International Data Transfer Consent
Effective Date: July 15, 2026
This consent is a separate item required by Article 28-8 of the Personal Information Protection Act (PIPA) of the Republic of Korea. The international transfer of data is based on contractual necessity to provide AI-powered features.
1. Why This Consent Is Required
The Service operates on artificial intelligence (AI). Transferring your personal information to the overseas providers below is necessary for core functions including AI response generation, authentication, data synchronization, and analytics. Therefore this cross-border transfer is required for performance of the service contract.
2. Transfer Details
| Recipient | Country | Method | Items Transferred | Purpose | Retention |
|---|---|---|---|---|---|
| Google LLC (Firebase, Gemini, Sign-In, Analytics) | United States | Network transmission during use | Authentication identifiers, device/log info, AI input text, usage statistics | Authentication, data storage, push notifications, AI response generation, usage analytics | Until account deletion or end of service agreement |
| OpenAI L.L.C. | United States | Network transmission upon AI request | AI input text | Large-language-model inference for response generation | Up to 30 days for abuse monitoring, then permanently deleted per API terms |
3. Safeguards
(a) Security Safeguards: We apply Standard Contractual Clauses (SCC), encryption in transit (TLS), and strict access controls required by PIPA and global data protection authorities in connection with the transfers above.
(b) Hosting Infrastructure: Our primary servers run on secured cloud infrastructure. To comply with regional laws, the Company localizes or mirrors user data within local jurisdictions where legally mandated, while central processing infrastructure is securely hosted in South Korea.
4. Right to Refuse and Effect of Refusal
- You have the right to refuse this international-transfer consent.
- However, because this transfer is necessary for service performance, refusal means the Service cannot be provided to you.
5. When the Consent Is Given and Withdrawal
- We obtain this consent at signup.
- To withdraw, please delete your account (account deletion automatically withdraws this consent).
- Withdrawing this single item without account deletion is not supported, because doing so would make the Service inoperable.
6. Contact
For questions about cross-border transfer, please contact [dev@bangguseok.co.kr].
To deploy this document efficiently across all eight regions, use these targeted tactics:
- Korea: Keep this exact form as a separate, mandatory pop-up checkbox right at signup. PIPA requires this standalone consent to be distinct from the general Privacy Policy.
- Japan: Under the APPI, ensure you notify users of the personal information protection system of the foreign country (the US). Adding a link in your policy to Japan's PPC (Personal Information Protection Commission) overview of US data laws satisfies this requirement.
- US, Hong Kong, & Philippines: These jurisdictions do not require a separate mandatory checkbox for overseas transfers, provided the data transfers are clearly disclosed within your primary, unified Privacy Policy. You can safely bundle these disclosures for non-Korean users.