Privacy Policy

This Privacy Policy explains how Ling·STEP (the "Service") collects, uses, stores, and destroys users' personal information. The Service only processes minimal information (email, name) provided through OAuth authentication. This policy is effective from October 11, 2025.

1. Personal Information We Process

  • Required: Email (account identification and login), Name (for display)
  • Automated Data: Technical logs for service security and error analysis (timestamp, request path, partially masked IP, etc.) — for security and quality improvement purposes, not for personal identification.

2. Purpose of Collection and Use

  • OAuth-based user authentication and account management
  • Service access security, prevention of abuse, and error response
  • Compliance with laws and handling user rights requests

3. Legal Basis for Processing

  • User Consent (consent screen during OAuth linkage)
  • Performance of Contract (essential functions like authentication/access)
  • Legitimate Interests (security/error response, abuse prevention) — minimal processing within necessary scope

4. Retention and Use Period

  • Account Information (Email, Name): Immediately destroyed upon membership withdrawal
  • Technical Logs: Retained for up to 6 months for security/error analysis, then promptly destroyed
  • If required by law to be retained separately, retained until the corresponding period

5. Third-Party Requests and Processing Delegation

  • Third-Party Provision: In principle, we do not provide data to third parties. However, it may be provided if there is a lawful request from public agencies such as investigative authorities in accordance with the law.
  • Processing Delegation: We use OAuth providers (e.g., Google, Naver, Kakao) for authentication. The policies and terms of each provider may apply. Providers in use: Google OAuth, Naver OAuth, Kakao OAuth

6. International Transfer

Service infrastructure or delegated service servers may be located outside the country. In this case, personal information may be transferred/stored abroad for service provision, and is managed to be processed securely through appropriate protection measures.

7. User Rights and How to Exercise Them

  • Users may request access, correction, deletion, or suspension of processing of their personal information.
  • Request Method: Email reception at lingstep.helpdesk@gmail.com
  • Processed within the legal deadline after identity verification; grounds will be provided if refused for justifiable reasons.

8. Protection of Children's Personal Information

The Service is not intended for children under the age of 14 in principle, and use by such age requires the consent of a legal guardian. If we become aware that information has been collected without consent, we will destroy it without delay.

9. Destruction Procedures and Methods

  • When the retention period expires or the purpose of processing is achieved, it is destroyed without delay.
  • Electronic File: Permanently deleted in an unrecoverable manner
  • Printed Material: Shredded or incinerated

10. Safety Measures for Personal Information

  • Access Control: Adherence to least privilege principle, management of administrator access records
  • Encryption: Encryption of transmission sections (HTTPS) and secure management of passwords/tokens
  • Log Management: Security event monitoring and anomaly checking
  • Data Minimization: Non-collection of unnecessary information other than email/name

11. Cookie Operation

The Service may use essential cookies to maintain authentication sessions. You can refuse to save cookies through browser settings, but in this case, some functions may be restricted. Advertising/tracking cookies are not used.

12. Data Protection Officer and Contact

  • Data Protection Officer: Ling·STEP Operator
  • Email: lingstep.helpdesk@gmail.com
  • We will respond sincerely without delay if you contact us.

13. Notice of Changes

This policy may be updated according to changes in laws/policies or service content, and important changes will be notified in advance through notices within the Service.