Privacy Policy

Our policy regarding the collection, use, storage, and destruction of personal information.

Noof Privacy Policy (v1.0)

Onboarders Co., Ltd. (the “Company”) complies with applicable laws and regulations, including the Personal Information Protection Act, and establishes and discloses this Privacy Policy to protect the personal information of users of the Noof service.

This policy explains for what purposes and in what manner users’ personal information is processed in connection with the Noof service provided by the Company.

1. Purpose of Processing Personal Information

The Company processes personal information for the following purposes:

  1. User registration and authentication
  2. Workspace creation and organization management
  3. Service provision and operational support
  4. Payment processing and billing settlement
  5. Service-related notices, guidance, and inquiry responses
  6. Security and prevention of fraudulent use
  7. Legal compliance and dispute resolution

Personal information will not be used for purposes other than those stated above.
If the purpose of processing changes, the Company will provide prior notice and obtain consent.

2. Items of Personal Information Collected

① During Sign-Up and Service Use

CategoryCollected Items
RequiredEmail address, name (nickname), password (encrypted), account identifier
OptionalProfile image

② During Payment and Billing

CategoryCollected Items
RequiredBilling contact information, card issuer information, last 4 digits of card number, payment history
Not collectedFull card number, expiration date, CVC (processed directly by the payment gateway)

③ Information Generated During Service Operation

  • Access logs and IP address
  • Service usage history
  • Deployment and operational status logs
  • Customer inquiries and support records

3. Retention and Use Period of Personal Information

The Company retains and uses personal information for the following periods:

  • Member information: Until account deletion
  • Payment and settlement information: For the period required by applicable laws
  • Service usage records and logs: Until the purpose of service stability and security is fulfilled

If retention is required by law, the information will be safely stored for the required period.

4. Provision of Personal Information to Third Parties

In principle, the Company does not provide users’ personal information to third parties.

Exceptions apply in the following cases:

  • When the user has given prior consent
  • When disclosure is required by applicable laws

5. Outsourcing of Personal Information Processing

The Company entrusts the processing of personal information as follows for service provision:

RecipientScope of Entrustment
Firebase (Google LLC)User authentication
TossPaymentsPayment processing
Cloud service providers (AWS, Vercel, Railway, etc.)Service infrastructure operation
Email/notification servicesDelivery of service notifications

The Company supervises and manages contractors through contracts to ensure the safe protection of personal information.

6. Principles for Handling Customer Service Data (DB) (Important)

As a managed operations service (MSP), Noof may access customer infrastructure and databases (DB) at the customer’s request and for service operation purposes.

The following principles apply:

  1. The customer is the data controller for end-user personal information stored in the customer’s service database.
  2. The Company accesses such data only to the extent necessary to perform operational tasks and acts as a data processor under applicable privacy laws.
  3. The Company does not view or use customer service data for purposes other than service operation.
  4. The Company does not provide customer service data to third parties or use it for secondary purposes.
  5. Data access is limited to operational purposes such as incident response, security incident handling, backup, and recovery.

7. Users’ Rights and How to Exercise Them

Users may exercise the following rights at any time:

  • Request access to, correction of, or deletion of personal information
  • Request suspension of processing
  • Request account deletion (withdrawal)

Requests can be made through in-service features or customer support, and the Company will take action without undue delay.

8. Measures to Ensure the Security of Personal Information

The Company takes the following measures to protect personal information:

  • Minimization of access rights and internal controls
  • Encrypted storage of passwords
  • Management of access logs
  • Operation of security programs
  • Prevention of external intrusion and regular security checks

9. Chief Privacy Officer

The Company designates a person responsible for overseeing personal information protection.

10. Changes to This Privacy Policy

This Privacy Policy may be amended due to changes in laws or service content.
In such cases, the Company will provide notice through in-service announcements or separate notifications.

Document Version: v1.0
Date: 2026-01-21

If you have any questions about this Privacy Policy, please contact [email protected]