt, and notifies the results via email or other means.
The Company destroys personal information without delay when it is no longer needed, such as when the retention period has expired or the processing purposes have been achieved. Destruction Procedures and Methods: • Electronic files: Securely deleted to prevent recovery and reproduction • Paper documents: Shredded or incinerated • Customer Data uploaded by users: Retained for 30 days after contract termination and then destroyed using non-recoverable methods
The Company takes the following measures to ensure the security of personal information: 1. Administrative Measures: Establishment and implementation of internal management plans, regular employee training, minimization of access authority and separation of privileges 2. Technical Measures: Access authority management, access control system installation, password hashing, encryption of data in transit (TLS), encryption of data at rest, installation and updating of security programs, log monitoring 3. Physical Measures: Access control to server rooms, document storage facilities, and similar areas
The Company uses cookies for service operation and improvement of user experience. What are cookies? Cookies are small text files that websites send to a user's computer browser. Types of Cookies: • Essential Cookies: Cookies necessary for service use (login maintenance, session management, etc.) • Analytics Cookies: Cookies for service usage statistics and quality improvement (e.g., using analytics tools such as Google Analytics) • Marketing Cookies: Cookies for providing personalized advertisements and promotions (with separate consent) How to Refuse Cookies Users can refuse or delete cookies through browser settings. However, refusing essential cookies may limit access to certain services.
The Company designates a Personal Information Protection Officer to oversee personal information processing and handle data subjects' complaints and remedies as follows:
Personal Information Protection Officer
• Department: AMUSECARE Privacy Protection Team • Email: privacy@behave.im • Customer Support: support@behave.im For personal information inquiries, access/correction/deletion requests, and complaint submissions, please contact us at the email above and we will process them without delay.
Users may apply for dispute resolution or consultation with the following organizations for relief from personal information infringement: • Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr) • Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr) • Supreme Prosecutors' Office: 1301 (www.spo.go.kr) • National Police Agency: 182 (ecrm.cyber.go.kr)
This Privacy Policy may be amended in accordance with changes in laws, policies, or internal company guidelines. Changes shall be announced through service notices or email at least 7 days before the effective date. For changes unfavorable to users, the announcement shall be made at least 30 days in advance.
1. Users may enter, store, and manage personal information of third parties such as their customers and business partners (hereinafter "Uploaded Data") through the Service. 2. Users are responsible for obtaining lawful consent for collection and processing authority for the personal information of third parties contained in Uploaded Data in accordance with applicable laws. 3. The Company processes Uploaded Data only within the scope of service provision (storage, display, transmission, backup, etc.) and does not use it for any other purpose or provide it to third parties. 4. If Uploaded Data may contain sensitive information (health information, etc.), users must comply with additional protection measures and consent obligations for such information. 5. The Company applies technical and administrative safeguards, including access authority restrictions, encryption, and log management, for the secure processing of Uploaded Data.
1. Payment for the Service's paid features is processed through the Company or a Merchant of Record designated by the Company. 2. The Company does not directly collect, store, or process sensitive payment information such as card numbers, CVV, or account passwords. Such information is processed directly by the payment processor in accordance with security standards such as PCI-DSS. 3. Payment-related information retained by the Company is limited to minimal information such as payment status, transaction identifiers, payment method type, and the last 4 digits of the card. 4. Payment inquiries and refund requests may be submitted to support@behave.im.
This Privacy Policy is effective from January 1, 2026.
