Privacy Policy

TensorVault Privacy Policy SugarCube Networks Co., Ltd. (“Company,” “we,” “us,” or “our”) values the privacy of users of the TensorVault service and complies with applicable privacy and data protection laws. This Privacy Policy explains what personal information we collect and use in connection with TensorVault, why we use it, how long we retain it, how we delete it, and how users may exercise their privacy rights. Article 1. Personal Information We Collect and How We Collect It 1. For account registration and account use, we may collect the user’s name, email address, password, email verification information, and the date and time of acceptance of the Terms and Privacy Policy. 2. If social login is provided, we may collect information required for authentication, such as the social login provider identifier and email address. 3. For GPU repair intake and repair progress management, we may collect the user’s name, email address, mobile phone number, device manufacturer, model name, serial number, symptom description, customer notes, repair case number, diagnosis results, quote information, repair progress status, test reports, warranty history, and information about photos or document files uploaded by the user. 4. For quotes, payment confirmation, and shipping, we may collect quote number, payment number, payment status, payment method category, amount, deposit confirmation information, shipment number, carrier, tracking number, recipient name, and destination summary. 5. For sales, lease, and customer support inquiries, we may collect company name, contact person name, email address, inquiry details, GPU specifications, quantity, intended use, budget range, and delivery region. 6. In the course of using the service, certain information may be automatically generated and collected, including IP address, access time, browser and device information, cookies, service usage records, and security logs. 7. As a general rule, we do not collect resident registration numbers or other unique identification information, nor do we collect sensitive personal information. 8. Personal information is collected when users directly enter information through the TensorVault website, account registration, login, repair intake, inquiry forms, file uploads, email consultations, or when information is automatically generated during service use. Article 2. Purposes of Collection and Use We use collected personal information for the following purposes: 1. Account registration, login, email verification, and account management 2. GPU repair intake, inbound guidance, diagnosis, quote preparation, repair progress management, and result notification 3. Payment guidance, deposit confirmation, refunds, settlement, and dispute handling 4. Shipment registration, tracking number notification, and delivery status updates 5. Warranty history management and after-service support 6. Sales, lease, and customer support consultations 7. Notices, service updates, and processing result notifications 8. Prevention of abuse, security incident prevention, and service quality improvement 9. Compliance with applicable laws and legal obligations Article 3. Disclosure of Personal Information to Third Parties 1. We process users’ personal information only within the scope of the purposes described in this Privacy Policy and do not disclose personal information to third parties without the user’s prior consent. 2. However, we may disclose personal information where the user has given prior consent, where disclosure of minimum necessary information is required for service performance such as shipping, payment confirmation, or specialist repair through carriers, payment or settlement-related parties, or repair partners, or where disclosure is required by law or by a lawful request from an investigative agency, supervisory authority, or court. Article 4. Outsourcing of Personal Information Processing 1. We may outsource part of our personal information processing activities to external service providers in order to provide and operate TensorVault in a stable manner. 2. Email delivery and primary system hosting are handled through the Company’s own mail server and IDC infrastructure. We do not outsource personal information processing to a separate external email delivery provider or external hosting provider for these operations. 3. We may outsource shipping-related work to external carriers for device inbound and outbound shipment and delivery guidance. In such cases, recipient name, contact information, delivery address information, tracking number, and other information necessary for shipping may be provided to the carrier. 4. The main carriers we use include CJ Logistics and FedEx. The actual carrier and shipping method may vary depending on the intake region, device type, and transport conditions. 5. Where specialist diagnosis, repair, testing, or parts procurement is required, we may outsource work to repair partners or technical partners. In such cases, only the minimum information necessary to perform the work, such as case number, device information, symptom description, and diagnostic reference materials, will be provided. 6. The names of repair partners or technical partners may not be disclosed due to trade secrets, security needs, or contractual obligations. However, we manage such outsourcing through contracts or equivalent management procedures that require privacy protection, confidentiality, prohibition of use beyond the entrusted purpose, prohibition of unauthorized third-party disclosure, responsibility in the event of an incident, and deletion or return of personal information after the end of the outsourcing relationship. 7. If there are changes to outsourced service providers or the details of outsourced work, we will notify users through this Privacy Policy or through service notices. Article 5. Retention and Use Period 1. We delete personal information without delay once the purposes of collection and use have been achieved. However, we may retain personal information for the periods set out below where necessary for service history verification, warranty handling, dispute resolution, abuse prevention, or compliance with applicable laws. 2. Account information is retained for five years from the date of account withdrawal or account deactivation. 3. Repair intake information, diagnosis information, quote information, repair progress history, test reports, and warranty history are retained for five years from the end date of the warranty period for the relevant device or repair case. 4. Payment information, deposit confirmation information, refund and settlement information, shipping information, and tracking information are retained for the same period as account information, namely five years from the date of account withdrawal or account deactivation. For guest repair cases or repair cases not linked to an account, such information is retained for five years from the end date of the warranty period for the relevant repair case. 5. Automatically generated information, such as access logs, security logs, and service usage records, is retained for the same period as account information, namely five years from the date of account withdrawal or account deactivation. For guest usage records or records not linked to an account, such information is retained for five years from the date of collection. 6. Sales, lease, and customer support inquiry information is retained for five years from the date the inquiry is completed. 7. Where separate retention is required by applicable laws, we may retain personal information for the period prescribed by those laws. 8. Major statutory retention periods include the following: Records on contracts or withdrawal of offers: 5 years Records on payment and supply of goods or services: 5 years Records on consumer complaints or dispute handling: 3 years Records on display or advertising: 6 months Access logs and communications confirmation data: period required by applicable laws 9. Accounts with no login activity for one year or longer may be separated and managed as dormant or inactive accounts. If the user’s intention to continue using the service is not confirmed, the information may be deleted except for the minimum information required. Article 5-2. International Transfer of Personal Information We do not currently transfer users’ personal information outside Korea. If an international transfer of personal information becomes necessary to provide the service in the future, we will provide prior notice of the categories of personal information to be transferred, the destination country, the recipient, the purpose of transfer, and the retention and use period, and will take the measures required under applicable laws. Article 6. Access, Correction, Deletion, and Withdrawal of Consent 1. Users may request access to, correction of, deletion of, suspension of processing of, or withdrawal of consent for their personal information at any time. 2. Account information may be viewed or changed directly through My Page. If direct handling is not available, users may contact the privacy inquiry channel, and we will take action without delay after verifying the user’s identity. 3. If a user requests correction of an error in personal information, we will not use or disclose the relevant personal information until the correction has been completed. 4. If corrected information has already been provided to a third party, we will notify the third party of the correction result where reasonably possible. 5. Some requests may be restricted where retention is required by law or where there is a risk of infringing the rights or interests of another user. In such cases, we will explain the reason for the restriction. Article 7. Deletion Procedure and Method 1. We delete personal information without delay when the retention period expires or the processing purpose has been achieved. 2. Electronic files and database records are deleted using secure methods designed to prevent recovery or reproduction. 3. Paper documents, if any, are destroyed by shredding, incineration, or another method that prevents recovery. 4. Backup data is managed under separate retention standards and is not used for any purpose other than recovery. Article 8. Cookies and User Choice 1. TensorVault uses cookies and browser storage necessary for service operation, such as maintaining login sessions, performing security checks, and saving cookie consent status. 2. Users may allow, confirm, or refuse the storage of cookies through their browser settings. 3. If cookies are refused, certain features such as login, My Page, and repair progress lookup may be limited. Article 9. Security Measures We take the following measures to help prevent personal information from being lost, stolen, leaked, altered, or damaged: 1. Encryption or non-reversible hashing of passwords 2. Security settings for authentication cookies 3. Prevention of abuse through email verification and request limits 4. Separation of administrator, partner, and customer permissions 5. Limitation of access rights to personal information 6. Restricted storage and visibility controls for uploaded files 7. Audit logging of major processing activities 8. Technical and administrative safeguards such as access control, backups, and security checks Article 10. Rights of Users and Legal Representatives 1. Users may request access to, correction of, deletion of, or suspension of processing of their personal information. 2. If it becomes necessary to process personal information of a child under the age of 14, we will verify the consent of the child’s legal representative. 3. We will take necessary measures without delay in response to legitimate requests from users or legal representatives in accordance with applicable laws. Article 11. Inquiries and Complaints 1. We operate a privacy inquiry channel to promptly handle privacy-related inquiries and complaints. 2. Privacy-related inquiries may be submitted to saleserver@naver.com or 02-6741-2425. 3. The Company’s address is B-815, 18 Magokjungang 4-ro, Gangseo-gu, Seoul, Republic of Korea. Article 12. Privacy Officer 1. We designate a privacy officer to oversee personal information processing and to handle privacy-related complaints and remedies. 2. The privacy officer is as follows: Privacy Officer Name: Kim Kyungrok Email: icarus@sugarcube.co.kr 3. General privacy-related inquiries may also be submitted through the following contact information: Company: SugarCube Networks Co., Ltd. Service: TensorVault Email: saleserver@naver.com Phone: 02-6741-2425 Address: B-815, 18 Magokjungang 4-ro, Gangseo-gu, Seoul, Republic of Korea Article 13. Privacy Complaint and Consultation Authorities For reports or consultations regarding personal information infringement, users may contact the following authorities: 1. Privacy Infringement Report Center: privacy.kisa.or.kr / 118 2. Personal Information Dispute Mediation Committee: www.kopico.go.kr / 1833-6972 3. Supreme Prosecutors’ Office: www.spo.go.kr / 1301 4. Korean National Police Agency Cybercrime Reporting System: ecrm.police.go.kr / 182 Article 14. External Websites If an external website linked from TensorVault separately collects personal information, the privacy policy of that external website will apply. Article 15. Notice of Changes If this Privacy Policy is amended by addition, deletion, or modification, we will provide notice through the TensorVault website notice board or on this page. Supplementary Provision This Privacy Policy is effective as of May 29, 2026.