Privacy Policy

FingerDoor (the “Service”) values and protects users’ personal data and complies with applicable privacy laws. This Privacy Policy explains what information is processed, for what purposes, and how it is handled during use of the Service.

Privacy FingerDoor Policy

1. Purposes of Processing

The Service processes personal data only for the purposes below. It will not be used for other purposes without additional measures required by law (e.g., separate consent).

• Service operation: creating and running sessions, submitting responses, aggregating and displaying results, providing features, and maintaining quality
• Host identification & session management: confirming the session creator (host), supporting operation, and sending essential notices (security/policy/outage)
• Abuse prevention: detecting and blocking spam/advertising sessions and abnormal usage patterns
• Support & complaint handling: receiving inquiries, verifying facts, responding, and notifying results
• Stability & security: incident response, security response, and log analysis for reliability
• Service improvement: improving UX/performance based on usage patterns (without identifying individuals)

* The Service does not use the submitted email address for marketing/advertising. It may be used only to deliver essential notices required for operation (security, policy changes, outage notices).

2. Categories of Data Processed

The Service is designed to minimize collection of personally identifiable information. However, the following data may be processed during use.

(1) Information provided by users

• Hosts (when creating a session): email address (required), session purpose (required)
• When contacting support: email address, inquiry content, and attachments (only if provided by the user)
• Host settings/content: poll titles/questions and other content (users are encouraged not to include personal data)

* “Session purpose” is used to understand the operational context and prevent abuse. Please avoid entering excessive personal/sensitive data (national IDs, bank accounts, health data).

(2) Data automatically generated/collected

• Access logs (timestamps, request records) and IP address
• Technical data such as browser type/version, device/OS info, and screen resolution
• Cookies (if used), session identifiers, and error logs
• Abuse detection signals (excessive requests, abnormal access patterns)

* If the Service introduces accounts/login/payments, additional categories may apply with separate notice and consent where required.

3. Retention Period

Personal data is retained only as long as needed to fulfill the purposes and then securely deleted without delay. If required by law, data may be retained for the period specified by such laws.

(1) Internal operational 기준 (example)

• Host email / session purpose: retained as needed for operation and abuse prevention, deleted once the purpose is achieved (may vary by policy)
• Session data (polls/responses/results): retained for a limited period under operational policy, then deleted
• Support inquiries: up to 3 years after resolution for dispute handling, then deleted (or earlier upon request where applicable)
• Access/technical logs: up to 6 months for security/stability purposes, then deleted (may vary by policy)

(2) Legal retention (if applicable)

If the Service does not provide e-commerce/payment features, this may not apply. If paid features are introduced, the following may apply:

• Records on contracts/withdrawals: 5 years
• Records on payments and supply: 5 years
• Records on complaints/dispute resolution: 3 years
• Records on advertising: 6 months

4. Disclosure to Third Parties

In principle, the Service does not provide personal data to third parties. Exceptions may include:

• When the user has given prior consent
• When required by law or by a lawful request from authorities
• When necessary to protect life/body or property within legally permitted scope

5. Processing by Service Providers

To operate the Service, certain processing may be outsourced to infrastructure/hosting providers. When outsourcing occurs, the Service will disclose the provider and scope as required by law and supervise them via contracts and safeguards.

6. Users’ Rights and How to Exercise Them

Users may exercise rights such as access, correction, deletion, and restriction of processing as permitted by law. Requests can be made via the contact below, and we will respond without undue delay.

• Request access to personal data
• Request correction if inaccurate
• Request deletion
• Request restriction of processing

* A legal guardian may exercise these rights for children under 14, if applicable.

7. Deletion Procedures and Methods

Personal data is deleted without delay once the retention period expires or the purpose is achieved.

(1) Procedure

• Select items → internal review/approval → secure deletion

(2) Method

• Electronic files: permanently deleted in a non-recoverable manner (logical deletion/overwrite, etc.)
• Printed materials: shredding or incineration (if applicable)

8. Security Measures

The Service may implement administrative, technical, and physical safeguards to protect personal data (scope may vary by operational environment).

• Minimizing personnel with access and managing access rights
• Access controls and periodic permission reviews
• Encryption in transit (e.g., HTTPS)
• Security patching and vulnerability checks
• Detection/response procedures for incidents and abnormal access
• Backups and recovery planning as defined by operational policy

9. Cookies (If Used) and How to Refuse

The Service may use cookies to provide a stable user experience. Cookies are small text files stored by your browser to help the Service function smoothly.

• Purpose: session maintenance, security, and optimizing the user experience (if applicable)
• How to refuse: you can refuse or delete cookies via browser settings
• Impact: some features (e.g., login/session maintenance) may be limited (if applicable)

10. Contact

For inquiries or complaints about personal data processing, please contact:

11. Remedies

Users may contact the following organizations regarding personal data infringement. These organizations are independent of the Service. For service-related inquiries, please contact our support.

• Personal Information Infringement Report Center (KISA)
• Personal Information Dispute Mediation Committee
• Supreme Prosecutors’ Office Cyber Crime Division
• National Police Agency Cyber Bureau

12. Updates to This Policy

This Privacy Policy may be revised due to legal, policy, or feature changes. If content is added, removed, or modified, we will notify users via the Service or by posting on this page.

Effective date: 2026-01-09