Legal

Privacy Policy

Zentriqora (the "Company") has established and publicly discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act (PIPA) of the Republic of Korea to protect users' personal information and promptly address related concerns.

Last updated: April 13, 2026

Article 1 (Personal Information Collected)

The Company collects the following personal information to provide the Service:

  • (1) Required: Google OAuth identifier (Google ID), email address, display name, profile image URL
  • (2) Optional: marketing consent preference
  • (3) Automatically collected: IP address, browser type and version (User Agent), access logs, download logs, cookies, device information, service usage records

Article 2 (Collection Methods)

  • 1. Profile information collected through Google OAuth authentication (within the user-consented scope)
  • 2. Direct user input during service use (contact forms, custom creation requests, etc.)
  • 3. Automatically generated and collected during service use (cookies, access logs, download records, rate-limit counters, etc.)

Article 3 (Purpose of Collection and Use)

  • 1. Member registration, identity verification, and account management
  • 2. Core service features: image discovery, purchase, and download
  • 3. Custom image creation request processing
  • 4. Customer inquiry and complaint handling, notice delivery
  • 5. Abuse prevention, dispute resolution, and legal compliance
  • 6. Service quality improvement and statistical analysis (anonymized and aggregated)
  • 7. Security incident response and audit logging

Article 4 (Retention Period)

Personal information is destroyed without delay once its purpose is fulfilled. However, the following records are retained as required by applicable law:

  • (1) Records of contracts or withdrawal of offers: 5 years (E-Commerce Act)
  • (2) Records of payment and supply of goods: 5 years (E-Commerce Act)
  • (3) Records of consumer complaints or dispute resolution: 3 years (E-Commerce Act)
  • (4) Service usage records, access logs, IP information: 3 months to 3 years (Telecommunications Privacy Act / E-Commerce Act)
  • (5) Sanction records: up to 3 years per internal policy
  • (6) Account deletion requests: retained in encrypted form during the 30-day grace period, then destroyed

Article 5 (Disclosure to Third Parties)

  • (1) The Company does not, in principle, provide personal information to third parties without the user's consent.
  • (2) Exceptions apply in the following cases: 1. When the user has given prior consent 2. When required by law or when an investigative agency makes a request through procedures and methods prescribed by law 3. When urgently necessary to protect life, bodily safety, or property

Article 6 (Processing Delegation)

The Company delegates personal information processing as follows for service operations, and requires protective measures for safe management of personal information in delegation contracts in accordance with Article 26 of PIPA:

  • (1) Supabase Inc. β€” Database hosting and authentication services (until contract termination)
  • (2) Google LLC β€” OAuth authentication (until contract termination)
  • (3) Cloudflare Inc. β€” Image storage (R2) and CDN services (until contract termination)
  • (4) Vercel Inc. β€” Web hosting and deployment (until contract termination)

Article 7 (User Rights and How to Exercise Them)

  • (1) Users may exercise the following rights: 1. Right to access personal information 2. Right to request correction of errors 3. Right to request deletion 4. Right to request suspension of processing 5. Right to data portability
  • (2) These rights may be exercised by email at support@zentriqora.store, and the Company will act without delay.
  • (3) When a user requests correction or deletion due to errors, the Company will not use or provide the personal information until the correction or deletion is complete.
  • (4) Marketing consent may be withdrawn at any time. Deletion of required information may limit service availability.

Article 8 (Security Measures)

The Company takes the following measures to ensure the security of personal information:

  • 1. Data transmission security through HTTPS/TLS encryption
  • 2. Encryption at rest at the database level
  • 3. Access control based on the principle of least privilege (RLS, role-based access control)
  • 4. Audit logging of all administrator activities
  • 5. IP-based request rate limiting
  • 6. Retention of access logs with tamper prevention

Article 9 (Cookies)

The Company uses cookies as described below. For details, please refer to the Cookie Policy page.

  • (1) Essential cookies: Required for service operation including authentication session management, login state, and age verification. These cannot be refused.
  • (2) Analytics cookies: Used for service usage statistics and improvement purposes. These are activated only after the user's explicit consent.
  • (3) Users can accept or decline analytics cookies through the cookie consent banner, and the choice is stored in the browser.

Article 10 (Protection of Minors)

  • (1) The Company does not collect personal information from children under 14 years of age, and if such collection is discovered, the information will be immediately deleted.
  • (2) The Service is intended for users aged 19 and above, and an age verification procedure is used to inform users.
  • (3) A zero-tolerance policy applies to child sexual abuse material (CSAM); any discoveries will be immediately reported to the relevant authorities.

Article 11 (AI-Based Processing)

  • (1) The Company uses AI technology to generate images provided through the Service. All depicted persons are fictional and bear no resemblance to real individuals.
  • (2) Users' personal information is not used for AI model training.

Article 12 (Account Deletion and Data Destruction)

  • (1) Members may request account deletion at any time through Service settings or customer support.
  • (2) A 30-day grace period applies after the deletion request, during which the request may be cancelled.
  • (3) After the grace period: personally identifiable information is destroyed, and content-related records are anonymized.
  • (4) Deletion after the grace period is irreversible.

Article 13 (Data Protection Officer)

The Company designates a Data Protection Officer to oversee personal information processing and handle user complaints and remediation:

  • Team: Zentriqora Operations Team
  • Email: support@zentriqora.store
  • Users may also contact the following agencies for personal information protection inquiries, complaints, or remediation:
  • - Personal Information Infringement Report Center (KISA): Tel 118, privacy.kisa.or.kr
  • - Personal Information Dispute Mediation Committee: Tel 1833-6972, www.kopico.go.kr
  • - Supreme Prosecutors' Office Cyber Investigation Division: Tel 1301, www.spo.go.kr
  • - National Police Agency Cyber Bureau: Tel 182, ecrm.cyber.go.kr

Article 14 (Notification Obligations)

  • (1) When this Policy is amended, the changes shall be announced within the Service at least 7 days before the effective date.
  • (2) For significant changes unfavorable to users, at least 30 days' prior notice shall be given, and re-consent may be requested when necessary.

Amendment History

  • April 13, 2026: Comprehensive revision for global legal compliance
  • March 12, 2026: Initial publication

Supplementary Provisions

This Privacy Policy shall take effect on April 13, 2026.

If you need clarification on document wording, usage rights, or compliance handling, contact us at support@zentriqora.store. When a separate written agreement conflicts with these public terms, the written agreement takes precedence.