Privacy Policy

Effective Date: January 15, 2026

Article 1 (Purpose of Processing Personal Information)

@Research (the "Company") processes personal information for the following purposes. The personal information being processed shall not be used for purposes other than those stated below, and if the purpose of use changes, the Company will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

  1. Service Provision: Providing research support services, content provision, customized services
  2. Member Management: Member identification, confirmation of intention to join, identity verification, prevention of improper use by bad members
  3. Service Improvement: Development of new services and provision of customized services, improvement of service quality

Article 2 (Processing and Retention Period of Personal Information)

  1. The Company processes and retains personal information within the period of retention and use of personal information in accordance with laws and regulations, or within the period of retention and use of personal information agreed upon when collecting personal information from the information subject.
  2. The processing and retention period of each personal information is as follows:
    • Member registration and management: Until membership withdrawal (However, if an investigation or inquiry is in progress due to violation of related laws, until the end of such investigation or inquiry)
    • Service usage records: 3 years (Communications Secrets Protection Act)

Article 3 (Items of Personal Information Processed)

The Company processes the following personal information items:

  1. Required Items:
    • Email address (collected through social login)
    • Name (collected through social login)
    • Service usage records, access logs, cookies, access IP information
  2. Optional Items:
    • Nickname, affiliated institution, department, phone number, expertise keywords, etc. (information optionally provided by users)
  3. Password: The Company uses social login methods and does not store user passwords.

Article 4 (Provision of Personal Information to Third Parties)

The Company processes personal information of information subjects only within the scope specified in Article 1 (Purpose of Processing Personal Information), and provides personal information to third parties only in cases corresponding to Article 17 and Article 18 of the Personal Information Protection Act, such as consent of the information subject or special provisions of laws.

Article 5 (Entrustment of Personal Information Processing)

The Company entrusts personal information processing tasks as follows for smooth personal information processing:

  1. Cloud service providers: Server operation and data storage (If entrusted overseas, necessary measures will be taken in accordance with the Personal Information Protection Act)

Article 6 (Rights and Obligations of Information Subjects and How to Exercise Them)

  1. Information subjects may exercise the following personal information protection rights against the Company at any time:
    • Right to request suspension of personal information processing
    • Right to request access to personal information
    • Right to request correction or deletion of personal information
    • Right to request suspension of personal information processing
  2. The exercise of rights under paragraph 1 may be made to the Company in writing, by email, facsimile transmission (FAX), etc., and the Company will take action without delay.
  3. If an information subject requests correction or deletion of errors in personal information, the Company shall not use or provide the personal information until the correction or deletion is completed.

Article 7 (Destruction of Personal Information)

  1. The Company shall destroy personal information without delay when the retention period of personal information has elapsed, the purpose of processing has been achieved, etc., and personal information is no longer necessary.
  2. The procedure and method of destroying personal information are as follows:
    • Destruction Procedure: The Company selects personal information for which the reason for destruction has occurred and destroys it after obtaining approval from the Company's personal information protection officer.
    • Destruction Method: Information in the form of electronic files uses technical methods that cannot reproduce records. Personal information printed on paper is destroyed by shredding with a shredder or incineration.

Article 8 (Personal Information Protection Officer)

The Company is responsible for overall personal information processing tasks and has designated a personal information protection officer as follows to handle complaints and damage relief of information subjects related to personal information processing.

Personal Information Protection Officer

Email: privacy@genailabs.kr

Article 9 (Measures to Ensure Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information:

  1. Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.
  2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs
  3. Physical measures: Access control to computer rooms, data storage rooms, etc.

Article 10 (Changes to Privacy Policy)

This Privacy Policy takes effect from January 15, 2026, and if there are additions, deletions, or corrections to the contents due to changes in laws and policies, we will notify you through the notice 7 days before the implementation of the changes.