BeyondCity Inc. (the "Company") has established and operates the following Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information and rights of users and to promptly handle related grievances.

1. Collection and Use of Personal Information

The collection of personal information is necessary for the use of the Nubint AI service. The following personal information is collected with user consent.

Purpose of Collection	Items Collected	Retention Period
Membership registration and user identification	Name, email, password	Until account deletion
Social (SNS) sign-up	Account information provided by SNS (name, email, profile picture, etc.)	Until account deletion
AI service provision	Paper search queries, AI editor input text, AI-generated results, uploaded files (PDF, etc.)	Until account deletion
Payment processing	Payment information transmitted to contracted PG company	Until account deletion or up to 5 years per applicable laws
Customer support	Name, email, phone number	Until account deletion or up to 3 years per applicable laws
Statistical analysis for service improvement	IP information, device and browser information, visited web pages, usage records	Until account deletion
Prevention of unauthorized use	Email	Up to 30 days after account deletion

The Company collects personal information through the following methods:

Direct input by users during service use
Transfer from linked services such as SNS sign-up
Automatic generation and collection of cookies, access logs, etc. during service use
Collection through usage statistics tools for service improvement and user response analysis

For children under the age of 14, information such as the legal guardian's name and contact information may be collected from the legal guardian.

Collected personal information is processed within the retention period consented to by the user or required by applicable laws, and is destroyed without delay using methods that prevent recovery or restoration once the purpose has been achieved and the retention period has elapsed.

2. Processing of Pseudonymized Information

The Company processes pseudonymized information with user consent for the purpose of improving AI model performance and service quality. Pseudonymized information refers to information that cannot identify a specific individual without the use or combination of additional information for restoration to its original state.

The Company does not use pseudonymized information for any purpose other than AI model performance and quality improvement. The use of pseudonymized information applies only while the user's consent is maintained.

Items of Pseudonymized Personal Information	Processing and Retention Period
AI-transformed information (input information and output information)	Up to 5 years from pseudonymization

The following measures are taken to ensure the safety of pseudonymized information:

Pseudonymized information and additional information are stored separately. If additional information is unnecessary, it is destroyed.
Access rights to pseudonymized information and additional information are separated, and only the minimum access rights necessary for work performance are granted.
Processing pseudonymized information for the purpose of identifying specific individuals is strictly prohibited.
If information that can identify a specific individual is generated during the processing of pseudonymized information, processing is immediately stopped and the information is retrieved and destroyed without delay.

3. Installation and Operation of Automatic Personal Information Collection Devices

The following information may be automatically generated/collected from users during service use:

Legal compliance: User access records (login) are retained for compliance with applicable laws.
Web usability analysis and improvement: Visit dates, service usage records, and Cookie IDs are collected and retained for up to 5 years from the date of collection, then immediately deleted.

The following analytics tools are used to collect and analyze user behavior:

Smartlook
Google Analytics

How to Reject Cookies

Users can reject or delete cookies through their web browser settings:

Chrome

Click ⋮ in the top-right corner → Settings → Privacy and Security → Cookies and other site data → Configure cookie blocking settings

Microsoft Edge

Click ⋯ in the top-right corner → Settings → Cookies and site permissions → Manage and delete cookies and site data → Configure cookie blocking settings

Safari

Preferences → Privacy → Manage Website Data → Configure cookie blocking settings

Firefox

Settings → Privacy & Security → Cookies and Site Data → Configure cookie blocking settings

Please note that rejecting cookies may limit access to some services.

4. Provision of Personal Information to Third Parties

The Company processes personal information only within the scope specified in Section 1, and provides personal information to third parties only with the user's separate prior consent or when required by applicable laws.

5. Outsourcing of Personal Information Processing

The Company outsources some personal information processing tasks for smooth operations, and supervises processors to ensure safe handling of personal information in accordance with applicable laws.

Processor	Outsourced Tasks
Google LLC	Membership registration/authentication (Firebase Auth), web usability analysis (Google Analytics)
Smartlook	User behavior analysis
Toss Payments	Payment processing
PortOne	Payment integration
PayPal	International payment processing

Any additions or changes to outsourced tasks or processors will be promptly disclosed through this Privacy Policy.

6. Cross-Border Transfer of Personal Information

The Company transfers personal information processing tasks overseas for service provision as follows:

Purpose	Items	Timing and Method	Retention Period	Company and Country
AI service processing	AI editor input text, paper search queries, generated results	Transmitted via encrypted network during service use	Until account deletion	OpenAI / United States
Membership/authentication, web usability analysis	Email, visit dates, service usage records, Cookie ID	Transmitted via encrypted network during service use	Until account deletion or up to 5 years from collection	Google / United States
User behavior analysis	Visit dates, service usage records, screen recordings	Transmitted via encrypted network during service use	Up to 5 years from collection	Smartlook / Czech Republic
International payment processing	Payment information	Transmitted via encrypted network during payment	Until account deletion or up to 5 years per applicable laws	PayPal / United States

7. Rights of Data Subjects and How to Exercise Them

Users may request access, correction, or deletion of personal information at any time, and the Company will take prompt action.

When a legal guardian or authorized representative exercises a user's rights (access, correction, suspension of processing, deletion), a power of attorney in accordance with Annexed Form No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.

The Company verifies whether the person making the request is a legitimate representative.

8. Privacy Officer

The Company has designated a Privacy Officer to oversee personal information processing and handle user complaints and remedies related to personal information processing.

Officer: Seunghyun Ha
Affiliation: BeyondCity Inc.
Email: contact@nubint.ai

9. Destruction Procedures and Methods

Collected personal information is securely deleted using methods that prevent recovery, following retention periods based on internal policies and applicable laws.

10. Policy Changes

This policy may be modified in accordance with changes in laws or service policies. Users will be notified of significant changes in an easily understandable manner prior to revision.

Política de privacidade