Help Center

Privacy Policy (Current)

Effective Date: September 25, 2025

Dropshot Stock2024-11-06

JIRO Co., Ltd. (hereinafter referred to as the “Company”) complies with the Credit Information Use and Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, the Protection of Communications Secrets Act, and other applicable laws and regulations, in order to protect the freedoms and rights of data subjects and to lawfully manage personal information.

Pursuant to Article 30 of the Personal Information Protection Act, the Company hereby establishes and discloses this Privacy Policy to provide data subjects with guidelines on the procedures and standards for the processing and protection of personal information, and to ensure that related grievances can be handled promptly and smoothly.

The Company collects and uses personal information only to the minimum extent necessary for the provision of services, in accordance with the Personal Information Protection Act.

  1. The Company processes the following personal information items without the consent of the data subject:

Legal Basis

Purpose of Processing

Items Processed

Retention Period

Personal Information Protection Act, Article 15(1)(2) (special provisions under law); Act on the Consumer Protection in Electronic Commerce, Article 6 (Preservation of Transaction Records)

Records related to contracts or withdrawal of subscription

Records related to contracts or withdrawal of subscription

Consumer identification information, contract/withdrawal records

5 years

Personal Information Protection Act, Article 15(1)(2) (special provisions under law); Act on the Consumer Protection in Electronic Commerce, Article 6 (Preservation of Transaction Records)

Records of payment and supply of goods, etc.

Records of payment and supply of goods, etc.

5 years

Personal Information Protection Act, Article 15(1)(2) (special provisions under law); Act on the Consumer Protection in Electronic Commerce, Article 6 (Preservation of Transaction Records)

Records of consumer complaints or dispute resolution

Consumer identification information, dispute resolution records

3 years

Personal Information Protection Act, Article 15(1)(4) (performance of contract)

Membership registration, identity verification and member management, handling civil complaints, delivery of notices, responding to inquiries, service improvement, service guidance

[Required] Name, email, country

Until membership withdrawal (provided, if retention is required by relevant laws, until the end of such period)

Personal Information Protection Act, Article 15(1)(4) (performance of contract)

External account login (Google, Apple, Kakao, Naver)

[Required] Name, email, browser language

Until membership withdrawal (provided, if retention is required by relevant laws, until the end of such period)

Personal Information Protection Act, Article 15(1)(4) (performance of contract)

Provision of creator sales services, settlement

[Optional] Bank account number, bank name, account holder name, business registration information

Until membership withdrawal (provided, if retention is required by relevant laws, until the end of such period)

(2) The Company processes the following personal information items with the consent of the data subject.

Purpose of Processing

Items Processed

Retention Period

Notifications of feature updates, promotions, and newsletters

[Optional] Email, mobile phone number, user ID

Until membership withdrawal (unless retention is required by applicable laws, in which case until the end of the statutory retention period)

The Company, as a general rule, does not process the personal information of children under the age of 14. However, if the consent of a legal representative is obtained, the Company may process the personal information of users under the age of 14.

  1. The Company processes users’ personal information only within the scope specified in the purposes of processing, and provides personal information to third parties only in cases falling under Article 17 and Article 18 of the Personal Information Protection Act, such as with the user’s consent or where special provisions under law apply. Except in such cases, the Company does not provide the personal information of data subjects to third parties.

  2. In accordance with the Guidelines on Processing and Protection of Personal Information in Emergency Situations jointly announced by relevant government ministries, the Company may provide personal information to relevant authorities without the data subject’s consent in cases of emergency, including disasters, infectious diseases, incidents or accidents posing imminent risk to life or body, or urgent risk of property loss. For details, please refer to this link.

  1. To provide services to users, the Company entrusts the processing of personal information and related tasks as described below. In cases where the entrusted tasks are further subcontracted, details of the subcontractor and the scope of the subcontracted tasks shall be disclosed through the subcontractor’s privacy policy.

Trustee

Entrusted Tasks

Amazon Web Services Inc.

System development and operation for membership management and service provision; bulk email delivery

Google LLC

Real-time chat and user authentication services

Stibee Co., Ltd.

Automated emails, newsletters, and event email delivery

Modusign Co., Ltd.

Electronic contract services

Korea PortOne Co., Ltd.

Payment processing and settlement management

Toss Payments Co., Ltd.

Payment system provision

  1. When entering into an outsourcing agreement, the Company specifies in the contract or other written documents matters regarding prohibition of personal information processing for purposes other than the performance of the entrusted tasks, implementation of technical and administrative safeguards, restrictions on re-entrustment, management and supervision of the trustee, liability for damages, and other responsibilities in accordance with Article 26 of the Personal Information Protection Act, and supervises the trustee to ensure safe processing of personal information.

  2. In accordance with Article 26(6) of the Personal Information Protection Act, if the trustee re-entrusts the Company’s personal information processing tasks, the trustee must obtain the Company’s consent.

  3. If the details of the entrusted tasks or the trustee are changed, the Company shall disclose such changes without delay through this Privacy Policy.

  4. In cases where personal information processing tasks are outsourced overseas, such matters are guided under 5. Collection and Transfer of Personal Information Abroad (Outsourcing of Processing Tasks).

The Company transfers personal information collected from service users overseas as described below, and provides the following notice in accordance with Article 28-8(2) of the Personal Information Protection Act.

If you refuse the overseas transfer of personal information, you will be unable to use the Services. If you do not wish your personal information to be transferred overseas, you may withdraw your membership via the Service website ([Profile > Account]) or request membership withdrawal by contacting the Customer Center (contact@stock.dropshot.io).

Legal Basis

Recipient (Country, Contact)

Timing and Method of Transfer

Items Transferred

Purpose of Use

Retention and Use Period

Personal Information Protection Act, Article 28-8(1)(3) (Entrustment and Retention)

Amazon Web Services Inc.

Automatic transfer upon membership registration

Name, email, mobile phone number

System development and operation for membership management and service provision

Until membership withdrawal

Personal Information Protection Act, Article 28-8(1)(3) (Entrustment and Retention)

Google LLC

Automatic transfer upon membership registration

Name, email

Real-time chat and user authentication

Until membership withdrawal

  1. When personal information becomes unnecessary, such as upon expiration of the retention period or achievement of the processing purpose, the Company shall promptly destroy the relevant personal information.

  2. If the retention period consented to by the data subject has expired or the processing purpose has been achieved, but retention is still required under other applicable laws, the Company shall store such personal information separately by transferring it to a different database (DB) or by changing the storage location.

    • Items of personal information retained and the legal grounds for such retention under other laws can be found in 1. Purpose of Processing, Items Processed, and Retention and Use Period of Personal Information.

Procedures and Methods of Destruction

  • Procedure: The Company identifies personal information subject to destruction and, with the approval of the Company’s Personal Information Protection Officer, destroys such information.

  • Method: Personal information recorded and stored in electronic file format shall be destroyed using technical or physical methods that render the records irrecoverable. Personal information recorded and stored in paper documents shall be destroyed by shredding or incineration.

  1. Data subjects may, at any time, exercise their rights (“Rights Exercise”), including requests to access, transfer, correct, delete, suspend processing of, or withdraw consent regarding their personal information.

  2. In accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, Rights Exercise may be conducted by directly accessing or correcting information through the methods described below, or by submitting a request in writing (3F, 302–303 Hoesung Building, 168 Yeoksam-ro, Gangnam-gu, Seoul), or via email (contact@stock.dropshot.io). The Company shall take prompt action in response.

    • Data subjects and legal representatives may log in to the Service and directly view, correct, delete, suspend processing of, or withdraw consent to personal information under “Contact Us” in the website, or request access through the same menu.

    • Data subjects may, at any time, request rejection of automated decision-making or explanations thereof through “Contact Us” on the website.

  3. Rights Exercise may also be carried out through a legal representative or a delegate authorized by the data subject. In such cases, a power of attorney in the form prescribed in Annex 11 of the Guidelines for the Processing of Personal Information must be submitted.

  4. The right of a data subject to request access to or suspension of processing of personal information may be restricted pursuant to Articles 35(4) and 37(2) of the Personal Information Protection Act.

  5. If other laws specify that certain personal information must be collected, requests for deletion of such information cannot be accepted.

  6. The Company shall verify that the person exercising the rights is either the data subject or a duly authorized representative.

  7. Data subjects may exercise their rights by contacting the following department. The Company shall respond within 10 days of receipt of such a request (or without delay in the case of a request for transfer).

  • Department in charge of requests for access to personal information

    • Department: Dev Team

    • Address: 3F, 168 Yeoksam-ro, Gangnam-gu, Seoul

    • Contact: contact@stock.dropshot.io

The Company takes the following measures to ensure the security of personal information.

  1. Administrative measures: establishment and implementation of an internal management plan, regular employee training, and operation of a dedicated organization.

  2. Technical measures: management of access rights to personal information processing systems, installation of access control systems and other related protective measures, isolation/blocking of network access where appropriate, encryption of personal information, retention and inspection of access logs, installation and updating of security programs, and vulnerability assessment and remediation of personal information processing systems.

  3. Physical measures: access control to server rooms and document storage areas, storage of paper documents and removable media in secured locations with locking devices, disaster and emergency protection measures, and control over the removal and return of removable storage media.

  1. In the course of service use, the Company processes behavioral information using cookies to identify individuals in order to provide optimized services and benefits to data subjects. The Company also processes behavioral information collected through automatic personal information collection devices installed in third-party websites and applications.

  2. A cookie is a small piece of information sent from the server (http) used for website operation to the data subject’s browser.

  3. To provide online customized advertisements and related services, the Company collects and uses behavioral information through automatic personal information collection devices installed in third-party websites and applications.

  4. The Company collects only the minimum behavioral information necessary to provide optimized and customized services and benefits, and does not collect sensitive behavioral information—such as information regarding ideology, beliefs, education, medical history, etc.—that may infringe upon an individual’s rights, interests, or privacy.

  5. The Company collects behavioral information as follows.

Grounds

Items of Behavioral Information Collected

Method of Collection

Purpose of Collection

Retention & Usage Period, and Method of Disposal

Article 15(1)(1) of the Personal Information Protection Act

Login session ID, account identification token, session identifier, browser and device identifiers, visit path, access time, behavioral data, customer service session ID, conversation identifier

Automatically collected from personal information collection devices installed on third-party websites and applications

Service improvement (e.g., maintaining login status, remembering customer environment), functionality testing

Destroyed one month after collection

  1. The Company collects only the minimum behavioral information necessary to calculate service access and usage statistics, and does not collect sensitive behavioral information—such as ideology, beliefs, education, or medical history—that may infringe upon the rights, interests, or privacy of individuals.

  2. Data subjects may configure their browser options to allow or block cookies.

▶ Allow/Block Cookies in Web Browsers

  • Chrome: Click the “⋮” icon at the top right of the browser > New Incognito Window (Shortcut: Ctrl+Shift+N)

  • Edge: Click the “…” icon at the top right of the browser > New InPrivate Window (Shortcut: Ctrl+Shift+N)

▶ Allow/Block Cookies in Mobile Browsers

  • Chrome: Tap the “⋮” icon at the top right of the mobile browser > New Incognito Tab

  • Safari: Device Settings > Safari > Advanced > Block All Cookies

  • Samsung Internet: Tap the “Tabs” icon at the bottom of the mobile browser > Turn on Secret Mode > Start

※ The menu names and steps may vary depending on the browser version.

  1. For inquiries regarding behavioral information, including questions, exercising the right to opt-out, or reporting damages, please contact:

  • Personal Information Protection Department

    • Department: Dev Team

    • Contact: karam@jirocorp.io

The Company makes every effort to prevent users’ personal information from being damaged or compromised. The Company has designated a Personal Information Protection Officer who is responsible for overseeing the processing of personal information, as well as a department to handle complaints related to the Personal Information Protection Act and requests to access personal information, as follows.

However, despite the Company’s implementation of legally required technical, physical, and administrative safeguards for the protection of personal information, the Company shall not be liable for damages caused by the user’s own negligence or by incidents occurring in areas beyond the Company’s control.

  • Personal Information Protection Officer

    • Name: Karam Yu

    • Position: CTO

    • Contact: karam@jirocorp.io

  • Department in charge of personal information protection

    • Department: Dev Team

    • Contact: karam@jirocorp.io

  1. If you need to report or seek consultation regarding personal information infringement, please contact the following institutions:

  1. In accordance with Articles 35, 36, and 37 of the Personal Information Protection Act, a person whose rights or interests have been infringed due to a disposition or omission by the head of a public institution may file an administrative appeal under the Administrative Appeals Act.

This Privacy Policy shall apply from the effective date. If the Company makes changes to this Privacy Policy, the Company will notify users of the timing of the changes and the revised contents through a pop-up notice on the website (or via individual notifications).