Section 1

Personal Information to be Collected

The Company collects and processes the minimum personal information necessary for the operation of the Services.

The Company does not collect names, e-mail addresses, phone numbers, government identifiers, or payment information for the purpose of operating the Services. If additional categories of personal information become necessary in the future (for example, to support an optional newsletter or partnership program), the Company will obtain separate consent at the time of collection in accordance with applicable law.

Section 2

Method of Collection

Anonymized request logs are automatically generated by the Company's hosting provider in the course of serving the Services. Aggregate usage signals are derived from those logs. Device location is provided by the User's browser only when the User invokes the "Near me" function and grants the corresponding browser permission.

The Services use the User's browser-local storage (the "localStorage" API) to remember bookmarked items, recent search queries, and language preferences. Information stored in localStorage resides solely on the User's device and is not transmitted to the Company's servers.

Section 3

Use of Personal Information

The Company uses personal information only for the following purposes:

1. To operate, maintain, and secure the Services, including the prevention of abuse and the diagnosis of technical issues;
2. To measure aggregate Service usage for the purpose of improving the Services;
3. To compute results for the "Near me" function in real time, in response to a User-initiated request.

Section 4

Cookies and Other Automatic Collection

The Services do not use advertising cookies or cross-site tracking cookies. Functional cookies set by the Company's hosting provider may be used for security purposes, such as bot detection and protection against denial-of-service attacks. These cookies are not used for advertising or behavioral profiling.

Users may disable cookies through their browser settings; however, the Services may not function as intended without functional cookies enabled.

Section 5

Provision and Entrustment of Personal Information

The Company does not provide personal information to third parties for marketing or commercial purposes. The Company entrusts certain processing activities to the following service providers in order to operate the Services:

When Users follow outbound links to third-party services (including Instagram pages, Naver place pages, official venue websites, and Wikimedia Commons), those services are governed by their own privacy policies. The Company is not responsible for the data practices of third parties reached through such links.

Section 6

Retention and Destruction

The Company does not retain personal information beyond what is necessary for the operation of the Services. Anonymized request logs are retained by the Company's hosting provider for the period specified in that provider's policy. Aggregate usage signals are retained only in aggregate form and contain no individual identifiers. Device location obtained for the "Near me" function is used in real time and discarded.

Where applicable laws require the retention of certain information for a specified period (such as records on electronic commerce or communications confirmation materials under the Protection of Communications Secrets Act), the Company will retain such information for the required period and destroy it without delay thereafter.

Section 7

Rights of Users

Under the Personal Information Protection Act of the Republic of Korea (PIPA), the General Data Protection Regulation (GDPR) for visitors from the European Economic Area, the California Consumer Privacy Act (CCPA) for California residents, and similar laws in other jurisdictions, Users may have the right to access, correct, delete, or restrict the processing of personal information held by the Company.

Because the Company collects only the limited information described in Section 1, in most cases there is no identifiable personal information held by the Company that can be subject to such requests. If a User believes that the Company holds personal information about the User and wishes to exercise any of the foregoing rights, the User may contact the Personal Information Protection Officer identified in Section 9. The Company will respond within thirty (30) days.

Section 8

Children

The Services are intended as a general travel guide and are not directed at children under fourteen (14) years of age, the threshold under Korean PIPA. The Company does not knowingly collect personal information from children. If the Company becomes aware that personal information of a child has been collected, the Company will destroy such information without delay.

Section 9

Personal Information Protection Officer

The Company has designated a Personal Information Protection Officer to handle inquiries and complaints related to personal information:

For any other reporting or consulting on infringement of personal information, Users may contact the institutions provided below:

1. Personal Information Protection Commission (pipc.go.kr)
2. Personal Information Infringement Report Center, Korea Internet & Security Agency (privacy.kisa.or.kr, telephone 118)
3. Cyber Investigation Bureau of the National Police Agency (ecrm.police.go.kr, telephone 182)
4. Personal Information Dispute Mediation Committee (kopico.go.kr, telephone 1833-6972)

Section 10

Security Measures

The Company takes the following measures to ensure the safety of personal information:

1. Managerial measures: establishment and implementation of an internal management plan;
2. Technical measures: management of access rights to systems that may process personal information, encryption of data in transit (HTTPS), and use of security programs;
3. Physical measures: reliance on commercial cloud infrastructure (Cloudflare) for controlled data center access.

Section 11

Applicability

This Privacy Policy applies to DealSeoul, including its website, related applications, and public data feeds, all operated by Deal Labs. If personal information is collected on a third-party website reached through a link from the Services, this Privacy Policy will not apply to such third-party processing.

Section 12

Automated Processing and AI Training

1. The Company does NOT use any personal information collected through the Services (including device identifiers, IP addresses, search queries, saved-venue lists, or any log-derived signals) for the purpose of training, fine- tuning, or evaluating any machine-learning model, whether operated by the Company or by any third party. The Company also does not sell or otherwise transfer personal information to third parties for use in such model training.
2. With respect to non-personal Content published on the Services (curated venue data, editorial copy, station- level practical information), the Company permits live retrieval and attributed citation by AI assistants but expressly reserves all rights against the inclusion of such Content in any AI training corpus or derivative model weights. The detailed terms of this reservation are set forth in Article 8 of the Terms and Conditions and are operationalised by the per-bot directives in /robots.txt.
3. Continued automated access to the Services after the publication of this Privacy Policy and the Terms constitutes acceptance of the restrictions set forth in Paragraph 1 and Paragraph 2 above.

Section 13

Amendment of Privacy Policy

The Company will announce any amendment to this Privacy Policy on the Services. Material changes will be flagged on the Services for at least fourteen (14) days prior to the effective date.