Privacy Policy
Privacy Policy

Thesoby Inc. (“Thesoby,” “we,” “us,” or “our”) complies with applicable laws and regulations, including the Personal Information Protection Act of Korea, and processes users’ personal information lawfully and securely.

In accordance with Article 30 of the Personal Information Protection Act of Korea, we establish and disclose this Privacy Policy to inform users of the procedures and standards for processing and protecting personal information and to handle related complaints promptly and smoothly.

This Privacy Policy applies to ZILM and related services operated by Thesoby.

Effective Date: December 1, 2025

01. Purposes of Processing Personal Information

ZILM processes personal information for the following purposes. Personal information being processed will not be used for purposes other than those stated below. If the purpose of use changes, we will take necessary measures, such as obtaining separate consent, in accordance with applicable laws.

1) Membership Registration and Management

We process personal information to confirm users’ intent to sign up or withdraw, verify age, verify the identity of users and legal representatives, confirm consent from legal representatives, identify and authenticate users for membership-based services, prevent duplicate registration, maintain and manage membership status, provide notices and communications, resolve disputes, and handle complaints.

2) Provision of Goods or Services

We process personal information to deliver goods, provide services, provide event information and participation opportunities, send contracts and invoices, provide content based on users’ interests and preferences, conduct identity and age verification, and process payments and settlement.

3) Service Improvement and Development of New Services

We process personal information to enhance service features and improve user experience through service usage records, demographic analysis, and analysis based on users’ interests. Artificial intelligence (AI) technologies may be applied in this process to improve service quality and develop new services through content creation, provision, and recommendation.

4) Establishment and Management of a Safe Service Environment

We process personal information to prevent fraudulent use of the service, block exposure to inappropriate content, and restrict users who violate applicable laws or the ZILM Terms of Service.

02. Personal Information We Process

ZILM collects and uses personal information only to the minimum extent necessary to provide the service.

1) Personal Information Processed Without Consent

ZILM processes the following personal information without the data subject’s consent where necessary for the performance of a contract under Article 15(1)4 of the Personal Information Protection Act of Korea.

A. Order and Payment Processing

- Items collected and used: payment ID, order history, payment information

2) Personal Information Processed With Consent

ZILM processes the following personal information with the consent of users under Article 15(1)1 and Article 22(1)7 of the Personal Information Protection Act of Korea.

Users may register a profile photo or complete additional identity verification through their account information. Additional personal information may be collected when users use individual services or features, such as shopping, content monetization, or user-to-user transactions. In such cases, we will provide clear notice of the items collected, purposes of collection and use, and retention period, and obtain separate consent where required by applicable laws.

A. Membership Registration and Management

- Mobile phone number, nickname, user identifier, name, date of birth, gender, mobile carrier, encrypted Connecting Information (CI), encrypted Duplication Information (DI), nationality information, identity verification history, profile photo, passport-related information for optional identity verification, and ID-related information for optional identity verification

B. Customer Support

- Inquiry history and, if necessary, mobile phone number

C. User-to-User Transactions

- Name, mobile phone number, date of birth, CI, DI, passport or ID-related information

D. Commerce Service

- Delivery information such as name, address, and contact information, and building entrance password where applicable

E. Brokerage Service

- Delivery information such as name, address, and contact information, and building entrance password where applicable

F. Chat Service

- Chat content

G. Events and Surveys

- Prize delivery address, contact information, email address, and survey participation information

3) Information Automatically Generated and Collected During Service Use

During service use, the following information may be generated and collected:

- Service usage records, including search history, transaction history, visit history, content creation, viewing, and recommendation history

- IP address

- Device information, including operating system information, interface, and language settings

- Advertising identifier

03. Processing and Retention Period of Personal Information

ZILM processes and retains personal information within the retention and use period prescribed by applicable laws or the period consented to by users at the time of collection.

1) Membership Registration and Management

Retention period: until 6 months after membership withdrawal.

However, personal information may be retained until the relevant matter is resolved in the following cases:

A. If an investigation or inquiry regarding a violation of applicable laws is ongoing, until the investigation or inquiry is completed.

B. If it is necessary to identify the same person and prevent fraudulent use due to service restrictions under the ZILM Terms of Service:

- Mobile phone number of users with fraudulent use records, fraudulent use records, and device information: until the end of the restriction period, up to 5 years

2) Provision of Goods or Services

Retention period: until the provision of goods or services, payment and settlement, and customer support related to the service are completed.

However, personal information may be retained until the relevant matter is resolved in the following cases:

A. If dispute resolution is required for user-to-user transactions:

- Transaction records, including sales posts and chat content: 5 years

B. If it is necessary to identify the same person and prevent fraudulent use due to service restrictions under the ZILM Terms of Service:

- Fraudulent use records, device information, Duplication Information (DI), and transaction account information related to fraudulent use records: until the end of the restriction period, up to 5 years

C. Records under the Act on Consumer Protection in Electronic Commerce, Etc.:

- Records on labeling and advertising: 6 months

- Records on consumer complaints or dispute resolution: 3 years

- Records on contracts, withdrawal of offers, payment, and supply of goods: 5 years

D. Records under the Protection of Communications Secrets Act:

- Computer communications and internet log records, and data on tracing access points: 3 months

E. Records under the Framework Act on National Taxes:

- Books and supporting documents concerning all transactions prescribed by tax laws: 5 years

F. Records under the Electronic Financial Transactions Act:

- Records on electronic financial transactions: 5 years

04. Personal Information of Children Under 14

ZILM does not, in principle, collect or use personal information of children under 14. However, because there is no separate age verification process at the membership registration stage, if an account is later suspected to belong to a child under 14, we may request identity verification. If identity verification is not completed, the account may be suspended.

For users in jurisdictions where a different minimum age applies, we will take measures in accordance with applicable laws.

05. Destruction of Personal Information

ZILM destroys personal information without delay when the retention period expires or the purpose of processing is achieved. However, if internal policies or applicable laws require retention for a certain period, the personal information will be retained for that period and then destroyed.

1) Destruction Procedure

Personal information that reaches the destruction standard is deleted through an automated procedure, and the process is notified to the administrator through the system. Non-electronic materials, such as paper documents, are securely destroyed manually, and all processing procedures are recorded and managed.

2) Destruction Method

Personal information printed on paper is destroyed by shredding or incineration. Personal information stored in electronic file format is deleted using technical methods that make recovery impossible.

06. Provision of Personal Information to Third Parties

ZILM processes users’ personal information only within the scope stated in “01. Purposes of Processing Personal Information.” We provide personal information to third parties only when users have consented or when permitted by applicable laws, including Articles 17 and 18 of the Personal Information Protection Act of Korea. Otherwise, we do not provide personal information to third parties.

1) Third-Party Provision With User Consent

Recipient: ZILM Commerce Sellers

Purpose: Smooth delivery and transfer of products sold by ZILM Commerce sellers, confirmation of purchase history, response to customer inquiries, and service support

Items Provided: Delivery information such as name, address, and contact information, and building entrance password where applicable

Retention and Use Period: Until purchase confirmation

Recipient: Advertisers

Purpose: Processing applications, providing result notifications, and providing related services

Items Provided: Name and contact information

Retention and Use Period: 90 days after application receipt

2) Provision in Emergency Situations

In cases prescribed by applicable laws or in accordance with the Korean government’s “Guidelines on the Processing and Protection of Personal Information in Emergency Situations,” we may provide personal information to relevant authorities without the user’s consent in emergency situations, such as disasters, infectious diseases, urgent risks to life or body, or property loss.

Details of the Guidelines on the Processing and Protection of Personal Information in Emergency Situations can be found here:

[Insert link]

07. Criteria for Additional Use and Provision

ZILM processes personal information only within the scope consented to by users or permitted by applicable laws. We do not additionally use or provide personal information without consent. If additional processing becomes necessary, Thesoby will provide users with detailed prior notice.

08. Outsourcing of Personal Information Processing

ZILM outsources certain personal information processing tasks to the extent necessary to provide the service smoothly. Details of outsourcing are available through the link below.

Domestic Personal Information Processing Outsourcing Status:

[Insert domestic outsourcing status link]

When outsourcing personal information processing, ZILM manages and supervises service providers to ensure compliance with applicable laws. We include personal information protection clauses in contracts and continuously monitor the status of personal information processing through regular audits and evaluations. We also support service providers in implementing necessary technical, administrative, and physical safeguards to ensure users’ personal information is handled securely.

Overseas outsourcing of personal information processing is described in “09. International Transfer of Personal Information.”

09. International Transfer of Personal Information

ZILM outsources personal information collected from users overseas as follows to provide the service. Since essential service operations, including data storage and infrastructure operation, may be performed through international transfers, users who do not consent to international transfers may not be able to use the service.

If you do not wish your personal information to be transferred overseas, you may withdraw from the service through the app by going to My Page > Settings > Delete Account, or contact Customer Support.

Overseas Personal Information Processing Outsourcing Status:

[Insert international transfer / overseas outsourcing status link]

10. Measures to Ensure Security of Personal Information

In accordance with Article 29 of the Personal Information Protection Act of Korea, ZILM establishes and operates technical, administrative, and physical safeguards to ensure the security of personal information.

1) Management of Personnel Handling Personal Information

- We minimize the number of employees who handle personal information.

- We provide regular training and campaigns to all employees regarding personal information protection obligations and security.

2) Restriction of Access to Personal Information

- We establish and operate procedures for granting, changing, and deleting access rights to personal information processing systems.

- We use intrusion detection systems to control unauthorized external access.

3) Management of Access Records

- We retain and manage access records of personal information processing systems, including web logs and summary information, for at least 2 years.

- We apply security features to prevent access records from being altered, stolen, or lost.

4) Encryption of Personal Information

- Important information that must be encrypted under applicable laws is stored and managed in encrypted form.

- Important data is protected by separate security features, including encryption during storage and transmission.

5) Protection Against Hacking and Other Security Incidents

- We install and regularly update and inspect security programs to prevent leakage or damage of personal information caused by hacking or malicious code.

- We install systems in areas where external access is controlled and monitor and block access through technical and physical measures.

- We control and monitor network traffic and detect unauthorized attempts to alter information.

11. Cookies and Similar Technologies

ZILM uses cookies, which store and retrieve usage information, to provide customized services. Users may block cookies by following the instructions below.

1) Cookies are small pieces of information sent by a web server to a user’s browser and stored on the user’s PC or mobile device.

2) Users have the right to choose whether to allow cookies. Users can allow or block cookies through web browser settings. However, if cookies are blocked, some service features may not function properly.

3) Behavioral Information

During service use, ZILM collects the following behavioral information without identifying individuals in order to provide optimized customized services, benefits, and personalized online advertising.

Legal Basis: Article 15(1)1 of the Personal Information Protection Act of Korea, consent of the data subject

Items Collected:

- Search history

- Transaction history

- Visit history

- Service usage records, including content creation, viewing, and recommendation history

- IP address

- Device information, including operating system information, interface, and language settings

- Advertising identifier

Collection Method:

- Automatically collected when using the web or mobile app

Purpose:

- Providing content and customized services, including advertising, based on interests and preferences

Retention and Processing Method:

- Until membership withdrawal

ZILM collects only the minimum behavioral information necessary for personalized online advertising and does not collect sensitive behavioral information that may infringe users’ rights, interests, or privacy, such as ideology, beliefs, family or kinship relationships, educational or medical history, or social activity history.

For questions, exercise of opt-out rights, or damage reports related to behavioral information, please contact us through the following channels:

Privacy Customer Support Contact:

- Email: support@zilm.io

- Customer Support: My Page > Customer Support

12. Rights and Obligations of Users and Legal Representatives

ZILM respects users’ rights. Users may exercise rights related to personal information, including the right to access, correct, delete, suspend processing, withdraw consent, object to automated decisions, or request explanations regarding automated decisions.

1) Users may exercise their rights by written request, email, fax, or other methods under Article 41(1) of the Enforcement Decree of the Personal Information Protection Act of Korea, and ZILM will respond without delay.

Users may directly view or change personal information through service settings or withdraw consent by deleting their account through the following paths:

- View and change personal information: My Page > Settings

- Withdraw consent: My Page > Settings > Delete Account

Users may also contact Customer Support, and we will respond without delay.

2) Rights may also be exercised through a legal representative or authorized agent. In this case, a power of attorney in the form prescribed by applicable laws must be submitted.

3) The right to request access to or suspension of processing of personal information may be restricted under applicable laws. If other laws require certain personal information to be collected or retained, we may not be able to delete such information.

4) Users may object to or request an explanation of automated decisions. However, Thesoby does not currently make automated decisions that produce legal effects or similarly significant effects on users. If automated decisions are made in the future, we will disclose the relevant standards, procedures, processing methods, and methods for objecting to or requesting explanations.

5) When users request access, correction, deletion, or suspension of processing, Thesoby verifies whether the requester is the user or a lawful representative.

Privacy Customer Support Contact:

- Email: support@zilm.io

- Customer Support: My Page > Customer Support

13. Privacy Officer and Responsible Department

For inquiries, complaints, advice, or other matters related to personal information protection arising from use of the service, please contact the Privacy Officer below. Thesoby will listen to users and respond promptly and sufficiently.

Name: Seungbeom Jeon

Position: Privacy Officer

Contact: support@zilm.io

14. Remedies for Infringement of Users’ Rights

Users may request consultation, report infringement, or seek remedies for personal information infringement through the following institutions.

1) Personal Information Infringement Report Center, operated by the Korea Internet & Security Agency

- Responsibilities: Reporting personal information infringement and consultation

- Website: privacy.kisa.or.kr

- Phone: 118

- Address: 9 Jinheung-gil, Naju-si, Jeollanam-do, Korea, Korea Internet & Security Agency

2) Personal Information Dispute Mediation Committee

- Responsibilities: Personal information dispute mediation and collective dispute mediation

- Website: www.kopico.go.kr

- Phone: 1833-6972

- Address: 12F, Government Seoul Complex, 209 Sejong-daero, Jongno-gu, Seoul, Korea

3) Cyber Investigation Division, Supreme Prosecutors’ Office

- Phone: 1301

- Email: privacy@spo.go.kr

- Website: www.spo.go.kr

4) Cyber Investigation Bureau, Korean National Police Agency

- Phone: 182

- Website: Cybercrime Reporting System (ECRM)

ZILM makes its best efforts to protect users’ right to self-determination over personal information and to provide consultation and remedies for damages caused by personal information infringement. If you need to report or consult on a matter, please contact the privacy customer support department.

15. Effective Date and Changes to This Privacy Policy

ZILM may amend this Privacy Policy to reflect changes in government policies, applicable laws, or services. In such cases, we will notify users of the changes through notices at least 7 days before the changes take effect.

This Privacy Policy is effective as of December 1, 2025.