Privacy Policy

Effective Date: January 8, 2026

Last Updated: May 31, 2026 (added estimated-pay email collection, security measures, and remedies for infringement)

This is a translation provided for reference purposes only. The Korean version is the legally binding document.

IamNis (hereinafter referred to as the 'Company') values your personal information and complies with relevant laws and regulations including the 'Personal Information Protection Act'. Through this privacy policy, the Company informs you how your personal information is being used and what measures are being taken to protect it.

1. Personal Information Collected

  • Required: Email address, password, name, company name, mobile phone number
  • Automatically collected: Service usage records, access logs, cookies, IP address, payment records
  • Location data (GPS coordinates & accuracy): collected only at workplaces using GPS check-in and only with the employee's consent
  • Additional employee item (optional): the email address entered by an employee who chose to receive estimated-pay notices by email (collected only with the employee’s consent)

2. Purpose of Collection and Use

The Company uses collected personal information for the following purposes:

  • Identity verification for service provision, purchases, and payment processing
  • Member verification, subscription confirmation, and handling complaints and inquiries
  • Service validation, access frequency analysis, and usage statistics
  • If an employee opts in, sending estimated-pay (pre-tax, reference-only) notices by email and verifying ownership of the recipient address

3. Retention Period

In principle, personal information is destroyed without delay after the purpose of collection and use has been achieved. However, when required by relevant laws, the Company retains member information for the period prescribed by law as follows:

  • Records of contracts or subscription withdrawals: 5 years (E-Commerce Act)
  • Records of payment and supply of goods: 5 years (E-Commerce Act)
  • Records of consumer complaints or dispute resolution: 3 years (E-Commerce Act)
  • Login records: 3 months (Communications Secrets Protection Act)
  • Work and wage records (attendance logs, payroll ledger): 5 years (based on the tax-law retention period for withholding evidence; the longer of the Labor Standards Act wage-ledger retention of 3 years and the tax-law retention of 5 years is adopted)
  • Dormant company and account information: automatically destroyed after 5 years with no activity such as login, attendance, or payment
  • Employee email (when opted in to estimated-pay notices): retained while consent is maintained, and destroyed without delay upon unsubscribe, departure, or expiry of the retention period

4. Destruction Procedures and Methods

The Company destroys personal information without delay after the purpose of collection and use has been achieved. Electronic files are deleted using technical methods that prevent data recovery.

5. Privacy Officer

The Company has designated a privacy officer to protect customer personal information and handle related complaints:

  • Name: Hoonbae Bang
  • Position: CEO
  • Phone: 070-5100-2725
  • Email: iamhotdeal@gmail.com

6. Provision to Third Parties

As a rule the Company does not provide users' personal data to outside parties. However, when a member (employer) connects with an expert such as a tax accountant or labor attorney and consents to data sharing, the employee's attendance and payroll data is provided to that expert. Sharing follows the member's consent and stops upon withdrawal of consent.

7. Consignment of Personal Data Processing

To provide the service smoothly, the Company consigns personal-data processing as below. Some processors are located overseas, so personal data may be processed and stored abroad.

  • PortOne: payment processing
  • Amazon Web Services (overseas): data storage and backup
  • Sentry (overseas): error diagnostics and service-stability analysis (screen/input information may be included when an error occurs)
  • Email delivery service: sending notification and verification emails

8. Rights of Data Subjects and How to Exercise Them

Users and employees may at any time request access, correction, deletion, or suspension of processing of their personal data. Employees may exercise these rights through their company (employer) or customer support, and the Company will act without delay.

9. Measures to Ensure the Security of Personal Information

Pursuant to Article 29 of the Personal Information Protection Act, the Company takes the following security measures.

  • Administrative: establishing and implementing an internal management plan, minimizing staff who handle personal data, and providing regular training.
  • Technical: managing access privileges to the personal information processing system, installing access-control systems, encrypting passwords and unique identifiers, and installing/updating security software.
  • Physical: access control to systems and storage areas where personal data is kept.

10. Remedies for Infringement of Rights

Data subjects may contact the following bodies for relief or counseling regarding personal-data infringement.

  • Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
  • Privacy Infringement Report Center: 118 (privacy.kisa.or.kr)
  • Supreme Prosecutors’ Office Cyber Investigation: 1301 (www.spo.go.kr)
  • National Police Agency Cyber Bureau: 182 (ecrm.police.go.kr)