Privacy Policy

We collect information in the following categories:

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our Services;
• Account Management: To create and manage your account, process transactions, and provide customer support;
• Compliance: To comply with legal obligations, including AML/KYC requirements, tax reporting, and regulatory inquiries;
• Security: To detect, prevent, and respond to fraud, unauthorized access, and other security threats;
• Communications: To send service-related notices, updates, and promotional materials (with your consent where required);
• Analytics: To analyze usage patterns and improve user experience;
• Legal Purposes: To enforce our Terms of Service and protect our legal rights.

We process your personal information based on the following legal grounds:

• Contractual Necessity: Processing necessary to perform our contract with you and provide the Services;
• Legal Obligation: Processing required to comply with applicable laws and regulations, including AML/KYC requirements;
• Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, security, and service improvement;
• Consent: Processing based on your explicit consent, which you may withdraw at any time.

We may share your information with the following categories of recipients:

We do not sell your personal information to third parties for marketing purposes.

As a Delaware company serving clients globally, your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your jurisdiction.

When we transfer personal information internationally, we implement appropriate safeguards to ensure your information remains protected, including:

• Standard contractual clauses approved by relevant authorities;
• Data processing agreements with appropriate security obligations;
• Transfers to countries with adequate data protection frameworks;
• Other legally recognized transfer mechanisms.

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:

• Active Accounts: For the duration of your account and business relationship with us;
• Legal Compliance: As required by applicable laws, including a minimum of five (5) years for AML/KYC records;
• Tax Records: As required by tax authorities in relevant jurisdictions;
• Dispute Resolution: For the period necessary to resolve any disputes or enforce our agreements;
• Legitimate Business Purposes: As necessary for audit, compliance, and legal purposes.

After the retention period expires, we will securely delete or anonymize your information unless further retention is required by law.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you;
• Correction: Request correction of inaccurate or incomplete information;
• Deletion: Request deletion of your personal information, subject to legal retention requirements;
• Restriction: Request restriction of processing in certain circumstances;
• Portability: Request transfer of your information to another service provider;
• Objection: Object to processing based on legitimate interests;
• Withdraw Consent: Withdraw consent where processing is based on consent.

To exercise these rights, please contact us using the information provided below. We will respond to your request within the timeframe required by applicable law.

Please note that certain rights may be limited where we have legal obligations to retain information or where exemptions apply under applicable law.

We implement comprehensive technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256);
• Access Controls: Role-based access controls and multi-factor authentication;
• Infrastructure Security: Secure cloud infrastructure with regular security assessments;
• Monitoring: Continuous monitoring and logging of system access and activities;
• Incident Response: Documented incident response procedures and breach notification protocols;
• Employee Training: Regular security awareness training for all personnel;
• Vendor Management: Security assessments of third-party service providers.

While we strive to protect your information, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

We use cookies and similar tracking technologies to collect information about your interactions with our Services. These technologies help us:

• Maintain your session and authentication status;
• Remember your preferences and settings;
• Analyze usage patterns and improve our Services;
• Ensure security and detect fraudulent activity.

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Services.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will:

• Update the "Effective Date" at the top of this Policy;
• Notify you via email or through the Platform;
• Provide at least thirty (30) days' notice before material changes take effect.

Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

If you are not satisfied with our response, you may have the right to lodge a complaint with a supervisory authority in your jurisdiction.

In the event of a confirmed data breach involving personal information, the Company will notify affected individuals and relevant regulatory authorities in accordance with applicable law. Notifications will be provided without unreasonable delay and will include information about the nature of the breach, the data affected, and recommended protective measures.

Seoul Street Labs is committed to maintaining the highest standards of data protection and privacy compliance. Our infrastructure and operations are certified and compliant with the following standards and regulations:

• GDPR Compliant: Full compliance with the European Union's General Data Protection Regulation, including lawful basis for processing, data subject rights (access, rectification, erasure, portability), data protection impact assessments, and Data Protection Officer oversight;
• CCPA Compliant: Full compliance with the California Consumer Privacy Act, including consumer rights to know, delete, and opt-out of data sales, as well as compliance with CPRA requirements;
• SOC 2 Type II Certified Infrastructure: All technology infrastructure, cloud services, and data centers are hosted on SOC 2 Type II certified vendors. This certification verifies that security, availability, processing integrity, confidentiality, and privacy controls are independently audited and verified by third-party auditors;
• ISO 27001 Alignment: Information security management systems are designed and maintained in alignment with ISO 27001 international standards for information security management.

These certifications and compliance measures ensure that your personal information is protected with the highest level of security and privacy standards in the industry.

Our Services may contain links to third-party websites and services. The Company is not responsible for the privacy practices of third-party services. We encourage you to review the privacy policies of any third-party services before providing personal information.