Privacy Policy

1. Personal Information We Collect

The Company collects the following personal information to provide the Service: account information (email address, password) and profile information provided through social login (nickname, profile image, and the like).

Photos uploaded by users and the EXIF metadata of those photos (GPS coordinates, capture date and time, camera and device information, and the like).

Profile information (such as display name and birth year entered during onboarding) and content such as comments written by users.

Information generated and collected automatically during use of the Service: service usage records, access logs, device identifiers, device and operating-system information, and IP address.

2. How We Collect Personal Information

The Company collects information that users enter directly during sign-up and use of the Service, that they provide by uploading photos, or that is provided through social login.

Information generated automatically through devices or browsers may also be collected during use of the Service.

3. Purposes of Use

To identify and verify members, manage accounts, and provide the core functions of the Service.

To analyze photo metadata in order to verify whether a journey is real, build the user's travel map, grant travel badges, and provide travel recommendations.

To improve service quality, develop new features, prevent misuse, and operate the Service safely.

4. Handling of Location Data

The Company uses the GPS coordinates contained in photos' EXIF metadata to verify travel locations and build the travel map.

To protect users' privacy, location information disclosed externally is coarsened through grid rounding so that precise points are not exposed.

In addition, locations determined to be sensitive - such as a user's home - are masked and excluded from public display.

5. Provision to Third Parties and Outsourcing of Processing

The Company does not provide users' personal information to third parties beyond the purposes stated in this Policy, except where there is a legal basis or the user's consent.

To provide the Service smoothly, the Company outsources the following: image and file storage (Cloudflare R2 and Cloudflare Images), AI-based processing (Google Gemini), and content translation (Google Translate).

The Service uses the place-data services of Naver, Kakao, Google, and OpenStreetMap for place lookups, and the authentication services of Apple, Google, Kakao, and LINE for social login.

6. Retention and Use Period

In principle, the Company destroys personal information without delay once the purpose of collection and use has been achieved. Account information and the photos and metadata (EXIF) uploaded by the user are retained until the user withdraws membership, and are destroyed without delay upon withdrawal.

However, the Company retains personal information for the periods stated below in the following cases: (1) service usage records and access logs (including IP addresses) - 3 months, in accordance with the Protection of Communications Secrets Act; (2) identifying information of withdrawn members (such as email address), retained to prevent fraudulent sign-ups and misuse - 30 days after withdrawal.

Where applicable laws require information to be retained for a certain period, the Company retains the personal information for the period prescribed by such laws and does not use it for any other purpose.

7. Rights of Users and Legal Representatives

Users may at any time access, correct, or delete their personal information, request that processing be suspended, and withdraw their consent to the collection and use of personal information.

Users may request deletion of their personal information by withdrawing membership through the in-service settings, and may also exercise these rights by contacting lhs3446@molio.kr.

8. Destruction of Personal Information

The Company destroys personal information without delay once the retention period has elapsed or the processing purpose has been achieved.

Information in electronic file form is deleted using a technical method that prevents recovery, and information recorded on paper documents is shredded or incinerated.

9. Security Measures

The Company implements technical and administrative protective measures for the safe handling of personal information, including minimizing and managing access rights, encrypting data in transit and at rest, and operating access-control systems.

The Company minimizes the number of personnel who handle personal information and maintains the adequacy of its protective measures through regular reviews.

10. Children's Personal Information

The Service is not directed to children under the age of 14, and the Company does not knowingly collect personal information from children under 14.

If the Company becomes aware that personal information of a child under 14 has been collected, it destroys that information without delay.

11. Data Protection Officer and Contact

The Company designates a data protection officer responsible for overseeing the processing of personal information. Data Protection Officer: Lee Heesoo (이희수). Contact: lhs3446@molio.kr · 0507-1490-3470.

Inquiries, complaints, and requests for remedy relating to the processing of personal information may be directed to lhs3446@molio.kr.

12. Changes to this Privacy Policy

This Privacy Policy may be revised in line with changes in law or in the Service. Any changes and their effective date will be announced within the Service in advance.