Privacy Policy

1. BurnZ (hereinafter "the Company") considers the protection of users' personal information very important and complies with the Personal Information Protection Act and related laws.
2. This Privacy Policy explains how the Company collects, uses, protects, and processes users' personal information in relation to DoMock (hereinafter "the Service") provided by the Company.
3. This policy provides guidance on the overall processing procedures for the collection, use, provision, and storage of personal information for using the Service, and users must fully understand and agree to it before using the Service.

Article 1 (Personal Information Collection Items)

1. The Company collects minimal personal information necessary to provide the Service. The items of personal information collected are as follows:

1. Required Items
   • Name: Required item for service registration and identification
   • Email address: Required item for account creation, service notifications, and customer support
   • Phone number (optional): Item for customer support and providing service-related notifications
   • Payment information: Payment method information for service usage fee payment (e.g., credit card, bank transfer, etc.)
   • API configuration information: Information necessary for mock server endpoints and response configuration
2. Optional Items
   • Other service usage information: Data generated during service use (e.g., API endpoint configuration history, service feedback, etc.)
3. Automatically Collected Technical Data
   • Mock API request/response logs: Complete HTTP request logs including URLs, headers, bodies, and response times
   • Client information: IP addresses, User-Agent (browser and operating system information)
   • Real-time synchronization connection information: WebSocket connection times, workspace activity events
   • Performance metrics and error tracking: Technical information for service debugging and quality improvement

Article 2 (Purpose of Personal Information Collection and Use)

1. The Company uses collected personal information for the following purposes:

1. Service Provision
   • Mock API server and related service provision
   • Delivery of notifications and announcements related to service use
2. Customer Support
   • Processing inquiries and complaints related to service use
   • Technical support and processing customer requests related to the Service
3. Payment Processing
   • Payment and billing for service usage fees
   • Payment history management and refund processing
4. Service Improvement and Analysis
   • Data analysis for service quality improvement and user experience enhancement
   • Statistics collection and analysis related to service operation
5. Legal Obligations
   • Fulfilling obligations under law (e.g., tax reporting, contract performance, etc.)
   • Providing personal information for dispute resolution and upon request by judicial authorities
6. Marketing and Advertising (Only with Prior Consent)
   • Information about new services and product updates
   • Providing promotional and event information
   • Members may opt out of marketing information at any time from the settings page. Essential service notifications will continue to be provided even after opting out.

Article 3 (Personal Information Retention and Use Period)

1. The Company retains personal information for the following periods and will delete such information within 30 days when users request deletion of personal information or service withdrawal.

1. Basic Retention Period
   • Personal information necessary for service provision: Retained during service provision period
   • Payment and transaction-related information: Retained for minimum 5 years according to relevant laws (Commercial Act, E-Commerce Act, Tax Law, etc.)
2. Processing After Service Termination and Withdrawal
   • When users discontinue service use or withdraw, personal information will be deleted within 30 days. Information that must be retained by law may be stored for a certain period.
3. Technical Data Retention Period
   • Mock API request logs: Deleted within 30 days upon account deletion
   • Real-time connection logs: 7-30 days (according to system log policy)
   • Security-related data: Automatically expires (15-60 minutes)
4. Data Deletion Procedure
   • First deletion: Soft delete state with 30-day recovery period
   • Second deletion: Permanent deletion after 30 days
   • For immediate permanent deletion, please contact the Privacy Officer (refer to Article 9 below)

Article 4 (Provision of Personal Information to Third Parties)

1. The Company does not, in principle, provide users' personal information to third parties. However, personal information may be provided exceptionally in the following cases:

1. When users have given prior consent
2. Legal Obligations
   • When required by law (e.g., requests from courts, police, or other government agencies)
   • When provision of personal information is necessary to comply with judicial procedures or legal requirements
3. Sharing with Partners for Service Provision
   • Personal information may be provided to partners within the scope necessary for service provision. In this case, contracts are made to ensure partners handle personal information safely.

Article 5 (Entrustment of Personal Information Processing)

1. The Company may entrust personal information processing to external companies when necessary for smooth service provision. In this case, the Company executes entrustment contracts to manage that entrusted companies process personal information safely.
2. Entrusted tasks are as follows:

1. Entrusted Companies and Tasks
   • Payment processing: Paddle (Paddle.com Limited) - Payment processing and subscription management
     Entrusted information: Transaction details, subscription status, customer identifiers
   • Email delivery service: nomail - Service notifications and customer support email delivery
     Entrusted information: Email addresses, message content
   • Customer support service: Personal information may be provided to external customer support companies for customer support.
2. Personal Information Protection Obligations of Entrusted Companies
   • The Company clarifies personal information protection obligations for entrusted companies and manages and supervises them to ensure safe processing of personal information.

Article 6 (Users' Rights and Exercise Methods)

1. Users may exercise the following rights at any time:

1. Personal Information Access
   • Users may view their personal information. To view personal information, please request through the customer center.
2. Personal Information Correction
   • Users may request correction and updates to their personal information. The Company will process promptly upon receiving such requests.
3. Personal Information Deletion
   • Users may request deletion of their personal information at any time. However, deletion may be restricted for personal information that must be retained according to legal obligations.
4. Suspension of Personal Information Processing
   • Users may request suspension of personal information processing. However, processing suspension may not be possible for personal information essential for service provision.

1. To exercise users' rights, please request through the customer center, and processing will be done after identity verification procedures.

Article 7 (Measures to Ensure Personal Information Security)

1. The Company takes the following technical and administrative measures to safely protect users' personal information:

1. Technical Measures
   • Encryption: Important personal information is stored and transmitted encrypted.
   • Access control: Access to personal information is minimized, and employees accessing personal information can only access within the necessary scope.
   • Hacking prevention: Personal information is protected from external threats using firewalls, intrusion detection systems, etc.
2. Administrative Measures
   • Minimizing employees handling personal information and providing regular personal information protection training to them.
   • Establishing and complying with internal regulations for personal information protection.

Article 8 (Use of Cookies)

1. The Company may use cookies to provide better services to users. Cookies are small text files stored on users' computers and are used to analyze users' website visit and usage patterns.

1. Cookie Usage Purpose
   • Service improvement and providing personalized content
   • Efficiently supporting users' service use
2. Cookie Management
   • Users can refuse or delete cookies in web browser settings. However, refusing cookies may result in limitations on some service use.

Article 9 (Personal Information Protection Officer)

1. The Company has designated a Personal Information Protection Officer as follows to protect users' personal information:

1. Personal Information Protection Officer: Lee Jeongtae
2. Email: support@domock.dev

1. Users may contact the Personal Information Protection Officer with inquiries or complaints related to personal information.

Article 10 (Changes to Privacy Policy)

1. The Company may change the Privacy Policy, and the changed policy will be announced on the Company's website or notified via email. The changed policy becomes effective from the announced date.

Article 11 (Obligation to Notify Before Amendments)

1. When there are additions, deletions, or modifications to the content of this Privacy Policy, advance notice will be given through 'Notices' at least 7 days before the amendment.
2. However, when significant changes affecting user rights occur, such as changes to collected personal information items or purposes of use, notice will be given at least 30 days in advance, and user consent may be obtained again if necessary.

Article 12 (Other)

1. This Privacy Policy complies with the laws of the Republic of Korea, and the Company will do its best to protect users' personal information.
2. Matters not included in this policy shall be governed by relevant laws and the Company's policies.

1. Announcement Date: November 1, 2025
2. Effective Date: November 1, 2025