Privacy Policy
Last updated: February 24, 2026
Article 1 (Purposes of Processing Personal Information)
Aperture Studio (hereinafter “Company”) processes personal information for the following purposes. Personal information processed will not be used for any purpose other than those listed below, and if the purpose of use changes, the Company will take necessary measures such as obtaining separate consent pursuant to Article 18 of the Personal Information Protection Act (PIPA).
- ① Membership registration and management: provision of membership services, identity verification, prevention of unauthorized use
- ② Digital content purchase and delivery: payment processing, purchase history management, granting content access rights
- ③ Customer support: handling inquiries, delivering notices, responding to queries
- ④ Service improvement: monitoring access frequency, analyzing service usage statistics
- ⑤ Marketing and advertising (with separate consent): announcements of new content, provision of event and promotional information
Article 2 (Personal Information Collected)
The Company collects the following personal information to provide the Service.
- Required items
Email address, name (or nickname), encrypted password, purchase history, payment method information (card issuer name, last 4 digits, and other partial information), service usage records, access IP, cookies - Items collected at the time of payment
Payment amount, payment date and time, payment method type. Sensitive payment information such as full card numbers is processed directly by payment processors (PortOne, Stripe) and is not stored on Company servers. - Automatically collected items
Browser type, operating system, pages visited, visit date and time, service usage records
Article 3 (Retention and Use Period of Personal Information)
The Company processes personal information within the retention and use period required by law or agreed upon at the time of collection from the data subject.
- ① Member information: until account deletion (destroyed within 30 days after deletion)
- ② Purchase and payment records: 5 years pursuant to the Act on Consumer Protection in Electronic Commerce
- ③ Consumer complaint and dispute resolution records: 3 years pursuant to the Act on Consumer Protection in Electronic Commerce
- ④ Access logs: 3 months pursuant to the Protection of Communications Secrets Act
- ⑤ Marketing consent information: until consent is withdrawn
Article 4 (Provision of Personal Information to Third Parties)
As a rule, the Company does not provide users' personal information to third parties. Exceptions are made in the following cases.
- ① The user has given prior consent
- ② Required by law or requested by investigative authorities in accordance with legal procedures and methods for investigative purposes
The minimum necessary information is provided to the following companies for payment processing purposes.
| Recipient | Purpose | Items provided |
|---|---|---|
| PortOne | Domestic payment processing | Purchase amount, order number |
| Stripe | International payment processing | Purchase amount, email address |
Article 5 (Outsourcing of Personal Information Processing)
The Company outsources personal information processing tasks to the following parties to provide the Service.
- ① Amazon Web Services (AWS): server hosting and data storage
- ② Email delivery service provider: sending service notification emails
Outsourcing agreements specify compliance with personal information protection laws, technical and administrative safeguards, restrictions on sub-outsourcing, and supervision of processors.
Article 5-2 (Technical Measures for Content Protection)
The Company implements the following technical measures to protect the copyright of digital content and prevent unauthorized distribution.
- ① User-identifying watermark embedding: for the purpose of content protection, an invisible watermark containing the purchaser's unique identifier is embedded in PDF content.
- ② Access log collection: access logs including the time of content viewing and access IP address are collected and retained.
- ③ Collected watermark and access log data are used solely for the purpose of investigating copyright infringement and tracing unauthorized distribution, and are destroyed without delay once that purpose has been fulfilled.
Article 6 (Security Measures for Personal Information)
Pursuant to Article 29 of PIPA, the Company implements the following technical and administrative measures necessary to ensure security.
- ① Password encryption: user passwords are stored using one-way encryption (bcrypt).
- ② Transmission encryption: personal information is transmitted in encrypted form via SSL (TLS) protocol.
- ③ Access restriction: the number of employees with access to personal information is minimized and reviewed on a regular basis.
- ④ Access record retention: access records to personal information processing systems are retained and measures are taken to prevent tampering.
- ⑤ Security updates: systems are regularly inspected and security patches are applied to guard against hacking and other threats.
Article 7 (Rights of Data Subjects)
Users (data subjects) may exercise the following personal information protection rights against the Company at any time.
- ① Right to access personal information
- ② Right to request correction of errors
- ③ Right to request deletion
- ④ Right to request suspension of processing
These rights may be exercised through the account settings page within the Service or by email at support@aperturestudio.co, and the Company will take action without delay. However, information whose retention is required by law may not be immediately deleted; in such cases, the reason will be communicated.
Article 8 (Use of Cookies)
① The Company uses cookies to provide personalized services to users.
② Cookies are small pieces of information sent by the server operating the website to the user's browser and stored on the user's computer hard disk.
- Essential cookies: cookies necessary for Service operation such as maintaining login sessions and shopping cart functionality
- Analytics cookies: anonymized statistical cookies used to understand and improve Service usage
③ Users may refuse cookie storage through browser settings; however, doing so may make certain features such as staying logged in unavailable.
Article 9 (Privacy Officer and Contact Information)
The Company has designated a Privacy Officer to oversee personal information processing and handle complaints and remedies related to personal information.
- Privacy Officer: Aperture Studio Operations Team
- Email: privacy@aperturestudio.co
- Business hours: Weekdays 10:00 – 18:00 (excluding public holidays)
For reports or consultation regarding personal information breaches, you may contact the following authorities.
Personal Information Infringement Report Center: privacy.kisa.or.kr / 118 (no area code required)
Personal Information Dispute Mediation Committee: www.kopico.go.kr / 1833-6972