Effective Date: March 31, 2025

Waddle Corp. ("Company") has established and publicly discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act of Korea to protect users' personal data and ensure the prompt and smooth handling of related concerns. This policy applies to all B2B SaaS services operated by the Company. Given that the Company provides services to global customers and end users, this policy also reflects key international standards and applicable data protection laws, including the GDPR, the CCPA, and other U.S. state privacy laws such as the Colorado Privacy Act (CPA) and Virginia Consumer Data Protection Act (VCDPA), and addresses cross-border data transfers.

1. Purpose of Processing Personal Data

The Company processes personal data for the following purposes. Personal data will not be used for purposes other than those stated below. Should the purpose change, the Company will obtain separate consent pursuant to applicable law.

  1. Membership Registration & Management: To verify intent to register, provide member-only services, identify and authenticate users, maintain accounts, prevent misuse, confirm legal guardian consent for children under 14, notify users, and handle complaints.
  2. Service Provision: To deliver services, provide content and personalized features, send contracts/invoices, verify identity, process payments, and collect receivables.
  3. Provision of Service Brochures: To provide informational materials about the services.
  4. Marketing and Advertising (with prior consent): To deliver tailored services, promotional and event information, advertising, and conduct analysis and surveys for service improvement. Users may opt out of receiving marketing communications at any time by clicking the unsubscribe link in our emails or by contacting us at [email protected].
  5. Customer Support: To identify the complainant, verify claims, contact users for fact-checking, and inform results.
  6. Service Improvement & Research: For internal analysis, improvement of existing services, and development of new services.
  7. AI Conversation Data Analysis: To analyze conversations between end users and the AI agent for customer reporting, service enhancement, and insights.
  8. Age Restriction: The Company does not permit users under the age of 14 to register or use its services.
  9. To comply with applicable data protection laws, such as the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and the United Kingdom, and the California Consumer Privacy Act (CCPA) for residents of California, USA.
  10. API Calls to Third-Party AI Services: The Company provides generative responses via OpenAI and other APIs. Input data may be transmitted to the OpenAI API servers. The Company maintains an enterprise contract with OpenAI to ensure user data is not used for training purposes.

2. Data Retention and Processing Period