Privacy Policy

This Privacy Policy explains how Ling·STEP (the "Service") collects, uses, stores, and destroys users' personal information. The Service only processes minimal information (email, name) provided through OAuth authentication. This policy is effective from October 11, 2025.

1. Personal Information We Process

  • Required: Email (account identification and login), Name (for display)
  • Automatically Collected Minimal Logs: Technical logs for service security and error analysis (timestamp, request path, partially masked IP, etc.) — for security and quality improvement purposes, not for personal identification

2. Purpose of Collection and Use

  • OAuth-based member authentication and account management
  • Service access security, fraud prevention, error response
  • Legal compliance and user rights request processing

3. Legal Basis for Processing

  • User consent (consent screen during OAuth integration)
  • Contract performance for service provision (authentication, access and other essential functions)
  • Legitimate interest (security, error response, fraud prevention) — minimal processing within necessary scope

4. Retention Period

  • Account information (email, name): Immediately destroyed upon member withdrawal
  • Technical logs: Stored for a maximum of 6 months for security and error analysis purposes, then promptly destroyed
  • When required by law, stored until the legally mandated period

5. Third-Party Provision and Processing Delegation

  • Third-Party Provision: Generally not provided. However, may be provided in cases of lawful requests from investigative agencies or public institutions in accordance with laws.
  • Processing Delegation: OAuth providers (e.g., Google, Naver, Kakao) are used for authentication. Each provider's policies and terms may apply. Providers in use: Google OAuth, Naver OAuth, Kakao OAuth

6. International Transfer

Service infrastructure or delegated service servers may be located overseas. In such cases, personal information may be transferred and stored overseas for service provision, and is managed to be processed securely through appropriate protective measures.

7. User Rights and Exercise Methods

  • Users can request access, correction, deletion, and suspension of processing of their personal information.
  • Request method: Submit email to lingstep.helpdesk@gmail.com
  • Processed within the legal deadline after identity verification, and in case of rejection for justified reasons, the basis will be provided.

8. Protection of Children's Personal Information

The Service is not intended for children under 14 years of age, and use by such age group requires parental consent. If we become aware of collection without consent, it will be destroyed without delay.

9. Personal Information Destruction Procedure and Method

  • Destroyed without delay when retention period expires or processing purpose is achieved.
  • Electronic file format: Permanently deleted by irrecoverable methods
  • Printouts: Shredded or incinerated

10. Security Measures

  • Access control: Compliance with minimum privilege principle, management of administrator access records
  • Encryption: Transmission encryption (HTTPS) and secure password/token management
  • Log management: Security event monitoring and anomaly detection
  • Data minimization: No unnecessary information collected except email and name

11. Cookie Operation

The Service may use essential cookies to maintain authentication sessions. You can refuse cookie storage through browser settings, but this may limit some functions. Advertising and tracking cookies are not used.

12. Privacy Officer and Contact

  • Privacy Officer: Ling·STEP Operator
  • Email: lingstep.helpdesk@gmail.com
  • We will respond to your inquiries promptly and sincerely.

13. Notice of Changes

This policy may be updated according to changes in laws, policies, or service content, and significant changes will be notified in advance through service announcements.