AutoInvo (hereinafter "the Company") values your personal information and complies with the Personal Information Protection Act and other relevant laws. This Privacy Policy explains what personal information we collect, why we collect it, and how long we retain it.
Article 1 (Personal Information Collected)
The Company collects the following personal information to provide services:
1. Information Collected During Registration
| Collection Method | Items Collected |
|---|---|
| Regular Registration | Email address, password, name (optional) |
| Google Login | Email address, name, Google account UID |
| Naver Login | Email address, name, Naver account UID |
| Kakao Login | Email address, name (nickname), Kakao account UID |
2. Information Collected During Service Use
| Items | Description |
|---|---|
| Document Information | Issuer/recipient company name, address, contact, email, business registration number |
| Company/Client Information | Saved company name, address, contact, email, business registration number |
| Item Information | Item name, description, quantity, unit price, amount |
| Template Information | Saved document templates (issuer/recipient info, items, bank info, etc.) |
| Image Data | Logo images, stamp/signature images (Base64 encoded) |
3. Information Collected During Payment
| Items | Description |
|---|---|
| Payment Information | Payment method, card company name, partial card number (masked) |
| Transaction Information | Order number, payment amount, payment date/time, receipt URL |
β» Payments are processed through PortOne, and sensitive payment information such as full card numbers is not stored directly by the Company.
4. Automatically Collected Information
Information automatically collected during service use:
- Service usage records, access logs
- IP address, browser type, operating system
- Cookie information
Article 2 (Purposes of Collection and Use)
The Company uses collected personal information for the following purposes:
| Purpose | Details |
|---|---|
| Member Management | Member registration, identity verification, member service provision, fraud prevention |
| Service Provision | Invoice/estimate creation, PDF download, document management |
| Payment Processing | Paid service payment, payment history inquiry, refund processing |
| Customer Support | Inquiry response, announcement delivery, service-related guidance |
| Service Improvement | Service usage statistics analysis, new service development |
Article 3 (Retention and Use Period)
The Company destroys personal information without delay once the purpose of collection and use has been achieved. However, if retention is required by relevant laws, the information is retained for that period:
| Retention Item | Retention Period | Legal Basis |
|---|---|---|
| Contract or subscription withdrawal records | 5 years | E-Commerce Act |
| Payment and goods supply records | 5 years | E-Commerce Act |
| Consumer complaint and dispute records | 3 years | E-Commerce Act |
| Website visit records | 3 months | Communications Privacy Act |
Article 4 (Third-Party Provision)
The Company does not provide users' personal information to third parties in principle. However, exceptions are made in the following cases:
- When the user has given prior consent
- When required by law or when requested by investigative agencies according to legally prescribed procedures
Article 5 (Processing Delegation)
The Company delegates personal information processing as follows for service provision:
| Delegated Company | Delegated Work |
|---|---|
| PortOne | Payment processing, payment information management |
Article 6 (User Rights and Exercise Methods)
Users may exercise the following rights at any time:
- Right to access: You may request to view your personal information held by the Company.
- Right to correction: You may request correction if your personal information is inaccurate or incomplete.
- Right to deletion: You may withdraw consent to personal information processing and request deletion.
- Right to suspend processing: You may request suspension of personal information processing.
These rights can be exercised through service settings or customer service. Upon account deletion, all personal information is immediately destroyed except for retention periods required by law.
Article 7 (Destruction of Personal Information)
- The Company destroys personal information without delay when it becomes unnecessary due to expiration of retention period or achievement of processing purpose.
- Destruction procedure: Information entered by users is moved to a separate DB after purpose achievement and destroyed after storage according to internal policies and relevant laws.
- Destruction method: Electronic file information is deleted using technical methods that make recovery impossible.
Article 8 (Safety Measures)
The Company takes the following measures to ensure the safety of personal information:
- Administrative measures: Personal information handler training, establishment and implementation of internal management plans
- Technical measures: Encryption of personal information, access log retention, security program installation
- Physical measures: Access control to computer rooms and data storage rooms
Article 9 (Use of Cookies)
- The Company uses cookies to provide personalized and customized services to users.
- Cookies are small pieces of information sent by websites to the user's browser and stored on the user's computer.
- Users have the choice to accept cookies and can refuse cookies through browser settings. However, refusing cookies may limit the use of some services.
Article 10 (Privacy Officer)
The Company has designated a Privacy Officer to oversee personal information processing and handle user complaints and damage relief:
Privacy Officer
Contact: AutoInvo Operations Team
Email: privacy@autoinvo.com
Article 11 (Remedies for Rights Infringement)
Users may apply for dispute resolution or consultation with the following organizations for relief from personal information infringement:
- Personal Information Dispute Mediation Committee: 1833-6972 / www.kopico.go.kr
- Personal Information Infringement Report Center: 118 / privacy.kisa.or.kr
- Supreme Prosecutors' Office: 1301 / www.spo.go.kr
- National Police Agency: 182 / ecrm.cyber.go.kr
Article 12 (Privacy Policy Changes)
- This Privacy Policy is effective from the enforcement date, and changes due to legal or policy amendments will be announced 7 days before implementation.
- This Privacy Policy is effective from March 02, 2026.
Addendum
This Privacy Policy is effective from March 02, 2026.
