Updated 2025-12-31

Written by Lubinpla

​

​​

Lubinpla Co., Ltd. (“Lubinpla”, the “Company”, “we”, “us”, or “our”) lawfully processes and securely manages personal information in compliance with the Personal Information Protection Act (“PIPA”) and other applicable laws and regulations, in order to protect the freedom and rights of data subjects (the “User(s)”, “you”, “customer(s)”, or “client(s)”) who use our services (the official website (lubinpla.com, the “Website”) and Lubinpla console (console.lubinpla.com or try.lubinpla.com, the “Console”); collectively, the “Services”). Accordingly, pursuant to Article 30 of PIPA, we establish and disclose this Privacy Policy to inform data subjects of the procedures and standards relating to the processing of personal information and to enable the prompt and smooth handling of related complaints and inquiries.

​

1. About This Policy

​

1.1. Purpose of This Policy

​

This Privacy Policy describes our practices regarding how your information is collected, used, and protected when you use our Services, visit our websites, or otherwise interact with us. This Privacy Policy supplements, and is not intended to replace, any data processing agreement or other notices/privacy policies.

​

This Privacy Policy concerns individuals’ rights. While we also strive to protect information we receive from/about businesses, this Policy does not cover corporate information. Therefore, when we refer to “you” in this Policy, it means you as a natural person, not the organization that directs you or on whose behalf you act. A “data subject” means an identifiable person who is the subject of the processed information. [Source: Personal Information Protection Act]

​

1.2. Our Role in Relation to Your Data

 

When you use Lubinpla, we act in two capacities: (i) as a Controller: we manage personal information relating to your account and how you interact with the Services; and (ii) as a Processor: we process, on your behalf and in accordance with your instructions, the content you provide through the Services (e.g., projects, notes, dens, and related data). For data processed as a Processor, you retain control, and initial inquiries regarding such data should be directed to the appropriate controlling party.

​

1.3. How to Contact Us

 

If you have any questions or concerns regarding personal information, please contact us at info@lubinpla.com. While we encourage you to contact us first with any concerns, you may also lodge a complaint with the data protection supervisory authority applicable in your jurisdiction.

​

1.4. Updates to This Policy

 

We may update this Privacy Policy from time to time. Continued use of the Services after changes are posted will be deemed acceptance of those changes. Please review this Policy periodically and ensure that the information associated with your account in our systems remains up to date.

​

2. Purposes of Processing, Items Collected, Retention and Use Period

 

The Company processes personal information for the following purposes and does so based on the data subject’s consent pursuant to Article 15(1)1 and Article 22(1)7 of PIPA. If the purpose of use changes, we will take necessary measures such as obtaining separate consent in accordance with Article 18 of PIPA.

​

2.1 Membership Registration and Management

 

We retain the information until membership withdrawal. However, in the following cases, we retain it until the relevant cause is resolved:

​

(i) Where an investigation or inquiry is underway due to a violation of applicable laws and regulations: until the investigation or inquiry is completed
(ii) Where receivables/payables arising from use of the Services remain outstanding: until settlement of the relevant receivables/payables is completed

​

2.2 Provision of Goods or Services

 

We retain the information until completion of the supply of goods/services and completion of payment/settlement. However, in the following cases, we retain it until the relevant period ends:

​

(i) Where retention of transaction records is required under Article 6 of the Act on Consumer Protection in Electronic Commerce, etc.
(ii) Records related to display/advertising: 6 months
(iii) Records related to contracts or withdrawal of subscription/application, payment, and supply of goods, etc.: 5 years
(iv) Records related to consumer complaints or dispute resolution: 3 years
(v) Where retention of confirmation data regarding communications is required under Article 15-2(2) of the Protection of Communications Secrets Act
(vi) Service usage records, access logs, and access IP addresses: 3 months

​

2.3 Provision of Services to Non-Members

 

We retain the information for 1 year. However, if a non-member requests deletion through a request to access personal information, etc., we delete it without delay.

​

2.4 Automatically Collected Information

​

During the course of using the Services, service usage records such as website visit history, cookies, access information (IP, logs, etc.), operating system version, device model name, etc. may be collected automatically.

​​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​​​​​​​​​​​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

3. How We Obtain Information

 

3.1 Information You Provide

​

Most data is collected directly from you when you:

​

(i) create an account or subscribe to/use the Services on behalf of an organization
(ii) request our products and/or Services or proceed with customer relationship processes such as quotations, adoption, and contracting
(iii) communicate with our teams (sales/technical support/customer support, etc.) or submit inquiries/requests (including by phone, email, and other electronic means, and in writing)
(iv) input, upload, create information, or change settings while using Lubinpla’s features and functionality
(v) participate in surveys or provide feedback
(vi) register to receive marketing communications and offers (including training proposals), or set/change your marketing preferences
(vii) provide necessary information in the context of you or your organization providing products and/or services to us (e.g., vendor/partner/outsourcing relationships)

​

3.2 Information Collected Automatically

 

When you use the Services, our systems may automatically collect certain technical information, including through cookies and similar tracking technologies (e.g., access/login history, device/browser information, usage logs, performance and error information, etc.).

​

3.3 Third-Party Sources

 

We may receive information from:

​

(i) analytics service providers that help us understand usage patterns
(ii) business partners and service providers (e.g., payment processing, customer support, security, infrastructure operations, etc.)
(iii) publicly available professional databases and public sources (e.g., business contact details and affiliation information, etc.)

​

3.4 Cookies and Automated Processing

 

We use cookies to enhance convenience in using the Services. Information automatically collected when you use the Services includes cookies, log records, and device identifiers. Cookies are small pieces of information sent by the server used to operate a website to a user’s computer browser and may be stored on the hard drive of the user’s PC.

​

In the course of using the Services, the Company collects and uses behavioral information to provide data subjects with optimized personalized services and benefits, online personalized advertising, etc., and collects the following types of behavioral information. However, the collected information is unlikely to identify a specific individual.

​

4. How We Use Information

 

Under data protection laws, we may use your personal information only where we have a lawful basis. However, an exception may apply where we need to use it for another purpose and we reasonably consider that purpose compatible with the original purpose. Where we need to use it for an unrelated purpose, we will notify you and explain the legal basis. We may also process personal information without your knowledge or consent in accordance with this section where required or permitted by law.

​

We use personal information for the following purposes and on the following legal bases.

​

4.1 Contract Performance or Pre-Contract Steps

 

Based on performance of a contract (or steps taken at your request prior to entering into a contract), to:

​

(i) register you or your organization as a new customer and update customer records
(ii) register you as a new supplier and update supplier records
(iii) process orders and delivery (including sending updates, and managing payments, fees, and billing)
(iv) manage subscriptions and user accounts
(v) handle and respond to requests, inquiries, and complaints

​

4.2 Compliance with Legal Obligations

 

Based on compliance with legal obligations, where necessary, to:

​

(i) comply with tax, accounting, anti-money laundering, and applicable laws and obligations
(ii) manage your statutory rights
(iii) notify you of changes to the Terms or this Privacy Policy
(iv) ensure personal information security by preventing unauthorized access to personal information

​

4.3 Legitimate Interests

 

Based on legitimate interests, to:

​

(i) operate our business effectively through internal management, commercial, and security processes (finance, management accounting/controlling, BI, legal/compliance, information security, etc.)
(ii) verify identity and prevent/detect fraud against you or us
(iii) collect outstanding receivables
(iv) request feedback, reviews, or survey participation
(v) provide information about and support participation in events (including online) hosted (solely or jointly) by us, seminars, training, prize promotions/contests, surveys, marketing campaigns, market analyses, or other promotional activities
(vi) provide notices and communications regarding the latest developments/announcements/information (briefings, newsletters, etc.), events, and initiatives related to our services/solutions
(vii) offer, recommend, and advertise products/services you may be interested in (including delivering such communications)
(viii) improve products/services or customer relationships/experience through statistical analysis of your software/service usage
(ix) prevent unauthorized access to and unauthorized modification of systems
(x) perform and process security-related activities such as troubleshooting, data analysis, testing, system maintenance, support, reporting, and data hosting
(xi) provide interoperability between applications
(xii) establish, exercise, and/or defend legal rights

​

4.4 Marketing and Consent-Based Processing

 

We may obtain your consent and carry out specific processing activities for which explicit consent has been obtained. We may send you email updates about our products/services (including exclusive offers, promotions, and information about new products/services). We have a legitimate interest in processing personal information for promotional purposes, and your consent is not always required to send promotional communications. However, where consent is required, we will request it separately and clearly.

​

4.5 Marketing Opt-Out and Withdrawal of Consent

 

We do not sell your personal information and do not share it with other organizations for marketing purposes. You may withdraw consent or opt out of promotional communications at any time by:

​

a. contacting info@lubinpla.com
b. using the “unsubscribe” link in an email

 

If you instruct us to provide additional products/services in the future, or if there are changes in laws/regulations/business structure, we may ask you to confirm or update your marketing preferences.

​

5. AI Processing and Machine Learning

​

5.1 Third-Party AI Processing and No-Training Principle

 

Lubinpla leverages advanced machine learning technologies to provide data analysis, intelligent solution design, smart classification, suggested responses, and other features. To enable these features, some data is processed through third-party AI systems. However, we maintain strict contractual terms that prevent AI providers from using your data to train their models.

​

5.2 Responsibility for Input Information and Duty of Care

 

We design and operate our Services so that, in principle, we do not share personal information with third-party AI systems unless you include personal information via prompts, file uploads, input forms, or other means. However, if you include personal information (or a third party’s personal information) or confidential information in your questions or inputs, such information may be transmitted to and processed by third-party AI systems for the purpose of handling your request and generating responses. Therefore, you must exercise particular care not to include unnecessary personal information or confidential information when submitting questions or materials through Lubinpla.

​

Accordingly, you are responsible for the content of all inputs you provide (prompts, uploaded files, messages, data fields, etc.). In particular, you must: (i) decide and control whether to include personal information or third-party personal information in inputs; (ii) have lawful authority (including any required consents) for information included in inputs; and (iii) avoid including unnecessary personal information, sensitive information, or confidential information in inputs. If you breach these duties of care and a personal information infringement or rights infringement occurs, the associated risks and consequences will, in principle, be attributable to you. For more specific data management, please refer to our “Data Controls”.

​

6. Personal Information of Children Under 14

 

Our Services are not suitable for children under the age of 14. We do not collect, sell, or share information of children under 14. If we become aware that we have collected such information, we will delete it immediately. If you believe your child may have provided information, please contact us immediately as described in “14. Personal Information Protection Officer and Requests for Access to Personal Information” of this Policy. For more details, please refer to the Terms of Service.

​

7. Sharing of Personal Information and Outsourcing of Processing

 

We share your information only in the cases described below:

​

7.1 Service Providers

 

We may share personal information with selected service providers, including security providers, that help us provide and operate products/Services for you. We permit service providers to process personal information only after confirming that they have appropriate technical and organizational safeguards, and we impose contractual obligations (confidentiality, prohibition on use beyond the purpose, restrictions on sub-processing, etc.) requiring them to use personal information solely in accordance with our instructions and for the purpose of providing services for us and you. Service providers may support tasks such as:

​

(i) infrastructure and hosting
(ii) payment processing
(iii) customer relationship management (CRM) and customer support operations
(iv) analytics and performance monitoring
(v) security operations, incident detection, and fraud prevention
(vi) provision of AI and machine learning capabilities (implementation of service features and support for quality improvement)

​

7.2 Professional Advisors

 

We may share personal information (to the extent necessary) with lawyers, auditors, and other professional advisors who provide professional advice such as legal, accounting, tax, and audit services.

​

7.3 Business Transfers

 

If Lubinpla undergoes a change of ownership transaction such as a merger, acquisition, sale of assets, restructuring, or transfer of all or part of the business, your information may be transferred to or shared with the counterparty or successor entity. Where possible, information will be anonymized or minimized, but we cannot guarantee this in all cases. Recipients are subject to confidentiality obligations, and successor entities will be bound by this Privacy Policy.

​

7.4 Legal Requirements and Protection of Rights

 

We may disclose or exchange personal information where required by laws, regulations, legal process, or lawful requests of government authorities, or where reasonably necessary to protect the rights, property, or safety of us and users. This may include disclosure/exchange with investigative authorities, regulators, administrative bodies, and other government agencies.

​

7.5 At Your Direction

 

We may share your information where you explicitly request or instruct us to do so, or within the scope to which you have consented.

​

7.6 Other Recipients

 

Where necessary, we may share personal information with insurers or insurance brokers, banks, etc. Where possible, we provide information in an anonymized or minimized form, but we cannot guarantee this in all cases. Such recipients are subject to confidentiality and information protection obligations under relevant contracts or laws.

​

7.7 Storage Location and Cross-Border Transfers

 

Your personal information may be stored and processed at our offices and at the offices (or data processing locations) of the service providers, representatives, or agents described above. Some recipients or processors may be located outside your country (e.g., the United Kingdom or the European Economic Area (EEA), etc.). In such cases, we implement appropriate safeguards required by applicable laws (e.g., contractual safeguards, transfer impact assessments, etc.) to protect your personal information.

​

7.8 Outsourcing Arrangements Overview

 

To ensure smooth handling of personal information-related tasks, the Company outsources personal information processing tasks as follows.

​

​​

​​

​

​

​

​

​

​

​

​

​​

​

​

7.9 Contractual Requirements for Outsourcing

 

When entering into outsourcing agreements, pursuant to Article 26 of PIPA, the Company specifies in documents such as contracts matters including prohibition of processing personal information beyond the purpose of outsourced work, technical and administrative safeguards, restrictions on sub-outsourcing, management and supervision of the service provider, and liability for damages, and supervises whether the service provider processes personal information safely.

​

7.10 Consent for Sub-Processing

 

Pursuant to Article 26(6) of PIPA, where the service provider sub-outsourced our personal information processing tasks, the Company requires the Company’s consent.

​

7.11 Notice of Changes to Sub-Processors

 

If the scope of outsourced work or the service provider changes, we will disclose such changes without delay through this Privacy Policy.

​

7.12 Overseas Outsourcing

 

Where personal information processing tasks are outsourced overseas, this is described in “8. Cross-Border Transfer of Personal Information”.

​

8. Cross-Border Transfer of Personal Information

 

8.1 Overseas Provision and Outsourcing

 

For service provision, marketing, and customer management services, the Company provides and/or outsources processing overseas as follows.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

​

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

​

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

​

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

​

​

8.2 Storage Locations and Safeguards

 

Your personal information may be stored on servers in the EU and the United States, and appropriate legal safeguards will be implemented. We comply with legal requirements and implement necessary safeguards when conducting international data transfers.

​

(i) Automated Processing of Personal Information: We may carry out automated decision-making and profiling, and you may object to such processing.
(ii) Outsourcing of Personal Information Processing and Security: We enter into confidentiality agreements with vendors that perform outsourced personal information processing and require them to process data only to the minimum extent necessary for business purposes. This helps ensure that your personal information is protected securely.
(iii) Data Protection Technology and Management: In addition to encryption and access controls, we strengthen data protection through regular security inspections to ensure that your personal information is processed securely.

​

9. Procedures and Methods for Destruction of Personal Information

 

9.1 Destruction Without Delay

 

The Company destroys personal information without delay when it becomes unnecessary, such as upon expiration of the retention period or achievement of the processing purpose.

​

9.2 Separate Storage Where Required by Law

 

Even after the retention period consented to by the data subject has expired or the processing purpose has been achieved, if personal information must be retained pursuant to other laws, we will store it by transferring it to a separate database (DB) or by storing it in a different location.

​

9.3 Destruction Procedures and Methods

 

The procedures and methods for destruction are as follows:

​

(i) Destruction procedure: The Company selects personal information for which a reason for destruction has occurred and destroys it in accordance with internal policies.
(ii) Destruction method: The Company destroys personal information recorded and stored in electronic file form in a manner that prevents reproduction of the records, and destroys personal information recorded and stored on paper documents by shredding.

​

10. Rights and Obligations of Data Subjects and Legal Representatives and How to Exercise Them

 

10.1 Data Subject Rights

 

Data subjects may exercise rights against the Company at any time, including requesting access to, correction of, deletion of, suspension of processing of, and withdrawal of consent regarding personal information. ※ The Company does not collect personal information of children under 14 and does not provide services to them.

​

10.2 How to Exercise Rights

 

Rights may be exercised by submitting requests to the Company in writing, by email, by facsimile (FAX), etc. pursuant to Article 41(1) of the Enforcement Decree of PIPA, and the Company will take action without delay.

​

10.3 Exercising Rights Through an Authorized Representative

 

Rights may also be exercised through an agent, such as a legal representative of the data subject or a person authorized by delegation. In such cases, you must submit a power of attorney using the form in Appendix No. 11 of the “Notice on Methods of Processing Personal Information”.

​

10.4 Restrictions on Requests

 

Requests for access to personal information and suspension of processing may be restricted pursuant to Article 35(4) and Article 37(2) of PIPA.

​

10.5 Limits on Deletion Requests

 

Requests for correction and deletion of personal information cannot be made where other laws specify that the personal information is subject to collection.

​

10.6 Identity Verification

 

When a data subject requests access, correction/deletion, or suspension of processing, the Company verifies whether the requester is the data subject or a duly authorized representative.

​

11. Measures to Ensure Security of Personal Information

 

The Company takes the following measures to ensure the security of personal information:

​

(i) Administrative measures: establishment and implementation of internal management plans, operation of a dedicated organization, regular employee training
(ii) Technical measures: management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation and updates of security programs
(iii) Physical measures: access control to computer centers, etc.

While we strive to protect your information, no system can be completely secure. Where required by law, we will notify you of security incidents without delay.

​

12. Installation/Operation of Automatic Collection Devices and Right to Refuse

 

12.1 Cookies and Cookie Controls

 

Cookies are small pieces of information sent by the server (https) used to operate a website to a user’s computer browser, and may be stored on the hard drive of the user’s PC.

​

(i) Purpose of cookies: Cookies are used to identify visit and usage patterns for each visited service, search terms, whether secure access is used, etc., in order to provide optimized information to users.
(ii) Installation/operation and refusal of cookies: In Chrome, you may refuse to store cookies via the menu at the top right of the browser ( ⋮ ) > Settings > Privacy and security > Cookies and other site data, or by using a new Incognito window (or a new InPrivate window).
(iii) If you refuse to store cookies, use of certain services such as login may be restricted.

​

12.2 Response Time for Requests

 

We strive to respond to all legitimate requests within the applicable period and typically respond within 30 days. However, where a request is particularly complex or multiple requests are made, it may take longer than one month; in such case, we will notify you and share progress updates. Where requests are particularly complex or multiple requests are raised simultaneously, the processing period may take longer, in which case we will notify you and share progress updates.

​

12.3 Fees

 

In principle, we do not charge fees for access to data or other exercise of rights. However, if a request is manifestly unfounded, repetitive, or excessive, we may charge a reasonable fee or refuse to act on the request.

​

12.4 Confidentiality

 

We have implemented appropriate security measures to prevent personal information from being accidentally lost, unlawfully used or accessed, altered, or disclosed. We limit access to personal information to persons who have a business need to know and require personal information handlers to process personal information only in authorized ways and to comply with confidentiality obligations.

​

We also have procedures in place to address suspected data security breaches and, where legally required, we will notify you and relevant regulators of such breaches.

​

13. Criteria for Additional Use/Provision

 

13.1 Additional Use/Provision Without Consent

 

Pursuant to Article 15(3) and Article 17(4) of PIPA, the Company may additionally use or provide personal information without the data subject’s consent, taking into account the matters prescribed in Article 14-2 of the Enforcement Decree of PIPA.

​

13.2 Factors Considered

 

Accordingly, the Company considered the following matters in order to additionally use or provide personal information without the data subject’s consent:

​

(i) whether the purpose of the additional use/provision is related to the original purpose of collection
(ii) whether, in light of the circumstances of collection or processing practices, the additional use/provision is foreseeable
(iii) whether the additional use/provision unfairly infringes the interests of the data subject
(iv) whether necessary measures to ensure security, such as pseudonymization or encryption, have been taken

​

14. Personal Information Protection Officer and Requests for Access

 

14.1 Designation of a Personal Information Protection Officer

 

The Company designates a Personal Information Protection Officer as follows to take overall responsibility for personal information processing and to handle data subjects’ complaints and remedies related to personal information processing.

​

14.2 Requests for Access to Personal Information

 

Data subjects may request access to personal information pursuant to Article 35 of PIPA by contacting the department below. The Company will endeavor to process such requests promptly.

​

14.3 Inquiries, Complaints, and Remedies

 

Data subjects may contact the Personal Information Protection Officer and the responsible department for any personal information protection-related inquiries, complaint handling, or remedies arising while using the Company’s Services (or business). The Company will respond and process such inquiries without delay.

​

15. Remedies for Infringement of Rights and Interests

 

15.1 Contact for Reporting and Counseling

 

The Company guarantees data subjects’ right to informational self-determination and strives to provide counseling and remedies for damages resulting from personal information infringements. If you need to make a report or request counseling, please contact the responsible department below.

​

15.2 External Dispute Resolution and Support Bodies

 

To obtain remedies for personal information infringements, data subjects may apply for dispute resolution or counseling to the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center of the Korea Internet & Security Agency, etc. For other reports or counseling regarding personal information infringements, please contact the following organizations:

​

(i) Personal Information Dispute Mediation Committee: 1833-6972 (Korea only; no area code required) (www.kopico.go.kr)
(ii) Personal Information Infringement Report Center: 118 (Korea only; no area code required) (http://privacy.kisa.or.kr)
(iii) Supreme Prosecutors’ Office: 1301 (Korea only; no area code required) (www.spo.go.kr)
(iv) National Police Agency: 182 (Korea only; no area code required) (http://ecrm.police.go.kr)

​

From outside Korea, dial Korea country code +82 and refer to the organization’s international contact number, as short codes may not be reachable internationally.

​

15.3 Administrative Appeals

 

A person whose rights or interests have been infringed due to a disposition or omission by the head of a public institution in response to a request under Article 35 (Access to Personal Information), Article 36 (Correction/Deletion of Personal Information), or Article 37 (Suspension of Processing, etc.) of PIPA may file an administrative appeal in accordance with the Administrative Appeals Act.

​

(i) Central Administrative Appeals Commission: 110 (without area code) (www.simpan.go.kr)

​

16. Third-Party Links

 

Our Services may contain links to external websites. We are not responsible for the personal information processing practices of those sites, and we encourage you to review their policies.

​

17. Changes to This Privacy Policy

​

This Privacy Policy is effective as of January 5, 2026.