Privacy Policy
Article 1 [Purpose]
MUAH (the "Product") and NP Inc. (the "Company") protect and respect users' personal information and comply with applicable laws and regulations.
This Privacy Policy is intended to inform users of, and obtain their consent to, the collection, storage, and use of user data, including sensitive information (such as biometric data and emotional data) for the purpose of providing personalized XR wellness experiences while users use the app in a specific space. In particular, the Company processes sensitive information only with the user's separate consent in accordance with applicable laws and regulations.
This Privacy Policy explains how the Company processes personal information collected from users or provided by users to the Company. If a user does not agree to this Privacy Policy, use of the service may be restricted.
If the Company's service is used in a clinical setting, the user may receive a separate privacy notice from the relevant healthcare provider or clinical research sponsor, and such notice will apply to the relevant activities.
Article 2 [Categories of Information collected]
Due to the nature of wellness services provided in an XR-based environment, the Company provides personalized experiences based on users' biometric data and emotional states. Personal information that users may provide to MUAH includes the following:
The Company may collect and process the following sensitive information:
The Company analyzes the user's face in real time for user authentication and does not separately store original facial video. However, in order to provide the facial recognition function, the Company may encrypt and retain the user's facial feature information (images and numerical values) extracted for the period necessary for user identification, and such information is processed as biometric identification data with the user's consent.
*The Company does not separately store facial video while analyzing biometric signals for emotion inference.
Biometric data collected through the camera is used for the following purposes:
Such information is securely encrypted and processed in accordance with applicable laws and regulations, and may be stored on the server only to the minimum extent necessary to provide the service.
The biometric data, emotional data, and biometric identification data above constitute sensitive information that may identify the user's health status and identity, and the Company collects and processes such information with the user's separate consent in accordance with applicable laws and regulations.
Article 3 [Purpose of Collection and Use of Personal Information]
The Company collects and uses users' personal information for the following purposes and uses it within the scope of such purposes at the time of collection.
The Company may use collected data for research and development purposes to improve service quality and develop new features. In such cases, the data will, in principle, be processed in a de-identified or anonymized form. If data in an identifiable form is used for research, it will be processed only with the user's separate consent.
Users have the right to refuse consent to the processing of personal information and sensitive information. However, if a user refuses consent to required items, use of the service may be restricted.
Article 4 [Data Ownership]
Rights to personal information and data provided by users belong to the users. The Company uses such data only within the scope necessary to provide and improve the service.
Except as permitted by applicable laws and regulations, the Company does not provide personal information to third parties or use it beyond the purposes of collection without the user's prior consent.
Article 5 [Retention of Personal Information]
In principle, the Company retains personal information to fulfill the purposes for which it was collected. General personal information collected for service operation and customer management is retained until the user terminates use of the service. If retention is required even after termination of use pursuant to applicable laws and regulations, the information will be retained for the period prescribed by such laws and regulations. This may include purposes such as satisfying legal accounting or reporting requirements, establishing or defending legal claims, and preventing fraud.
If laws and regulations such as the Act on the Consumer Protection in Electronic Commerce, the Framework Act on Electronic Documents and Transactions, and the Protection of Communications Secrets Act require the retention of information for a certain period, the Company retains personal information accordingly and does not use such information for any purpose other than those prescribed by the relevant laws and regulations.
: Records on contracts or withdrawal of subscription: retained for 5 years
: Records on payment and supply of goods, etc.: retained for 5 years
: Records on user complaints and dispute resolution: retained for 3 years
: Records on electronic document distribution through certified electronic addresses: retained for 10 years
: Books and evidentiary documents concerning all transactions prescribed by tax laws: retained for 5 years
: Login records: retained for 3 months
: Biometric data for emotion inference and user-recommended content generation in MUAH: retained for 3 years
Article 6 [Deletion of Personal Information]
When the purposes of collection and use of personal information have been achieved, or when a user withdraws from the service or the service is terminated, the Company destroys the relevant personal information without delay by a method that makes restoration impossible. However, personal information collected for service operation and customer management may be retained for up to three years from the date of collection. If retention is required for a certain period under applicable laws and regulations, the information will be retained for that period and then destroyed without delay.
Personal information in electronic file format is securely deleted using technical methods that make recovery and restoration impossible, and personal information in paper or other printed form is destroyed by shredding or incineration.
Users may request correction or deletion of their personal information at any time by email to muacs@npinc.co.kr. Upon receiving a user's request, the Company will verify the relevant personal information without delay, take necessary measures such as correction or deletion, and inform the user of the result. However, if other laws and regulations require the retention of such personal information, the Company will comply with those laws and regulations.
Article 7 [Provision and Sharing of Personal Information]
In principle, the Company does not provide users' personal information to external parties. However, the Company may provide or share users' personal information only in the following cases, within the scope specified in this Privacy Policy or the scope notified at the time of collection.
Article 8 [Outsourcing of Personal Information Processing]
The Company may outsource part of the processing of users' personal information to external professional service providers when necessary to provide the service.
When outsourcing personal information processing, the Company enters into an outsourcing agreement in accordance with applicable laws and regulations and prescribes, manages, and supervises the matters necessary to ensure that personal information is processed safely.
The Company provides personal information only to the extent necessary to perform the outsourced work, and the outsourced service provider may process personal information only within the scope of the relevant outsourced purpose.
When the purpose of outsourcing is achieved or the agreement is terminated, the outsourced service provider destroys the relevant personal information without delay. If there is any change in the status of outsourced service providers, the Company will provide notice through this Privacy Policy.
Article 9 [Management for Protection of Personal Information]
The Company implements technical and managerial safeguards in accordance with applicable laws and regulations to safely protect users' personal information. The Company also restricts access to personal information to the minimum necessary personnel.
1. Technical Safeguards
2. Managerial Safeguards
Article 10 [Use of Service by Minors]
The Company does not collect or use personal information of children under the age of 14, and accordingly children under the age of 14 are restricted from registering for and using the service. If the Company becomes aware that personal information of a child under the age of 14 has been collected, it will delete such information without delay.
Minors aged 14 or older and under 19 must use the service with the consent of their legal representative in accordance with applicable laws and regulations.
Article 11 [Changes to the Privacy Policy]
The Company reserves the right to revise this Privacy Policy at any time. If the Company makes a material change to this Privacy Policy, it will update the date and notify users by posting it on the site or through other appropriate means. When the Company changes this Privacy Policy, it will notify users through an in-app notice or email at least 7 days before the effective date (30 days before the effective date in the case of changes unfavorable to users). The amended Privacy Policy will take effect from the notified effective date. However, matters requiring separate consent will be processed only after obtaining individual consent. In all cases, if a user continues to use the service after 30 days have passed from the effective date of the amended Privacy Policy, the user may be deemed to have agreed to the changes. However, for matters requiring separate consent, the Company will obtain separate consent from the user.
Article 12 [Contact]
For inquiries regarding the Company's Privacy Policy, please contact us at the information below.
[Personal Information Processing and Protection Officer]