ADOASIS Creative Canvas Privacy Policy
Impact AI Inc. (hereinafter "Company") makes every effort to protect the personal information of users and data subjects (hereinafter collectively "Data Subjects") and to guarantee their right to self-determination of personal information in processing personal information for the provision of ADOASIS Creative Canvas (hereinafter "Service"), including compliance with applicable personal information laws and regulations. The Company informs Data Subjects of the current status of personal information processing and the privacy protection measures taken by the Company through this Privacy Policy. This Privacy Policy is available for review at any time through the Company's website.
1. Purpose of Collection and Use of Personal Information
The Company collects and uses personal information for the following purposes. The Company collects only the minimum personal information necessary to achieve the purpose of use, and uses the collected personal information only within the scope of the collection purpose.
| Category | Purpose of Use |
|---|---|
| Membership Registration and Management | Confirming intention to join, identity verification and authentication, maintaining and managing membership qualifications, preventing fraudulent use and unauthorized access, responding to customer inquiries, introducing new information and delivering notices |
| Service Provision | Providing Creative Canvas service, providing upload/management/ad channel delivery functions for ad creatives (images, videos, text, etc.), payment and settlement, content provision, personalized service provision |
| Complaint Handling | Verifying the identity of complainants, confirming complaint details, contacting/notifying for fact investigation, notifying of processing results |
| Service Improvement and Statistics | Collecting and analyzing service usage statistics, identifying access frequency, ensuring service stability, developing new services |
| Marketing and Advertising | Only when a member has given prior consent: providing service guidance and solicitations, providing event information and participation opportunities, posting advertisements based on statistical characteristics |
| AI Model Training (Opt-in only) | Only when a member has explicitly given prior consent: using content uploaded by the member and service usage data for improving and training the Company's artificial intelligence models |
2. Personal Information Items Collected
A. Required Items
- Email address, password (encrypted storage), name, company name
B. Optional Items
- Phone number, job title/position, department name
C. Information Automatically Generated and Collected During Service Use
- Access IP address, access date/time, service usage records, fraudulent use records
- Device information: OS type and version, browser type and version, language used
- Location information (approximate): country/city-level information based on access IP (precise location information is not collected)
- Technical information such as time zone, screen resolution, etc.
- Information collected through cookies and similar tracking technologies
D. Content Uploaded by Members to the Service
- Images, videos, text, copy, metadata, etc. uploaded by members to the ad creative library (hereinafter "Member Content"). If Member Content contains personal information such as identifiable individual images or voices, the Company protects such personal information accordingly.
E. Payment-Related Information
- Payment method information, payment date/time and amount, business registration number for tax invoice issuance, etc. (Sensitive payment information such as payment card numbers is processed directly by PCI DSS-certified payment agencies, and the Company does not store such information.)
3. Retention and Use Period of Personal Information
The Company retains and uses collected personal information for the period consented to by the Data Subject or the period necessary to achieve the purpose of collecting personal information, unless there are special circumstances such as a legal obligation to preserve. When the purpose of personal information collection is achieved, such as when a member withdraws consent to collection and use of personal information or requests membership withdrawal, the Company destroys it without delay unless there are special circumstances such as a legal obligation to preserve.
4. Provision of Personal Information to Third Parties
The Company does not provide personal information to third parties without the prior consent of the Data Subject, unless there is a separate legal basis under applicable law.
The personal information currently provided to third parties by the Company is as follows (only when a member uses the ad channel integration function):
| Recipient | Purpose of Provision | Items Provided | Retention/Use Period |
|---|---|---|---|
| Meta Platforms, Inc. (when member integrates) | Delivering ad creatives to the Meta ad account designated by the member | Ad creatives and metadata uploaded by the member, ad account identifier | Until the member disconnects the ad channel integration or in accordance with Meta's policies |
| Google LLC (when member integrates) | Delivering ad creatives to the Google ad account designated by the member | Ad creatives and metadata uploaded by the member, ad account identifier | Until the member disconnects the ad channel integration or in accordance with Google's policies |
| Other ad channel operators integrated by the member | Delivering ad creatives to the ad channel designated by the member | Ad creatives and metadata uploaded by the member, ad account identifier | Until the member disconnects the ad channel integration |
※ If a member does not integrate with ad channels, the Company does not provide the member's personal information or Member Content to the above operators.
5. Consignment of Personal Information Processing
The Company outsources personal information processing as follows for service provision and other purposes:
| Consignee | Consigned Work | Country |
|---|---|---|
| Amazon Web Services, Inc. | Cloud infrastructure operation and data storage | US/Republic of Korea region |
| Snowflake, Inc. | Data warehouse and analytics infrastructure provision | US |
| Google LLC | Collection and analysis of service usage statistics | US |
※ The list of consignees may change depending on service operations. The Company will notify of any changes through this Policy.
6. Cross-border Transfer of Personal Information
The Company transfers and processes personal information outside of Korea (abroad) as follows for service provision and other purposes:
| Transfer Country | Recipient | Items Transferred | Transfer Purpose | Transfer Date/Method | Use/Retention Period |
|---|---|---|---|---|---|
| US | Amazon Web Services, Inc. (Contact: aws-korea-privacy@amazon.com) | All member information and Member Content | Cloud infrastructure (server) operation | Immediately transmitted via encrypted network upon personal information input/creation | Until membership withdrawal or contract termination |
| US | Snowflake, Inc. (Contact: support@snowflake.com) | Service usage logs, analytics data | Data analysis and statistical processing | Transmitted via encrypted network upon automatic collection | 3 years or until analytics purpose is achieved |
| US | Google LLC (Contact: googlekrsupport@google.com) | Service usage statistics data | Collection and analysis of service usage statistics | Automatically collected and transmitted via cookies etc. | In accordance with Google Analytics policies |
| US | Meta Platforms, Inc. (Contact: korealocalagent@support.facebook.com) | Ad creatives uploaded by the member, etc. | Delivering ad creatives to the Meta ad account integrated by the member (only occurs upon explicit member integration) | Transmitted via API at the time of member's delivery request | In accordance with Meta's advertising policies |
Data Subjects may request the Company to stop cross-border transfers. In such cases, the Company will review the request and take necessary measures. However, stopping cross-border transfers may restrict the use of some services that necessarily involve cross-border transfer of personal information.
7. Procedures and Methods for Destruction of Personal Information
When the personal information retention period has elapsed or the processing purpose has been achieved, the Company destroys personal information without delay unless required to preserve it under applicable law.
(1) Destruction Procedure
Personal information held by the Company is transferred to a separate database (or separate filing cabinet for paper documents) after the processing purpose is achieved, and is stored for a certain period in accordance with internal policies and applicable law, then destroyed. Personal information transferred to a separate database is not used for other purposes unless required by law.
(2) Destruction Method
- Personal information printed on paper: Shredded or incinerated
- Personal information stored in electronic file format: Deleted using technical methods that cannot reproduce records (permanent data deletion or physical destruction of disks)
8. Rights, Obligations, and Methods of Exercise for Data Subjects
Members and their legal representatives may exercise the following rights regarding their own personal information or that of children under 14 years of age for whom they are legal representatives, at any time:
- Right to request access to personal information
- Right to request correction or deletion of personal information
- Right to request suspension of personal information processing
- Right to withdraw consent to collection, use, provision, etc. of personal information
Rights may be exercised with the Company in writing, by email (privacy@impactai.ai), or by fax, and the Company will take action without delay. Rights may also be exercised through a legal representative or authorized agent of the Data Subject, in which case submission of a power of attorney is required.
The Company confirms whether the applicant is the person themselves or a legitimate representative when a rights exercise request is made.
9. Processing of Personal Information of Children Under 14
The Company does not, in principle, collect personal information of children under 14 years of age and does not allow membership registration for children under 14. If the Company becomes aware that personal information of a child under 14 has been collected, it destroys such information without delay.
10. Operation and Refusal of Automatic Collection Devices (Cookies)
The Company uses cookies and similar technologies (local storage, pixels, SDK, etc.) that store and periodically retrieve usage information to provide personalized services to members.
(1) Purpose of Cookie Use
- Essential cookies: Providing core service functions such as maintaining login and security authentication (cannot be refused)
- Functional cookies: Providing convenience functions such as saving member settings and environment, multilingual display
- Analytics cookies: Collecting and analyzing service usage statistics (used only with member consent)
- Advertising cookies: Cookies for placing advertisements outside of services operated by the Company (used only with member consent)
(2) Method of Refusing Cookie Settings
Members have the option regarding cookie installation. Members may select whether to use cookies through the cookie consent banner or settings within the service, and may also refuse cookie storage through web browser option settings. However, if essential cookie storage is refused, there may be difficulties in using the service.
11. Use of Personal Information for AI Model Training Purposes
The Company provides advertising creative analysis, optimization, and recommendation services based on artificial intelligence (AI). This section describes the Company's processing of member data in relation to the operation of the Company's AI functions and model training.
(1) Use of Data for AI Inference
The Company uses content uploaded by members and the content of members' requests as input data to AI models to provide AI functions to members. Data input during this inference process is used only for generating the corresponding response and is not used for training the Company's or its consignees' AI models.
(2) Use of Data for AI Model Training
The Company uses content uploaded by members, service usage patterns, and member feedback for training and improving the Company's AI models only when members have explicitly given prior consent. Members may withdraw this consent at any time in the settings menu within the service, and data collected after the withdrawal of consent will not be used for AI training. However, please be aware that it may be technically impossible or impose an excessive burden to separate and remove data already used for training from completed models prior to withdrawal of consent.
(3) Separation of Personal Information
When the Company uses data for AI model training, the Company, in principle, separates and removes personal information from training data through pseudonymization or anonymization measures.
(4) Right Regarding AI Automated Decisions
If a decision that has a legal effect or similarly significant impact on a member is made in a fully automated manner by AI, the member has the right to request an explanation of that decision, request human intervention, and raise objections to the decision.
12. Measures to Ensure Safety of Personal Information
The Company implements administrative, technical, and physical protective measures including the following to ensure the safety of personal information:
(1) Administrative Protective Measures
- Establishment and implementation of internal personal information management plans
- Minimization of personal information handlers and regular training
- Designation of Personal Information Protection Officer and operation of internal audit procedures
- Regular supervision and training of personal information consignees
(2) Technical Protective Measures
- Encryption of personal information: Passwords are stored with one-way encryption; personal information is encrypted when transmitted; and key personal information items are encrypted when stored
- Technical measures against hacking: Installation and operation of intrusion prevention and detection systems
- Minimization of personal information access rights and operation of access control systems
- Retention and protection against forgery/alteration of access records
- Installation and regular updating of antivirus programs
(3) Physical Protective Measures
- Data centers where major systems are located use facilities with access control systems and 24-hour monitoring
- Secure storage and disposal of media containing personal information
13. Personal Information Protection Officer
The Company has designated a Personal Information Protection Officer and responsible department as follows to protect personal information and handle complaints related to personal information:
| Personal Information Protection Officer | Name: Geunseong Jeong / Title: Team Leader Contact: privacy@impactai.ai |
|---|---|
| Personal Information Processing Department | Department: AI Engineering Information Security Team Contact: privacy@impactai.ai |
14. Changes to the Privacy Policy
This Policy may be changed in accordance with changes in laws and regulations, government policies, or the Company's internal operating policies. When this Policy is changed, the Company will immediately notify the details and reasons of the changes through the service screen, email, or the Company's website. The history of changes to this Policy and the content of the Privacy Policy prior to changes can be found on the Company's website.
Announcement Date: June 1, 2026
Effective Date: June 8, 2026