Privacy Policy

Privacy Policy Introduction

Zepeto AI (hereinafter “Company”) values users’ personal information and complies with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization, and other relevant laws.

This Privacy Policy informs users of how their personal information is used and what protective measures are in place.

Article 1 (Collected Personal Information)

1. Information collected upon membership registration

  • Required: Email address, password, name
  • Optional: Profile photo, company name, job title

2. Information collected during Service use

  • Service usage records, access logs, cookies, IP addresses
  • Generated persona information and content data
  • Payment information (for paid services)
    • Naver Smart Store: Orderer information, recipient information
    • Naver Pay: Payment approval information (actual card numbers are not collected)

Article 2 (Purpose of Collecting and Using Personal Information)

The Company uses the collected personal information for the following purposes:

1. Member Management
Identity verification for membership services, prevention of unauthorized use, confirmation of intention to join, age verification, complaint handling, delivery of notices

2. Service Provision
Providing AI persona generation, content analysis and creation, team collaboration features, usage statistics, and service improvement

3. Marketing and Advertising
Developing new services and providing customized services, offering event and promotional information

Article 3 (Retention and Use Period)

1. The Company retains and uses personal information during the period of service provision starting from the date of membership registration.

2. Personal information is promptly destroyed when the purpose of collection and use is achieved, or when the retention period ends, or when the user withdraws consent.

3. However, the Company retains information for a certain period in accordance with relevant laws and regulations.

Retention periods under applicable laws:

  • Records on contracts or withdrawal: 5 years (E-Commerce Act)
  • Records on payment and supply of goods: 5 years (E-Commerce Act)
  • Records on consumer complaints or disputes: 3 years (E-Commerce Act)
  • Log records: 3 months (Protection of Communications Secrets Act)

Article 4 (Destruction Procedures and Methods)

Destruction procedures

Information provided by users for membership, etc., is transferred to a separate DB after the purpose is achieved and stored for a certain period before being destroyed in accordance with internal policy and relevant laws.

Destruction methods

  • Electronic files: Secure deletion to prevent recovery
  • Printed documents: Shredding or incineration

Article 5 (Provision to Third Parties)

The Company does not disclose personal information to third parties in principle.

Exceptions are made when the user consents or when required by law, such as requests from investigative authorities following legal procedures.

Article 6 (Consignment of Personal Information Processing)

To improve services, the Company entrusts personal information processing as follows, and ensures that necessary measures are stipulated in the consignment contract for safe management.

CompanyDescription
SupabaseData storage and management
OpenAI (ChatGPT)AI-based content generation
Anthropic (Claude)AI-based content generation
Google (Gemini)AI-based content generation
X (Grok)AI-based content generation
NaverPayment processing (Smart Store, Naver Pay)

Article 7 (Rights of Users and Exercise thereof)

Users may exercise the following rights at any time:





These rights may be exercised through settings within the Service, or by contacting the data protection department via mail, phone, or email. The Company will promptly respond.

Article 8 (Data Protection Officer)

The Company designates a data protection officer responsible for handling complaints and remedies related to personal information processing.

Article 9 (Automatic Collection and Refusal of Cookies)

To provide personalized services, the Company uses cookies to store and retrieve usage information.

Users may choose to allow all cookies, confirm each time, or refuse all cookies through browser settings.

Article 10 (Security Measures)

The Company implements the following measures to ensure the security of personal information:




Supplementary Provisions

This Privacy Policy shall take effect on September 29, 2025.