1. Introduction
Welcome to DreamPicture, an AI-based image generation platform and sharing service provided by Softzen Corporation (the “Company”, “we”, “our”, or “us”).
Along with the Terms of Service, this privacy policy (the “Privacy Policy”) governs access to, and use of, the Company’s DreamPicture Services, whether provided through a mobile application (our “App”), website, or otherwise, and all relatedfeatures, functionalities, tools, applications, data, software, APIs, and the like; their inputs and outputs; and their contents (the foregoing, collectively and any part thereof, the “Services”).
1.1. Who this Privacy Policy Applies to
This Privacy Policy applies to everyone who accesses or uses the DreamPicture Services (“user(s)” or “you”) and is a legally binding contract between you and the Company in relation to the Services.
1.2. Requirements to Use the Services
You are permitted to access and use the Services only if you meet the age and capacity Eligibility requirements and you agree to, and you comply with, the Terms and the Privacy Policy, and with all other agreements with the Company and with all applicable and duly enacted and promulgated laws and regulations of the relevant jurisdiction(s) (“Law(s)”).
By signing up for, or otherwise accessing, or otherwise using the Services, you expressly:
If you are not eligible to use the Services, or you are unable to, do not agree to, or at any time cease to comply with, the Privacy Policy as it may be modified from time to time, then you must immediately stop accessing and using the Services.
2. Collection, Use, and Protection of Personal Data
2.1. Types of Data Collected and How it is Used
2.1.1 Personal Data
“Personal Data” or “Personal Information” means any information that relates to, describes, or could be used to identify an individual, directly or indirectly, and otherwise as defined as personal data or personal information under any applicable Laws. Personal Data may also include “Service Usage Data”, which is data collected automatically, either generated by the use of the Services or related infrastructure (e.g., the duration of a page view), to the extent that such data is personally identifiable data.
Personal Data that we collect includes the following data used for the stated purposes in connection with user registration, use, and operation of the Services:
| Type | Use |
| Phone number | To authenticate your account upon registration and to identify you whenever you log in. To contact you regarding security updates, changes in the Privacy Policy, suspension or termination of your account, and to the functions, products, or contracted services; to respond to your inquiries |
| Email address | To back up your content in the App and confirm your identity when you want to preserve your content when changing your phone number, to contact you regarding security updates and changes in the Privacy Policy, and to provide informative communications related to the functions, products or contracted services; to respond to your inquiries |
| Device Data (speaker, microphone, camera, OS and OS version) | For one-on-one chat messages, recording avatars, recording the voice of the sender of messages in the app, confirming OS version for user demographics, bug reports, and other functionality. |
| Service Usage Data (frequency of app use, time of use, login data) | To evaluate and improve Service functionality, for Service improvements, troubleshooting, and security and data protection |
2.1.2. Additional Uses of Personal Data
In addition to other specifics uses of your Personal Data set out in this Privacy Policy, we may also use your Personal Data for the following purposes:
Personal Data that we collect includes the following data used for the stated purposes in connection with user registration, use, and operation of the Services:
2.2. Security of Personal Data
The security and privacy of your Personal Data are important to us. To help protect your Personal Data from unauthorized access, use, or disclosure, we use a variety of industry-standard security technologies and procedures, such as the following:
While we use reasonable commercial efforts to protect Personal Data, no technology, data transmission, or system can be guaranteed 100% secure. And we expressly disclaim any such guarantee. In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of or access to your data, we will take commercially reasonable efforts to notify you promptly as may be required by applicable Law.
3. Transfers of Your Personal Data
3.1. Internal and Company-affiliate Transfer of Your Personal Data
Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. This information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. Your consent to this Privacy Policy, followed by your submission of such information, represents your agreement to that transfer.
3.2. Third-Party Data Sharing
3.2.1. Third-Party Websites, Applications, and Services
The Services are integrated with or may otherwise interact with Third Party Services to provide the Services to you. Some services are necessary for the Services to function, and others are used to analyze how the Services are used, test new features, generate cause analysis for errors, and collect data to improve the Services. These Third Party Services may have their own terms and conditions of use and privacy policies, and you understand and agree that we do not endorse and do not have, or maintain, any control over them, and we are not responsible for their content, operation or use, or for any transaction, you may enter into with them, nor do we give any warranty with respect to their compatibility, content, operations, fitness, or use. By using the Services, you give your consent to the collection and use of such data, and its transfer to such third parties, including:
| Third-Party Services | Third-Party Terms and Privacy Policies |
| Google LLC Play Store In-app purchases | [Terms of Service], [Privacy Policy] https://play.google.com/intl/en_us/about/play-terms/index.html https://policies.google.com/privacy |
| Apple App Store In-app payments | [Terms of Service], [Privacy Policy] https://www.apple.com/legal/internet-services/itunes/us/terms.html https://www.apple.com/kr/legal/privacy/ |
3.2.2. Cookies and Similar Technologies
We may use cookies in accordance with applicable Law. However, cookies that identify individuals by themselves, including the user's personal information, are not collected arbitrarily without users’ consent. You can decide whether to allow cookies or delete all existing cookies through your mobile web browser's preferences settings. However, if you refuse to accept cookies, some services that require login may be difficult to use.
Some browser manufacturers provide comprehensive help relating to cookie management:
3.2.3. Other Third-Party Disclosures of Data
In addition to other specific third-party disclosures of your Personal Data set out in this Privacy Policy, we may share your Personal Data with third parties in the following situations:
4. Data Retention
We retain Personal Data for as long as required to engage in the uses described in this Privacy Policy unless a longer retention period is required by applicable Law.
The criteria used to determine our retention periods include the following:
Based on the criteria above, the following are our process methods and data retention periods for the types of data specified:
| Linked to Identity | Process on Device / on Server | Upon user account deletion at user’s choice | Upon account termination due to user violation of the Terms | From first day of ongoing account inactivity | |
| Email address | N | Server Process | 30 days grace period | 30 days grace period | Six months until the suspension of access to |
| data; one year until the automatic deletion of remaining data | |||||
| Device Data | N | Server Process | 30 days grace period | 30 days grace period | Six months until the suspension of access to data; one year until the automatic deletion of remaining data |
| Service Usage Data | N | Server Process | 30 days grace period | 30 days grace period | Six months until the suspension of access to data; one year until the automatic deletion of remaining data |
5. Your Rights with Respect to your Personal Data
5.1. Your Itemized Rights
As a DreamPicture user, you have the following rights with respect to your Personal Data to the extent applicable in the relevant circumstances and only to the extent required by applicable Law:
5.2. How to Exercise Your Rights
To exercise your rights as a user set forth under Section 5.1, contact us at email at: help@softzen.co.kr and include in your email the Google or Apple account you’re using as DreamPicture's account, an e-mail address where you can be reached, and what are you are requested of us
6. Children’s Privacy
We do not knowingly collect or solicit any information from anyone under the age of 13 or knowingly allow such persons to register for the Services. The Services and their contents are not directed at children under the age of 13 (or another age as may be required by applicable Law) or to anyone else not meeting the eligibility requirements under the Terms. In the event that we learn that we have collected personal information from a child under the age of 13 (or other minimum age as required by the Terms or applicable Law) without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13 (or other minimum age as required by the Terms or applicable Law), please contact us by email at: help@softzen.co.kr and include in your email all of the following information: the Google or Apple account you used to register your DreamPicture account, an e-mail address where you can be reached, and what you are requesting of us.
7. Changes to this Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy in the Public Notices section of the app. We will give you notice of Privacy Policy Changes via email (if you have provided your email address to us) and/or a prominent notice on our Services before the change becomes effective and update the "Last updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
8. Supplemental Terms and Conditions for Certain Regions
8.1. Supplemental Terms and Conditions for Europe
If you are located in the European Economic Area (the “EEA”), Switzerland, or the United Kingdom (the “UK”), our legal basis for collecting and using the Personal Data described in this Privacy Policy will depend on the Personal Data concerned and the specific context in which we collect it. However, we will normally collect Personal Data from you only where we have your consent to do so, where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you.
The Company may share information internally or with third parties, as further described in this Privacy Policy. When we share the Personal Data of individuals in the EEA, Switzerland, or the UK with third parties, we use various legal mechanisms to safeguard the transfer, including the European Commission-approved standard contractual clauses and additional safeguards where appropriate.
Additionally, you have the following data protection rights:
In order to exercise your rights, please contact us at help@softzen.co.kr
8.2. Supplemental Terms and Conditions for California
This statement of Supplemental Terms and Conditions for California (the “Statement”) applies solely to residents of California or individuals whose information has been collected in California. The Company has adopted and included this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”). Any terms used in this Statement that are defined in the CCPA have the same meaning given therein.
INFORMATION WE COLLECT
In the past twelve (12) months, the Company has collected the categories of Personal Information set forth below. We may disclose each of these categories of Personal Information to our Service Providers for our business purposes (to enable the Service Providers to provide their services) and as otherwise described in Section 4, “Transfers of Your Personal Data.”:
| # | category | Collected | Disclosed |
| 1 |
Identifiers. Name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers |
YES | YES |
| 2 |
Personal information categories under the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories. |
YES | YES |
| 3 |
Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
NO | NO |
| 4 |
Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
YES | YES |
| 5 |
Biometric information. Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
NO | NO |
| 6 |
Internet or other similar network activity. Browsing history, search history, and information on a consumer’s interaction with a website, application, or advertisement. |
NO | NO |
| 7 |
Geolocation data. Physical location or movements. |
NO | NO |
| 8 |
Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. |
YES (only images you upload to our service) |
YES |
| 9 |
Professional or employment-related information. Current or past employment history or performance evaluations. |
NO | NO |
| 10 |
Education Information under California Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R.
Part 99) Information that is not “publicly available personally identifiable information” as defined in the California Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99). Includes education records directly related to a student maintained by an educational institution or party acting on its behalf, like grades, transcripts, class lists and student schedules, identification codes, financial information, or disciplinary records. |
NO | NO |
| 11 |
Inferences Conclusions that could be used to create a profile reflecting an individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitude. |
YES | YES |
SELLING INFORMATION
The Company does not sell your Personal Information, as defined under CCPA. If we sell your Personal Information in the future, we will notify you, and you may have the right to opt out of such a sale
YOUR RIGHTS AND CHOICES
The CCPA provides individuals residing in California or whose Personal Information was collected in California with specific rights regarding their Personal Information. The below describes your rights and how you may exercise them.
Access to Specific Information and Data Portability Rights
You have the right to request that the Company disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months. Once the Company receives and confirms your verifiable information access request, the Company must disclose to you: (i) the categories of Personal Information we collected about you; (ii) the categories of sources for the Personal Information we collected about you; (iii) our business or commercial purpose for collecting or, if applicable, selling that Personal Information; (iv) the categories of third parties with whom we share that Personal Information; (v) the specific data points or pieces of Personal Information we collected about you. If we disclosed for a business purpose or sold your Personal Information, the Company must also provide separate lists that: (x) identify the Personal Information categories that were sold to each category of the recipient in connection with sales of your Personal Information and (y) identify the Personal Information categories that were provided to each category of the recipient in connection with business purposes disclosures of your Personal Information.
Deletion Request Rights
You have the right to request that the Company delete any of your Personal Information that we collected from you and/or retained. Unless subject to a certain limited exception, once the Company receives and confirms your verifiable data deletion request, we will delete (and direct our Service Providers to delete) your Personal Information from our records. The Company will notify you promptly if it determines it must deny your deletion request.
Do Not Sell Opt-Out Rights
You have the right to opt out of any sales, as defined by the CCPA, of Personal Information by the Company. However, the Company does not sell your information
EXERCISING YOUR RIGHTS
To exercise your access, data portability, and deletion or do not sell opt-out rights described above, you may submit a verifiable consumer request in writing to [email].
You may only make a verifiable consumer request for access or data portability up to two times within a 12-month period. You may make a verifiable do not sell opt-out request at any time. Any such request must: (i) provide sufficient information that allows us to reasonably verify that you are the person about whom we collected Personal Information or an authorized representative thereof; and (ii) describe your request with sufficient detail such that we may understand, evaluate, and respond to it. The Company cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with the Company. The Company will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you in writing of the extension period and the reason for it. The Company will deliver any required or requested responses or other communications in writing to you by email. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. If applicable, our response will also explain why we cannot comply with a request. For data portability requests, The Company will provide your Personal Information in a readily usable and transferable format. The Company does not charge a fee to process or respond to your verifiable consumer request unless such requests become excessive, repetitive, or manifestly unfounded or as otherwise permitted by the CCPA. If we determine that a request warrants charging a fee, we will notify you and provide you with a cost estimate before completing your request.
8.3. Supplemental Terms for the Republic of Korea
The Republic of Korea.
If you are using the Platform in the Republic of Korea (“South Korea”), the following Supplemental Terms shall apply. In the case of conflict between the Supplemental Terms and the provisions in the main body of this Privacy Policy, the Supplemental Terms shall prevail.
When We Provide Personal Data to Third Parties.
In principle, we will not provide your personal data to third parties without your consent. However, the provision of your personal data is limited to cases where you have directly agreed to provide your personal data in order to enable your access to services provided by an external partner; where we are subject to an obligation to submit your personal data in accordance with the applicable laws and regulations; where it is necessary for the settlement of the costs of information communication services; or where it is significantly necessary for the emergency concerning the life, physical or property interests of you or a third party.
How We Entrust Personal Data to Third Parties.
When concluding agreements with third parties that include sharing personal data, in addition to specifying the contents of such in the agreements and other relevant documents, we will expressly prohibit the service providers from processing personal data for purposes other than those of the entrusted business, and specify the technical and organizational measures the service providers should adopt, the restrictions on sub-entrustment, as well as matters relating to the management and supervision of services providers and compensation for damages. We will supervise whether the service providers process your personal data in a secure method.
Unless otherwise set forth in the main body of this Privacy Policy, if we use data as part of our advertising and marketing campaigns, your personal data contained in the aforementioned data may be disclosed to the recipients of such advertising or marketing content.
Retention Period of Your Personal data.
In principle, we will keep your personal data until you deregister your account.
How We Destroy Your Personal Data
We will immediately destroy your personal data in the following circumstance: the purpose for which the personal data is collected has been fulfilled; the retention period specified in this Privacy Policy has expired; or when you withdraw your consent to the collection and use of your personal data.
We will destroy your personal data according to the following procedures and methods:
Destruction procedures: we will select the personal data for which the cause of destruction occurs and destroy the personal data upon approval by the Personal Data Protection Officer.
Destruction methods: personal data recorded and saved in the form of electronic documents will be destroyed in a way that cannot be recovered, and personal data recorded and saved in paper documents will be destroyed by shredding in a shredder or incineration.
However, we will continue to retain your personal data for the period required by applicable laws and regulations, including but not limited to:
| Related laws and regulations | Retained data | Retention period |
| Electronic Commerce Act | Records involving contracts or cancellation of orders, etc. | 5 years |
| Records involving payments and provision of finances, etc | 5 years | |
| Records involving consumer complaints or handling disputes | 5 years | |
| Act on Protection of Communication Secrets | Facts relating to computer communication and the use of telecommunication services by internet users; log recording documentation related to computer communication or Internet. | 3 months |
| Access tracking information involving the location of information communication devices used by computer communication or Internet users to access the information communication network | 3 months |
We will delete or keep separately their personal data for members who have not used the service for 1 year.
Your Rights to Your Personal data.
Under the South Korean personal data protection law, you have the following rights with respect to your personal data:
Right of Access.
You have the right to request access to your personal data held by us, and you can exercise your rights by contacting us
at help@softzen.co.kr. However, we may deny your request for access if one of the following conditions applies: (i) the
access is prohibited or restricted by relevant laws and regulations, or (ii) responding to your request would cause harm
to the life or physical condition of a third party, or infringe on the property or other interests of third parties.
Right of Correction and Right of Deletion.
You have the right to request us to correct any inaccurate information in our possession or to delete your personal
data. You may correct or delete some personal data within the Platform by yourself, and for other personal data that you
are unable to correct or delete by yourself, you may exercise your rights by contacting us at help@softzen.co.kr. If we
are required by applicable laws or regulations to retain certain personal data, we may not accommodate requests to
delete such personal data.
Right to Withdraw Consent.
You may withdraw your consent to collecting and using your personal data at any time. In order to withdraw your consent
to the collection and use of personal data, you may deregister your account in "Settings". When you withdraw your
consent, the information generated and accumulated during your use of the Platform (e.g., user content) may be destroyed
together, and such destroyed personal data cannot be recovered.
Right to Stop Data Processing
You may request us to stop processing your personal data. However, we may refuse your request to stop processing if one
of the following conditions applies: (i) The processing of your personal data is unavoidable due to special provisions
of the law or in order to fulfill legal obligations; (ii) Stopping processing of your personal data may cause damage to
the life or physical condition of a third party, or infringe on the property or other interests of third parties; or
(iii) The processing of your personal data is unavoidable for the performance of a contract with you, but you have not
expressly indicated your intention to terminate the contract.
Personal data of children.
The Platform is not intended for children under the age of 14. If you are a child under such age, you cannot use the
Platform.
Matters related to the security protection of personal data.
To help ensure the security of personal data, we take the following measures:
Managerial measures: developing and implementing internal management programs, operating specialized organizations, and
conducting regular training
Technical measures: managing the access rights to personal data processing systems, etc., installing access control
systems, encryption, and installing and updating security software;
Physical measures: controlling access to server rooms and servers, etc.
Installation, Operation, and Rejection of Automatic Personal Data Collection Devices.
To improve your experience on the Platform and improve our services, we will use cookies that store user information and
are loaded at any time; please refer to "Cookies and Other Similar Technologies" in the main body of this Privacy Policy
for information on the installation, operation, and rejection of such cookies.
Personal Data Protection Officer.
In order to protect your personal data and handle your complaints and requests for infringement remedies, we have
appointed the following Personal Data Protection Officer to be solely responsible for personal data processing-related
operations.
Personal Data Protection Officer: Su Young Kim
Position: CTO
Email: help@softzen.co.kr
Remedies for Infringement:
If you need to seek remedies related to the infringement of personal data, you can apply for dispute resolution or consultation with organizations such as the Personal Data Dispute Mediation Committee and the Personal Data Infringement Reporting Center of the Korea Internet Promotion Institute.
9. Contact Us
If you have any questions about this Policy or would otherwise like to exercise your rights under this Policy or applicable Laws, you can contact us at: help@softzen.co.kr