GUARD-FORCE Alarm Privacy Policy
Revision History
Date Version
2025.12.26 ver. 1.0

SecureKorea Inc. (hereinafter referred to as "Company") establishes this privacy policy for GUARD-FORCE Alarm service users in accordance with Article 30 of the Personal Information Protection Act to protect the personal information and rights of data subjects and to handle user complaints related to personal information smoothly.

Article 1. Collection Items and Processing/Retention Period of Personal Information

The personal information collected and used is as follows. Users may refuse to consent, but service use may be restricted if essential consent information is refused.

Purpose of Use Collection Purpose Items Collected Retention and Use Period
Member Registration Confirmation of membership intention
Identity verification and authentication
Maintenance and management of membership
Prevention of fraudulent use of services
Various notices and complaint handling		 Email address
Password
Device identifier		 Until membership withdrawal

However, if an investigation or inquiry is in progress due to violation of related laws, it will be retained until the end of such investigation or inquiry
Email Account Linking Email reception through linking of Gmail, Outlook, iCloud accounts Email account information
OAuth token		 Until account linking is terminated
Email Filtering and Notifications Email filtering and notification provision according to user-set rules Email subject
Email content
Sender information
Reception time		 Until membership withdrawal

However, if an investigation or inquiry is in progress due to violation of related laws, it will be retained until the end of such investigation or inquiry
App Service Use App function provision and service improvement Device information (OS version, device model)
App version information
Service usage records		 Until membership withdrawal
Article 2. Collection Items and Processing/Retention Period of Sensitive Information

The sensitive information collected and used is as follows. Users may refuse to consent, but service use may be restricted if essential consent information is refused.

Purpose of Use Collection Purpose Items Collected Retention and Use Period
Email Content Analysis Email content analysis and filtering according to user-set keywords Email body content (may contain personal information) Until membership withdrawal

However, additional retention may be required according to legal retention periods
Article 3. Provision of Personal Information to Third Parties

The Company does not provide personal information to third parties without the prior consent of users. However, personal information may be provided to third parties after obtaining user consent within the scope necessary for users to use services of external partners, etc.

Recipient Purpose of Use Items Provided Retention and Use Period
Google User usage analysis and service improvement Device information
Cookie information
User age
User gender
User interests
Service page usage information
Service page stay time		 Until membership withdrawal or service termination
Apple iCloud email service linking iCloud account information
OAuth token		 Until account linking is terminated
Microsoft Outlook email service linking Outlook account information
OAuth token		 Until account linking is terminated
Article 4. Rights, Obligations, and Exercise Methods of Data Subjects and Legal Representatives

Data subjects may exercise the following rights against the Company at any time.

1. Request for access to personal information: You may request access in accordance with Article 35 (Access to Personal Information) of the Personal Information Protection Act. However, access requests may be refused in accordance with Article 35, Paragraph 4 in the following cases:

  • a. When access is prohibited or restricted by law
  • b. When there is a risk of harming another person's life or body, or unfairly infringing on another person's property or other interests
  • c. When a public institution performs any of the following tasks and causes serious disruption:
  • β…°. Tasks related to imposition, collection, or refund of taxes
  • β…±. Tasks related to examinations on academic background, skills, and employment, and qualification reviews
  • β…². Tasks related to evaluations or judgments in progress regarding calculation of compensation, benefits, etc.
  • β…³. Tasks related to audits and investigations in progress under other laws

2. Request for correction or deletion of personal information: You may request correction or deletion in accordance with Article 36 (Correction and Deletion of Personal Information) of the Personal Information Protection Act. However, deletion may not be requested if the personal information is specified as a collection target under other laws.

3. Request for suspension of processing of personal information: You may request suspension of processing in accordance with Article 37 (Suspension of Processing of Personal Information, etc.) of the Personal Information Protection Act. However, requests for suspension of processing may be refused in accordance with Article 37, Paragraph 2 in the following cases:

  • a. When there are special provisions in law or when it is unavoidable to comply with legal obligations
  • b. When there is a risk of harming another person's life or body, or unfairly infringing on another person's property or other interests
  • c. When it is difficult to perform the contract, such as being unable to provide services agreed with the data subject without processing personal information, and the data subject has not clearly expressed the intention to terminate the contract
Article 5. Destruction of Personal Information

1. The Company destroys personal information without delay when it becomes unnecessary due to the expiration of the retention period or achievement of the processing purpose.

2. If personal information must continue to be preserved under other laws even after the retention period agreed with the data subject has elapsed or the processing purpose has been achieved, the personal information (or personal information file) is moved to a separate database (DB) or stored in a different location.

3. Personal information recorded and stored in electronic file format is destroyed using technical methods that make it impossible to reproduce the records, and personal information recorded and stored in paper documents is destroyed by shredding or incineration.

Article 6. Measures to Ensure Safety of Personal Information

In accordance with Article 29 of the Personal Information Protection Act, the following technical, administrative, and physical measures necessary to ensure safety are being implemented.

1. Establishment and implementation of internal management plans
Internal management plans and regulations related to personal information protection are established and implemented.

2. Encryption of personal information
Major personal information such as passwords of data subjects is encrypted and stored and managed, and important information uses separate security functions such as encryption during storage and transmission or file locking functions.

3. Technical measures against hacking, etc.
Security programs are installed, regularly updated and checked, and systems are installed in areas controlled from external access to technically and physically monitor and block personal information leaks and damage caused by hacking or computer viruses.

4. Access restriction to personal information processing systems
Necessary measures are taken to control access to personal information by granting, changing, and deleting access rights to database systems that process personal information, and unauthorized access from outside is controlled using intrusion prevention systems.

5. Storage and prevention of tampering of access records
Records of access to personal information processing systems (web logs, summary information, etc.) are stored and managed for at least 2 years, and access records are managed to prevent tampering, theft, and loss.

6. Access control for unauthorized persons
A separate physical storage location is provided for personal information systems storing personal information, and procedures for controlling unauthorized persons are established and operated.

7. Minimization and training of employees handling personal information
Employees handling personal information are designated and limited to those in charge to minimize, and the safety of personal information is ensured through regular training to comply with related regulations and laws.

Article 7. Installation, Operation, and Refusal of Automatic Collection Devices for Personal Information

1. The Company may use technologies that automatically collect usage information within the app to improve services for users.

2. The app may automatically collect the following information for service provision and improvement:

  • a. Device information: Device identifier, operating system information, device model name, app version information, etc.
  • b. Usage information: Service usage records, access logs, error information, performance data, etc.
  • c. Location information: Location information may be collected only when the user has consented to the provision of location information.

3. The above information is used for purposes such as service provision, improvement, and security enhancement. Users can refuse the collection of some automatically collected information through app settings. However, refusal to collect essential information may restrict service use.

Article 8. Personal Information Protection Officer

The Company is responsible for overall personal information processing tasks and has designated a personal information protection officer as follows to handle complaints and damage relief related to personal information processing.

Type Position Name Contact
Chief Officer CEO μž₯원석 tim@securekoreainc.com
Protection Officer Manager μž₯원석 tim@securekoreainc.com
Article 9. Remedies for Infringement of Rights and Interests

Data subjects may inquire about damage relief and counseling regarding personal information infringement to the following institutions. The following institutions are separate from the Company's services. If you are not satisfied with the Company's own personal information complaint handling and damage relief results, or need more detailed help, please contact them.

Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)

Scope: Reporting personal information infringement, application for counseling

Website: privacy.kisa.or.kr

Phone: (toll-free) 118

Personal Information Dispute Mediation Committee

Scope: Application for personal information dispute mediation, group dispute mediation (civil resolution)

Website: www.kopico.go.kr

Phone: 1833-6972

Supreme Prosecutors' Office Cyber Investigation Division

Website: www.spo.go.kr

Phone: 02-3480-3570

Email: cid@spo.go.kr

National Police Agency Cyber Bureau

Website: cyberbureau.police.go.kr

Phone: (toll-free) 182

Supplementary Provisions

This privacy policy takes effect from December 26, 2025.