eeumsae (the "Company", "we", "us") operates the workflow automation service "eeumsae" (the "Service"). We comply with the Personal Information Protection Act of the Republic of Korea ("PIPA") and other applicable laws, and we are committed to protecting your personal information. Pursuant to Article 30 of PIPA, we establish and disclose this Privacy Policy to inform you of how we handle your personal information.
This English translation is provided for convenience only. In the event of any discrepancy between this translation and the Korean original, the Korean version prevails.
Article 1 (Purposes of Processing Personal Information)
We process personal information for the following purposes and do not use it for any other purpose. If a purpose changes, we will take necessary measures, such as obtaining separate consent, in accordance with Article 18 of PIPA.
- Membership registration and management: identifying and authenticating members via social login (Google account), maintaining membership, preventing fraudulent use, and delivering notices
- Service delivery: creating, running, and keeping the history of workflows; managing external-service connections and credentials; operating workspaces; sending notifications; and providing other core features of the Service
- Service improvement and stability: analyzing access logs to improve quality, responding to failures, and detecting and preventing security threats and abuse
- Customer support: responding to inquiries, handling complaints, and delivering announcements
- Paid services (when introduced): processing payments and settlements, issuing invoices, and handling refunds
Article 2 (Personal Information We Collect and How)
We process the following items of personal information.
| Category | Items Collected | Method of Collection |
|---|---|---|
| Member information (required) | Email address, name, profile image, social login provider and the user identifier issued by that provider | Collected with your consent when you sign in with your Google account |
| Automatically collected information | Service usage records (such as workflow execution history), access timestamps, IP address, browser type, cookies | Generated and collected automatically while you use the Service |
| User-provided content | Workflow definitions, workspace variables, external-service credentials (OAuth tokens, API keys, etc.), and data processed in the course of workflow execution (collectively, "Customer Data") | Entered or connected directly by you while using the Service |
| Inquiry information | Email address and any information contained in your inquiry | Collected when you contact us by email (contact@eeumsae.com) |
We do not collect sensitive information (such as beliefs or health information) or resident registration numbers. If you choose to include such information in Customer Data you process through the Service, you are responsible for that processing (see Article 9).
Article 3 (Children Under 14)
We do not collect personal information from children under 14 years of age, and the Service is available only to persons 14 years of age or older. If we become aware that a child under 14 has registered, we will delete the account and the associated personal information without delay.
Article 4 (Processing and Retention Periods)
- We process and retain personal information within the retention period required by law or the period agreed to when the information was collected.
- In principle, we retain personal information until you withdraw from membership, and destroy it without delay upon withdrawal. However, the following records are retained for the periods below.
Records Retained Legal Basis Retention Period Records on contracts and withdrawal of offers Act on Consumer Protection in Electronic Commerce (Korea) 5 years Records on payments and supply of goods/services Act on Consumer Protection in Electronic Commerce (Korea) 5 years Records on consumer complaints and dispute resolution Act on Consumer Protection in Electronic Commerce (Korea) 3 years Records on labeling and advertising Act on Consumer Protection in Electronic Commerce (Korea) 6 months Transaction records under tax law Framework Act on National Taxes and other tax laws (Korea) 5 years Login records and other communication confirmation data Protection of Communications Secrets Act (Korea) 3 months Records for preventing fraudulent use Internal policy 1 year after withdrawal - Customer Data (workflow definitions, execution data, connection credentials, etc.) is destroyed when you delete it within the Service or when you withdraw from membership.
Article 5 (Provision to Third Parties)
- We process personal information only within the scope described in Article 1 and do not provide it to third parties except with your separate consent or where specifically required by law, as set out in Articles 17 and 18 of PIPA.
- Where you configure a workflow to send data to an external service, that transfer is carried out at your direction and is governed by Article 6.
Article 6 (Transfers to External Services at Your Direction)
- The Service is an automation tool that exchanges data with external services you connect, according to workflows you configure. When you set up a workflow to use an external-service node, the data processed by that workflow is transmitted to that external service at your direction.
- Examples of external services that can be connected include: Google (Gmail, Google Sheets, Google Calendar), Slack, GitHub, NHN Cloud (KakaoTalk Alimtalk and SMS), Toss Payments, Naver Commerce (Smart Store), and LLM providers such as OpenAI. The current catalog is available within the Service.
- Data transmitted to an external service is governed by that service's own terms and privacy policy. We carry out the transfer you direct but have no control over the processing performed by the external service.
Article 7 (Outsourcing of Personal Information Processing)
- To provide the Service smoothly, we outsource personal information processing as follows.
Processor Outsourced Work [Cloud hosting provider] Provision of cloud infrastructure and data storage for Service operation - When entering into an outsourcing agreement, we specify in the contract, in accordance with Article 26 of PIPA, matters such as the prohibition of processing beyond the outsourced purpose, technical and organizational safeguards, restrictions on sub-outsourcing, supervision of the processor, and liability for damages, and we supervise whether the processor handles personal information safely.
- If the outsourced work or the processor changes, we will disclose the change through this Privacy Policy without delay.
Article 8 (Cross-Border Transfers)
- In the course of providing the Service, personal information may be transferred abroad as follows.
Recipient Country Items Transferred Time and Method Purpose and Retention Google LLC United States Email address, name, profile image Transmitted over the network at the time of social login Member authentication (per Google's policies) [Cloud hosting provider and region] [Country] All items listed in Article 2 Transmitted and stored over the network while the Service is used Service provision (until membership withdrawal or termination of the outsourcing agreement) - If you connect external services operated by overseas providers (for example OpenAI, Slack, GitHub, or Google) in a workflow, the data processed by that workflow may be transferred abroad to those providers at your direction (see Article 6).
- You may refuse cross-border transfers of your personal information. However, for functions where the transfer is essential (such as social login), refusing may limit your use of the Service. Contact: contact@eeumsae.com
Article 9 (Third-Party Personal Information in Customer Data)
- Customer Data you process through workflows may contain personal information of third parties, such as your own customers (for example, a buyer's name, contact details, or address). In that case, you are responsible, as the data controller under PIPA, for securing a lawful basis for the collection and use of that information (such as obtaining consent) and for complying with the permitted purposes and scope of processing.
- With respect to Customer Data, we act on your instructions and process it only to the extent necessary to provide the Service (such as executing workflows and keeping execution history). We do not use Customer Data beyond the scope of your instructions.
- If you use messaging features such as Alimtalk or SMS, you are responsible for the obligations under Article 50 of the Act on Promotion of Information and Communications Network Utilization and Information Protection (Korea), including obtaining recipients' prior consent.
Article 10 (Destruction of Personal Information)
- We destroy personal information without delay when it becomes unnecessary, such as upon expiration of the retention period or fulfillment of the processing purpose.
- If personal information must be retained under other laws despite the expiration of the agreed retention period or the fulfillment of the purpose, we move it to a separate database or storage location.
- Procedure and method of destruction:
- Procedure: We select the personal information subject to destruction and destroy it with the approval of the Chief Privacy Officer.
- Method: Information in electronic form is deleted using technical methods that make recovery impossible; paper documents are shredded or incinerated.
Article 11 (Your Rights and How to Exercise Them)
- You may at any time request access to, correction of, deletion of, or suspension of the processing of your personal information, and may withdraw your consent.
- You can exercise these rights through the settings menu in the Service or by email (contact@eeumsae.com), and we will act without delay in accordance with PIPA and its Enforcement Decree.
- You may exercise these rights through an agent, such as a legal representative or an authorized person. In that case, a power of attorney in the form prescribed by the applicable notification under PIPA must be submitted.
- Requests for access or suspension of processing may be limited under Articles 35(4) and 37(2) of PIPA.
- Correction or deletion cannot be requested where the personal information is expressly required to be collected under other laws.
- We verify that the person making a request is the data subject or a lawful agent.
Article 12 (Security Measures)
Pursuant to Article 29 of PIPA, we implement the following measures to secure personal information.
- Organizational measures: establishing and implementing an internal management plan, minimizing the number of staff handling personal information, and training them
- Technical measures: access-permission management and access control for personal-information processing systems, encryption in transit (TLS), encrypted storage of external-service credentials such as OAuth tokens and API keys (AES-256-GCM), masking of sensitive values in execution history, and retention of access logs
- Physical measures: access control for data storage facilities (relying on the physical security certifications of our cloud provider)
Article 13 (Cookies and Similar Technologies)
- We use session cookies that are essential to providing the Service, such as keeping you signed in. We do not currently use cookies for advertising or behavioral analytics; if we introduce them, we will amend this Privacy Policy and give notice.
- You may refuse or delete cookies through your browser settings. However, refusing essential cookies may limit your use of features that require signing in.
- Chrome: Settings → Privacy and security → Cookies and other site data
- Edge: Settings → Cookies and site permissions
- Safari: Preferences → Privacy
Article 14 (Automated Decision-Making)
We do not make fully automated decisions that materially affect your rights or obligations within the meaning of Article 37-2 of PIPA. Automated workflow execution and AI (LLM) features within the Service are processing that you yourself configure and direct, and do not constitute such decisions.
Article 15 (Chief Privacy Officer and Access Requests)
- We have designated a Chief Privacy Officer who is responsible for overseeing the processing of personal information and for handling complaints and remedying harm related to it.
Chief Privacy Officer Bochan Kang (Representative) Contact contact@eeumsae.com - You may submit requests for access to personal information under Article 35 of PIPA to the Chief Privacy Officer or the department below.
Department handling access requests Chief Privacy Officer, Bochan Kang (contact@eeumsae.com)
Article 16 (Remedies for Infringement of Rights)
You may contact the following organizations in Korea for dispute resolution or counseling regarding personal information infringements.
- Personal Information Dispute Mediation Committee: 1833-6972 / www.kopico.go.kr
- Personal Information Infringement Report Center (KISA): 118 / privacy.kisa.or.kr
- Supreme Prosecutors' Office: 1301 / www.spo.go.kr
- National Police Agency: 182 / ecrm.police.go.kr
A person whose rights or interests have been infringed by a disposition or omission of the head of a public institution in response to a request under Articles 35 (access), 36 (correction/deletion), or 37 (suspension of processing) of PIPA may file an administrative appeal under the Administrative Appeals Act. (Central Administrative Appeals Commission: 110 / www.simpan.go.kr)
Article 17 (Changes to This Privacy Policy)
- This Privacy Policy applies from its effective date.
- If content is added, deleted, or amended due to changes in laws, policies, or the Service, we will give notice through the Service or the website at least 7 days before the change takes effect (or at least 30 days for material changes affecting your rights).
Addendum
This Privacy Policy takes effect on July 7, 2026.
| Business operator | eeumsae |
|---|---|
| Representative | Bochan Kang (강보찬) |
| Contact | contact@eeumsae.com |