Privacy Policy

Effective Date: 1 October 2025

CUBIG CORP. (“CUBIG”, “the Company”) protects personal information processed through its on-premises product LLM Capsule and related web, download, and support channels (“the Service”).
We comply with the Personal Information Protection Act and all other relevant laws.
This policy explains how CUBIG collects, uses, and protects personal information, and how users (“data subjects”) may exercise their rights.

1. Purpose of Processing Personal Information

CUBIG processes personal information only for the purposes below.
If these purposes change, we will obtain additional consent in accordance with the law.

Category	Purpose
Membership registration and account management	Confirm registration intent, verify identity, manage roles and permissions, and maintain account security (including notifications of unusual activity).
Service provision and maintenance	Issue and verify licences, provide technical support, send update and patch notifications, and communicate outages or security alerts.
Enquiries and complaint handling	Respond to customer enquiries, provide notifications or announcements, and retain records for dispute resolution.
Payment and settlement (optional)	Process maintenance fees, billing, and tax invoices, primarily for B2B clients.
Security and access logs (minimum required)	Record administrator access logs, detect abnormal access, and protect accounts.

2. Items of Personal Information Processed

CUBIG destroys data without delay once the processing purpose is achieved.
If retention is required by law, the data is kept for the statutory period.

Category	Items Collected / Used
Sign-up	[Required] Email (ID), encrypted password, organisation/role.[Optional] Name, company name, department/position, phone number.
Social sign-up	[Optional] Minimum information provided by the social login provider (email, profile, etc.).
Goods and services provision	Licence or serial number, administrator account, update history, and minimal access logs (IP, browser, OS).
Enquiries and complaints	Email, name, phone number, and enquiry details.
Payment and settlement	Payment gateway or tax invoice data (contact name, business registration details, payment identifier).

3. Retention and Deletion of Personal Information

Personal information is retained only for the period allowed by law or agreed to by the user (“data subject”).
The main retention periods are:

Website membership: until membership withdrawal.
Goods or service provision: until delivery and settlement are complete. Usage records related to fraud prevention or disputes are retained for five years after withdrawal.
Enquiries and complaints: retained for five years after termination or as required by law.
Payment and settlement: retained for five years after termination or as required by law.

4. Provision of Personal Information to Third Parties

CUBIG does not share personal information with third parties except when:

The user (“data subject”) has provided explicit consent.
Required by law or a legitimate request from investigative authorities.
For corporate accounts, limited data (such as account status or access history) is shared with the organisation’s administrator. Use of serial licences constitutes consent within this scope.

5. Outsourcing of Personal Information Processing

To provide services effectively, CUBIG may outsource certain tasks.
We supervise contractors in line with the Personal Information Protection Act and include security obligations in each contract.

Contractor	Task	Data Processed	Retention / Use Period
Naver Cloud Corp. (NCP)	SMS for registration and verification	Mobile number, authentication code, transmission logs	Until transmission is completed and logs expire (per contract or law).
Google LLC	Email transmission for enquiries	Email, name, enquiry content, access records	For the duration of transmission and storage per policy or law.
PayPal	International payment processing	Payment ID, transaction data, amount, masked card token, buyer email, device/IP	Until payment completion or termination of the entrusted contract.

6. Cross-Border Transfers

Some data may be transferred overseas as follows.
Users (“data subjects”) may refuse overseas transfer, though this may limit certain services (for example, receiving enquiry replies or processing payments).

Recipient	Country	Transferred Items	Transfer Method and Timing	Purpose	Retention / Use Period
Google LLC	United States	Email address, name, enquiry content, transmission metadata	Real-time encrypted transfer upon enquiry submission	Support for email transmission and storage	Retained per company email policy or relevant laws.
PayPal	United States	Payment data and verification information	Real-time encrypted transfer upon payment authorisation	Payment settlement, fraud prevention, and support	Until payment completion or termination of the contract.

7. User (“Data Subject”) Rights and How to Exercise Them

Users (“data subjects”) may:

Request to view, correct, or delete their personal information.
Withdraw consent or close their account at any time.
Exercise these rights by written request, phone, or email to the Personal Information Protection Officer.

CUBIG will respond promptly.
Certain identifiers necessary for system management cannot be modified.
Users must ensure their information is accurate and up to date.
Using another person’s information or providing false data may result in account suspension or legal penalties.

8. Cookies and Automatic Collection

CUBIG uses cookies to remember user settings and provide customised services.
Cookies are small text files stored on the user’s device by the website server.
They do not automatically collect personal information, and users may refuse or delete them at any time.

Purpose: To analyse visits, usage patterns, and search terms to improve the Service and deliver relevant content.
Refusal: Users can manage cookies in their browser settings. Refusing cookies may affect functions that require login.

(Instructions for Chrome, Safari, and Internet Explorer remain as listed in the original document.)

9. Disposal of Personal Information

Personal information is destroyed once its purpose has been achieved or the retention period has expired.

Electronic files: permanently deleted so they cannot be recovered.
Paper records: shredded or incinerated.
Partially retained items: stored separately until statutory retention periods expire, then destroyed.

10. Personal Information Protection Officer

Role	Name	Position	Email
Personal Information Protection Officer	Ha Heonseok	CPO	[email protected]

11. Remedies and External Contacts

If you are dissatisfied with how your personal information has been handled, you may contact the following government agencies for mediation or advice:

Agency	Website / Contact
Personal Information Infringement Reporting Centre	https://privacy.kisa.or.kr / (+82) 118
Personal Information Dispute Mediation Committee	https://www.kopico.go.kr / (+82) 1833-6972
Supreme Prosecutors’ Office Cyber Investigation Division	http://www.spo.go.kr / (+82) 1301
National Police Agency Cyber Safety Bureau	https://cyberbureau.police.go.kr / (+82) 182

12. LLM Capsule (On-Premises) Policy

On-premises principle: Business data is processed and stored within the customer’s infrastructure. CUBIG does not access this data by default.
External integration: When external LLM integration is enabled, only encapsulated (pseudonymised or masked) data is transmitted. Original data is never shared.
Remote support: Remote troubleshooting requires prior approval, session logging, and least-privilege access.
Telemetry (optional): Minimal diagnostic data (error codes, version, status) may be transmitted with consent. Business data content is never included.

13. Changes to This Policy

This Privacy Policy takes effect on 1 October 2025.
Any future updates will be announced on the CUBIG website before they take effect.