Privacy Policy
Reversemountain Corp. (hereinafter referred to as the "Company") processes and safely manages personal information lawfully, in compliance with the Personal Information Protection Act and relevant laws, to protect the freedom and rights of data subjects. Pursuant to Article 30 of the Personal Information Protection Act, the Company hereby establishes and publicly discloses this Privacy Policy to inform data subjects of the procedures and standards for processing and protecting personal information, and to ensure the prompt and smooth handling of related grievances.
The Company collects and uses personal information to the minimum extent necessary for service provision, in accordance with the Personal Information Protection Act.
1) Items of Personal Information Processed Without the Data Subject's Consent
The Company processes the following items of personal information without the data subject's consent.
|
Legal Basis |
Category |
Purpose of Collection |
Items Collected |
Retention and Use Period |
|
Personal Information Protection Act Article 15(1)4 (Performance of a Contract) |
Service Introduction |
Demo reservation, service guidance, coffee chat, etc. |
Name, email address, phone number, company name, (optional) other information provided |
Until consent is withdrawn |
|
Service Operation
|
Verification of membership intent, identification/authentication for membership services, maintenance/management of membership qualifications, delivery of service-related notifications |
Name, email address (ID), password, preferred language, (optional) phone number, MBTI |
Until membership withdrawal |
|
|
Information registration and service use |
Name, HR information (position, résumé, competencies, career development, goal management, performance evaluation, degree certificates, organizational information, job information, reporting structure, contract information, employment status, etc.), email address (ID) |
Until consent is withdrawn |
||
|
Payment Processing |
Payment processing |
Email address (ID), payment information (name, credit card number, expiration date, card issuer, first 2 digits of card password, CVC number), business registration number |
5 years (Electronic Commerce Act Article 6) |
|
|
Customer Support |
Handling errors, inconveniences, and inquiries |
Email address (ID), details of errors, inconveniences, or inquiries |
3 years (Electronic Commerce Act Article 6) |
|
|
Tax Invoice Processing |
Processing tasks related to tax invoices |
Email address for tax invoice issuance, Name of person in charge, phone number of Person in charge |
Until completion of the task |
|
|
Orblit Works Service |
Service Use |
Work schedule, status, and content information entered by the member |
Until consent is withdrawn (However, work-related information that does not contain personal information is retained until workspace deletion) |
|
|
Orblit 1on1 Service |
Service Use
|
Audio files of meeting contents between members |
Destroyed upon completion of transcription and analysis |
|
|
Analysis Provision |
Transcribed text of meeting contents, meeting summaries and analysis results |
Until consent is withdrawn |
||
|
Personal Information Protection Act Article 15(1)6 (Legitimate Interest) |
Fraud Prevention |
Prevention of fraudulent service usage |
CI |
Up to 6 months after membership withdrawal |
|
Personal Information Protection Act Article 15(1)2 (Special Provisions by Law) |
National Tax Duties |
Managing books and supporting documents for all transactions required by tax law |
Name, phone number, email address, payment records (transaction history) |
5 years (Framework Act on National Taxes) |
|
Personal Information Protection Act Article 15(1)2 (Special Provisions by Law) |
Tax Invoice |
Issuing tax invoices for goods/services provided |
Business registration number, trade name, representative's name, business address |
5 years (Value-Added Tax Act Article 71) |
|
Personal Information Protection Act Article 15(1)6 (Legitimate Interest) |
Dispute Resolution |
Collection and management of materials for dispute resolution |
Email address (ID), details of errors, inconveniences, or inquiries |
Up to 2 years after membership withdrawal |
2) Items of Personal Information Processed with the Data Subject's Consent
The Company processes the following items of personal information with the data subject's consent, pursuant to Article 15(1)1 and Article 22(1)7 of the Personal Information Protection Act.
|
Purpose of Collection |
Items Collected |
Retention and Use Period |
|
Sending service-related newsletters |
Name, email address |
Until consent is withdrawn |
|
Enhancing Orblit 1on1 Service AI chatbot |
Transcribed text files of meeting contents between members |
Up to 6 months after membership withdrawal |
|
Statistical analysis and utilization of service usage |
Posts/other content created by the data subject; various automatically generated information and service usage records (app usage history, search history, records of misuse, access logs, cookies); device information (OS/screen size, device ID); IP address |
Until consent is withdrawn or up to 6 months after membership withdrawal |
|
Providing personalized services, personalized data analysis and consulting, identifying target areas for personalized services, providing personalized UI/UX, advertisements, benefits, recommendations, service quality improvement, and new service development |
Job role, years of experience, email address, benefits information, event participation information, survey responses, consultation information, various automatically generated information and service usage records (app usage history, search history, records of misuse, access logs, cookies), posts/other content created by the data subject, device information (OS/screen size, device ID), IP address |
Until consent is withdrawn or up to 6 months after membership withdrawal |
|
Processing personal data for service promotion and sales solicitation |
Various automatically generated information and service usage records (app usage history, search history, records of misuse, access logs, cookies), IP address, advertising identifiers |
Until consent is withdrawn or up to 6 months after membership withdrawal |
The Company does not process the personal information of children under the age of 14.
① The Company shall destroy the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period or the achievement of the purpose of processing.
②
If the personal information must be kept in accordance with other laws
even after the retention period of the personal information consented to by the
data subject has expired or the purpose of processing has been achieved, the
personal information shall be transferred to a separate database (DB) or stored
in a different location.
※ The items of personal information and the legal basis
for retention in accordance with other laws can be confirmed in [1. Purpose of
Processing, Items of Personal Information Processed, and Processing and
Retention Period] item.
③ The procedure and method for the destruction of personal information are as follows.
1. Destruction Procedure
The Company selects the personal information for which the reason for destruction has occurred and destroys the personal information with the approval of the Company's Personal Information Protection Officer.
2. Destruction Method
The Company destroys personal information recorded and stored in electronic file form so that the records cannot be reproduced, and personal information recorded and stored on paper documents is destroyed by shredding or incineration.
① The Company processes the personal information of the data subject only within the scope specified in the purpose of processing personal information, and provides personal information to a third party only when it falls under Article 17 and Article 18 of the Personal Information Protection Act, such as the data subject's consent or a special provision in the law. The Company does not provide the data subject's personal information to a third party otherwise.
② For smooth service provision, the Company obtains the data subject's consent and provides personal information only to the minimum extent necessary in the following cases:
|
Recipient |
Purpose of Provision |
Items Provided |
Retention and Use Period |
|
Company (Customer) to which the OWNER member belongs |
Advancement of 1 on 1 analysis and coaching based on conversation data |
1on1 conversation data (text) |
5 years from the date of membership withdrawal |
③ The Company may provide personal information to relevant organizations without the data subject's consent as follows:
|
Legal Basis |
Recipient |
Purpose of Provision |
Items Provided |
|
Article 18(2)2 of the Personal Information Protection Act (Special Provision in Law), Article 215 of the Criminal Procedure Act |
Competent Police Agency, Prosecutor's Office |
Request through search and seizure warrant |
Information within the scope of the request |
④
In the event of an emergency such as a disaster, infectious disease, an
event or accident that poses an urgent threat to life or body, or urgent
property loss, the Company may provide personal information to relevant
organizations without the data subject's consent, in accordance with the Personal
Information Processing and Protection Rules in Emergency Situations jointly
announced by government ministries. For details, please click Here* to confirm.
In this case, the Company will provide only the minimum necessary personal
information based on the relevant laws and will not provide it for purposes
other than the stated purpose.
⑤ Cases where personal information is provided to a third party outside of Korea are informed in [6. Matters concerning the collection and transfer of personal information outside of Korea].
① The Company outsources personal information processing tasks as follows for smooth personal information processing:
|
Consignee (Recipient) |
Outsourced Task |
|
Toss Payments Co., Ltd. |
Provision of payment service |
|
Supabase Inc. (Seoul Region) |
Storage of data including personal information |
② When concluding a consignment contract, the Company specifies matters concerning the prohibition of processing personal information for purposes other than the performance of outsourced tasks, technical/managerial protection measures, restriction on re-consignment, supervision of the consignee, liability for damages, etc., in the contract document, in accordance with Article 26 of the Personal Information Protection Act, and supervises whether the consignee processes personal information safely.
③ In accordance with Article 26(6) of the Personal Information Protection Act, if the consignee re-consigns the Company's personal information processing task, the Company obtains consent, and the details of the re-consignee and the re-consigned task are disclosed through this Privacy Policy.
④ If the content of the outsourced task or the consignee is changed, it will be disclosed through this Privacy Policy without delay.
⑤ Cases where personal information processing tasks are outsourced outside of Korea are informed in [6. Matters concerning the collection and transfer of personal information outside of Korea].
The Company transfers personal information collected from service users outside of Korea as follows. In accordance with Article 28-8(2) of the Personal Information Protection Act, the following is provided regarding the transfer outside of Korea.
If you refuse the transfer outside of Korea, service use is not possible. If you do not wish to transfer personal information outside of Korea, you can proceed with membership withdrawal on the website (Menu - My Information - Membership Withdrawal).
1) Provision of Personal Information to a Third Party Outside of Korea
|
Legal Basis |
Article 17(1)2, Article 28-8(1)1 of the Personal Information Protection Act (Data Subject's Consent) |
|
Items Transferred (Provided) |
1on1 conversation data (text) |
|
Transferring Country |
United States |
|
Time and Method of Transfer |
Transmission of internal coaching AI log data upon service use |
|
Recipient of Transfer (Provision) |
George Mason University Research Team (plee27@gmu.edu) |
|
Purpose of Use (Provision) |
Advancement of 1 on 1 analysis and coaching based on conversation data |
|
Retention and Use Period |
5 years from the date of membership withdrawal |
|
Legal Basis |
Article 17(1)2, Article 28-8(1)1 of the Personal Information Protection Act (Data Subject's Consent) |
|
Items Transferred (Provided) |
Name, Email |
|
Transferring Country |
United States |
|
Time and Method of Transfer |
Remote (US) transmission using a dedicated network each time the service is used |
|
Recipient of Transfer (Provision) |
Plus Five Five, Inc. (support@resend.com) |
|
Purpose of Use (Provision) |
To provide and improve Service; To monitor the usage of our Service; To gather analysis or valuable information so that we can improve our Service |
|
Retention and Use Period |
Retained for the period necessary for the purpose, and separately retained in the following cases: To comply with legal obligations (e.g., when data must be retained according to specific laws); When necessary for dispute resolution; When enforcing terms of service and policies |
2) Processing Outsourcing and Storage of Personal Information for Contract Performance
|
Legal Basis |
Outsourced Task |
Items Transferred (Provided) |
Transferring Country |
Time and Method of Transfer |
Recipient of Transfer (Provision) |
Purpose of Use (Provision) |
Retention and Use Period |
|
Article 28-8(1)3 of the Personal Information Protection Act (Processing Outsourcing and Storage for Contract Performance) |
Sending emails for member authentication, etc |
Name, email |
United States |
Remote (US) transmission using a dedicated network each time the service is used |
Plus Five Five, Inc.(support@resend.com) |
Email sending for member authentication, etc. |
Destroyed upon membership withdrawal or withdrawal of consent |
|
Text generation and summarization |
User input text, conversation content |
United States |
Remote transmission and storage using a dedicated network each time the service is used |
Google LLC(Vertex AI/Gemini)(googlekrsupport@google.com) |
AI Service (Text generation, summarization, etc.) |
Destroyed upon membership withdrawal or withdrawal of consent |
|
|
STT |
Voice recording file, converted text |
United States |
Remote transmission and storage using a dedicated network each time the service is used |
Assembly AI Inc.(support@assemblyai.com) |
Voice to text conversion |
Destroyed upon membership withdrawal or withdrawal of consent |
|
|
AI model |
User input text, conversation content |
United States |
Remote transmission and storage using a dedicated network each time the service is used |
Open AI OpCo, L.L.C.(dsar@openai.com), Anthropic PBC(privacy@anthropic.com) |
AI Service (Text generation, summarization, etc.) |
Destroyed upon membership withdrawal or withdrawal of consent |
|
|
Data storage operations |
User ID, subscription information, payment information |
United States |
Remote transmission and storage using a dedicated network each time the service is used |
Amazon Web Services Inc.(aws-korea-privacy@amazon.com) |
AWS Marketplace linkage and subscription management |
Destroyed upon membership withdrawal or withdrawal of consent |
The Company takes the following measures to secure the safety of personal information:
1. Managerial Measures: Establishment and implementation of internal management plans, regular employee training, operation of a dedicated organization
2. Technical Measures: Management of access rights to personal information processing systems, installation of access control systems and other related protection measures, internet network blocking measures, encryption of personal information, storage and inspection of access records, installation and update of security programs, vulnerability check and complementation of personal information processing systems
3. Physical Measures: Access control for computer rooms and data storage rooms, storage of documents/auxiliary storage media in a secure place with a lock, safety measures against disasters/catastrophes, control of auxiliary storage media input/output
The Company pseudonymizes collected personal information so that a specific individual cannot be identified for statistical purposes, scientific research, and public recordkeeping, in accordance with Article 28-2 of the Personal Information Protection Act, and utilizes it as follows:
‣ Matters concerning the use of pseudonymized information
|
Category |
Purpose of Processing |
Items Processed |
Retention and Use Period |
|
Scientific Research |
Scientific research for the advancement of the AI chatbot service |
Gender, age, job, job title, etc. among text converted files of meeting content between members |
Until membership withdrawal |
‣ Matters concerning the measures for securing the safety of pseudonymized information
- Managerial Measures: Establishment and implementation of internal management plans, regular employee training, etc.
- Technical Measures: Separate storage of pseudonymized information and additional information, destruction of additional information when unnecessary, separation of access rights to pseudonymized information and additional information, installation of access control systems and other related protection measures, storage and inspection of processing records and access records of pseudonymized information, installation of security programs, etc.
- Physical Measures: Access control for computer rooms and data storage rooms where pseudonymized information is stored
<Personal Information Automatic Collection Devices Installed and Operated>
① The Company uses 'cookies' to store usage information and retrieve it frequently to provide individual services and convenience to the user.
② A cookie is a small amount of information sent by the server (http) used to operate the website to the data subject's browser, and is stored on the data subject's PC or mobile device, and is automatically transmitted to the server from the data subject's browser upon website access.
③ The data subject can set options in the web browser to allow or block cookies.
|
<How to Allow / Block Cookies> ▶ Allow/Block Cookies in Web Browser - Chrome: Select '⋮' in the upper right corner of the web browser > New Incognito Window (Shortcut: Ctrl+Shift+N) - Edge: Select '…' in the upper right corner of the web browser > New InPrivate Window (Shortcut: Ctrl+Shift+N) ▶ Allow/Block Cookies in Mobile Browser - Chrome: Select '⋮' in the upper right corner of the mobile browser > New Incognito tab - Safari: Mobile Device Settings > Safari > Advanced > Block All Cookies - Samsung Internet: Select 'Tab' icon at the bottom of the mobile browser > Turn on Secret Mode > Start |
<Matters concerning the collection, use, provision, and refusal of behavioral information>
① The Company processes behavioral information in a way that does not identify individuals, utilizing automatic collection devices such as cookies, to provide services and benefits optimized for the data subject during the service use process.
② The Company collects only the minimum necessary behavioral information for optimized customized services and benefits, and does not collect sensitive behavioral information that may infringe on the rights, interests, or privacy of individuals, such as thoughts, beliefs, or medical history.
③ The data subject can inquire about behavioral information, exercise the right of refusal, and report damages to the department in charge in [11. Matters concerning the name of the personal information protection officer or the department in charge of personal information tasks and the department that handles grievances].
① The data subject may at any time demand the Company to view, transfer, correct, delete, suspend processing of personal information, and withdraw consent (hereinafter referred to as "Exercise of Rights").
※The Exercise of Rights by children under the age of 14 must be done directly by the legal representative, and a data subject who is a minor aged 14 or older may exercise the rights regarding the data subject's personal information by himself or herself or through a legal representative.
② The Exercise of Rights can be done to the Company in writing, by email, fax, internet, etc., in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
- The data subject may at any time view, correct, delete, suspend processing of personal information, or withdraw consent, or request access by sending an email to security@reversemountain.co.kr.
- The data subject may at any time request the transfer of personal information to himself or herself by sending an email to security@reversemountain.co.kr, and can check the transfer status and details.
③ The Exercise of Rights may also be done through a legal representative of the data subject or an authorized representative. In this case, a power of attorney in the form of Annex 11 of the “Notification on Personal Information Processing Method (No. 2023-12)” must be submitted.
④ The data subject's right to request access to and suspension of processing of personal information may be restricted pursuant to Article 35(4) and Article 37(2) of the Personal Information Protection Act.
⑤ The deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws.
⑥ The Company verifies whether the person who exercised the rights is the data subject or a legitimate representative.
⑦ The data subject can exercise the rights to the department in charge in [11. Matters concerning the name of the personal information protection officer or the department in charge of personal information tasks and the department that handles grievances]. The Company will respond within 10 days from the date of receiving the request for the Exercise of Rights from the data subject (immediately in the case of a request for transfer).
① The Company is responsible for overall management of personal information processing tasks and designates the following personal information protection officer to handle complaints and provide damage relief related to personal information processing for data subjects:
|
Category |
Name, etc. |
Contact Information |
|
Personal Information Protection Officer/Department in Charge of Personal Information Protection/Request for Access to Personal Information |
Name: Dongyoung Kim Position : Director Department: Product Team |
Email: security@reversemountain.co.kr |
② Data subjects may inquire about all personal information protection-related matters, complaint handling, and damage relief that occur while using the Company's service (or business) to the Personal Information Protection Officer and the department in charge. The Company will respond and handle the data subject's inquiry without delay.
① Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Report Center, etc., to receive relief for personal information infringement. For other reports and consultations on personal information infringement, please contact the following organizations:
1. Personal Information Dispute Mediation Committee: (Without national code) 1833-6972 (www.kopico.go.kr)
2. Personal Information Infringement Report Center: (Without national code) 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors' Office: (Without national code) 1301 (www.spo.go.kr)
4. National Police Agency: (Without national code) 182 (ecrm.cyber.go.kr)
② The Company guarantees the data subject's right to self-determination of personal information and strives to provide consultation and damage relief for personal information infringement. If reporting or consultation is required, please contact the department in charge in [11. Matters concerning the name of the personal information protection officer or the department in charge of personal information tasks and the department that handles grievances].
① This Privacy Policy will be applied from November 20, 2025.
② The previous Privacy Policy can be confirmed below.
- Applied from September 05, 2025 ~ November 19, 2025 (Click)