Privacy Policy

Last Updated: January 1, 2025

GlucoUs (hereinafter referred to as the "Company") values your personal information and does its best to protect it in accordance with the "Personal Information Protection Act" and related laws. This Privacy Policy explains the types of personal information collected, the purposes for which it is processed, and the retention and use periods when you use the services provided by the Company.

1. Personal Information Collected and Methods of Collection

1.1 Items Collected

The Company collects the following personal information to provide its services:

• Required Items: Email address, password, nickname
• Optional Items: Date of birth, gender, height, weight
• Health Information: Blood glucose levels, meal logs, carbohydrate intake, insulin dosage, etc.
• Automatically Collected Items: IP address, device information, service usage records, access logs, etc.

1.2 Methods of Collection

• Directly entered by the user during service registration and use
• Automatically generated and collected during the use of the service
• Collected during consultations via customer support

2. Purpose of Processing Personal Information

The Company processes the collected personal information for the following purposes:

1. Service Provision: Providing services such as blood glucose management, meal size logging, glucose prediction, and diet recommendations.
2. Service Improvement: Enhancing service quality and developing new services through usage pattern analysis.
3. Customer Support: Responding to inquiries, handling complaints, and delivering notices.
4. Security and Safety: Preventing unauthorized use and ensuring service stability.
5. Fulfillment of Legal Obligations: Complying with obligations under relevant laws and regulations.

3. Retention and Use Period of Personal Information

The Company processes and retains personal information within the retention and use period required by law or the period agreed upon when collecting the personal information from the data subject.

• Member Information: Until account withdrawal (However, if preservation is required by relevant laws, it will be kept for that specified period).
• Health Information: Retained during the service usage period (Deleted upon account withdrawal).
• Service Usage Records: Retained for up to 5 years in accordance with relevant laws.

4. Provision of Personal Information to Third Parties

As a rule, the Company does not provide user personal information to third parties. However, exceptions are made in the following cases:

• When the user has given prior consent.
• When required by the provisions of laws and regulations, or when requested by investigative agencies for investigative purposes in accordance with the procedures and methods prescribed by law.
• When necessary for fee settlement related to the provision of services.

5. Outsourcing of Personal Information Processing

To improve services, the Company may outsource personal information processing tasks to external professional companies. In such cases, the Company ensures through written contracts that the outsourced companies process personal information safely, complying with the "Personal Information Protection Act", prohibiting the processing of personal information for purposes other than the entrusted tasks, establishing technical and managerial safeguards, restricting sub-outsourcing, and clarifying liability for damages.

6. Rights and Obligations of Data Subjects and Methods of Exercise

Users may exercise the following rights:

• Request to view personal information.
• Request to correct or delete personal information.
• Request to suspend the processing of personal information.
• Withdraw consent for the collection, use, and provision of personal information.

You can exercise these rights by contacting the Company via written notice, email, or fax, and the Company will take action without delay.

7. Destruction of Personal Information

The Company destroys the applicable personal information without delay when it becomes unnecessary, such as when the retention period expires or the purpose of processing has been achieved.

7.1 Destruction Procedure

Information entered by the user is transferred to a separate DB (or separate file for paper records) after the purpose is achieved, stored for a certain period according to internal policies and other relevant laws, and then destroyed or immediately destroyed.

7.2 Destruction Method

• Electronic files: Deleted using technical methods that cannot reproduce the records.
• Paper documents, printed materials, etc.: Destroyed by shredding or incineration.

8. Chief Privacy Officer

The Company is responsible for overseeing personal information processing tasks and has designated the following Chief Privacy Officer (CPO) to handle data subject complaints and damage relief related to personal information processing.

9. Measures to Ensure the Safety of Personal Information

The Company takes the following measures to ensure the safety of personal information:

• Managerial measures: Establishment and implementation of an internal management plan, regular employee training, etc.
• Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs.
• Physical measures: Access control to computer rooms, data storage rooms, etc.

10. Changes to the Privacy Policy

This Privacy Policy is effective from the enforcement date. Any additions, deletions, or corrections to the content according to laws and policies will be notified through announcements at least 7 days before the implementation of the changes.