re.scoop Privacy Policy
This Privacy Policy describes how ICONX Inc. ("the Company") handles personal information in connection with the re.scoop service ("the Service"). This Policy applies exclusively to the re.scoop service and is maintained separately from the Company's main privacy policy at iconx.co.kr.
In the event of any inconsistency between the Korean and English versions of this Policy, the Korean version shall prevail.
Table of Contents
- Personal Information Collected
- Purposes of Processing
- Retention Period
- Disclosure to Third Parties
- Outsourcing of Personal Information Processing
- Cross-border Transfer of Personal Information
- Your Rights and How to Exercise Them
- Deletion of Personal Information
- Security Measures
- Processing of Pseudonymized Information
- Cookies — Operation and Opt-out
- Behavioral Information — Collection, Use, and Opt-out
- Privacy Officer
- Changes to This Policy
- Remedies for Infringement of User Rights
- Compliance with Google API Services User Data Policy (Limited Use)
- Processing of Personal Information of Children under 14
1. Personal Information Collected
The Company collects and uses personal information only to the extent necessary to provide the Service, in accordance with the Korea Personal Information Protection Act (PIPA).
| Category | Items |
|---|---|
| At sign-up | Account identifier, email address, display name, profile image, authentication tokens |
| During use (workspace) | Workspace name, workspace URL handle, user nickname |
| During use (messages) | Body and metadata of messages (email, DM, comments, etc.) collected from channels connected by the user |
| Automatically collected | Access IP, access timestamp, service usage logs, cookies, device environment information |
The Company does not collect user passwords at sign-up. Users authenticate directly with the external identity provider (e.g., Google), and the Company only receives and stores the authentication tokens issued by that provider.
Where user content includes information about third parties (e.g., people who exchange messages with you or comment on your videos), the Company uses such third-party information only to provide the Service to you and does not contact, advertise to, or market to such individuals.
2. Purposes of Processing
The Company processes personal information only for the following purposes. If the purpose changes, the Company will obtain separate consent in accordance with Article 18 of PIPA.
| Purpose | Items Used |
|---|---|
| Member registration, authentication, and identification | Account identifier, email, display name, profile image |
| Workspace operation and member identification | Workspace name, URL handle, user nickname |
| Collecting user messages and comments; creating, posting, and managing them at the user's request | Authentication tokens, user message data |
| AI analysis for automatic classification and summarization of messages | Body and metadata of user messages |
| Service operation and security | Access IP, usage logs, cookies, etc. |
| Marketing communications, event notices, and feature announcements (where you have opted in) |
AI analysis is performed solely to classify and summarize message content. The Company does not use AI analysis to infer user attributes (such as personal interests or demographics) or for advertising targeting.
The Company does not sell or monetize user content for any purposes.
3. Retention Period
| Item | Retention Period |
|---|---|
| Account basic information (email, name, account identifier) | Until account deletion |
| Workspace information (name, URL handle, nickname) | Until account deletion or workspace deletion |
| Authentication tokens | Until the integration is disconnected |
| Service usage logs and access IP | 3 months (Korea Protection of Communications Secrets Act) |
| User messages | Until the user's explicit deletion, channel disconnection, or account deletion — whichever occurs first |
| Marketing consent information | Until consent is withdrawn |
Where applicable laws require retention, personal information will be stored separately for the prescribed period.
| Legal Basis | Item | Period |
|---|---|---|
| Korea Protection of Communications Secrets Act | Web access logs (logs, IP) | 3 months |
4. Disclosure to Third Parties
The Company does not currently disclose personal information to third parties. If the Company decides to disclose personal information to third parties in the future, it will obtain separate consent from users in advance, in accordance with Article 17 of PIPA.
However, in the event of an emergency such as disaster, infectious disease, or imminent threat to life, or where required by applicable law, the Company may provide personal information to relevant authorities without the user's consent.
| Category | Legal Basis | Recipient | Personal Information Subject to Disclosure |
|---|---|---|---|
| Disaster response | Framework Act on the Management of Disasters and Safety, Article 74-3 | Central or regional disaster management headquarters | Email, account identifier, and other identification information held by the Company |
| Infectious disease prevention and control | Infectious Disease Control and Prevention Act, Article 76-2 | Korea Disease Control and Prevention Agency, or metropolitan/provincial authorities | Email, etc. |
| Cybercrime investigation / legal disclosure obligations | Protection of Communications Secrets Act, Criminal Procedure Act, etc. | Investigative authorities, courts | Items requested under a warrant or applicable law |
5. Outsourcing of Personal Information Processing
To provide the Service, the Company outsources certain personal information processing tasks as follows. If the scope of outsourced work or the contractor changes, this Policy will be updated and disclosed accordingly.
| Contractor | Outsourced Work | Processing Region |
|---|---|---|
| Google LLC | OAuth authentication, channel integration APIs | United States |
| Amazon Web Services, Inc. | Service hosting infrastructure and AI analysis | Republic of Korea (AWS Seoul Region) |
The cloud provider performing AI analysis does not use input data for its own model training or any other external purposes, under its terms of service. Data is processed solely under the Company's instructions and for the Company's stated purposes. The Company itself does not use user content to train foundation AI models; pseudonymized data may be used to improve the Service's own classification engine, as described in Section 10.
6. Cross-border Transfer of Personal Information
The Company transfers personal information across borders as follows.
| Recipient | Country | Items Transferred | Purpose | Retention Period | Date and Method of Transfer |
|---|---|---|---|---|---|
| Google LLC | United States | Account identification information, data processed via channel integration APIs | OAuth authentication and API provision | Until service use ends | At the time of user action, in real time via HTTPS |
Service hosting infrastructure and AI analysis are currently processed within the Republic of Korea (AWS Seoul Region) and therefore do not constitute a cross-border transfer. If processing is expanded to overseas regions due to future global service expansion, the Company will provide advance notice and obtain separate consent in accordance with Article 28-8 of PIPA.
7. Your Rights and How to Exercise Them
You may exercise the following rights with respect to your personal information:
- Access, correct, delete, or restrict the processing of your personal information
- Withdraw your consent or close your account
You may exercise these rights through the "Settings → My Account" menu in the Service or by contacting the Privacy Officer (see Section 13) by email. The Company will process such requests without delay and will notify you of the result within 10 days, in accordance with PIPA.
If a legal representative of a child under 14 exercises rights on the child's behalf, the representative must submit documentation of authorization to the Company.
8. Deletion of Personal Information
The Company deletes personal information without delay once the purpose of collection and use has been achieved.
- Procedure: Once the purpose is achieved, the information is moved to a separate database and then deleted in accordance with the applicable legal retention period, or deleted immediately.
- Deadline: Within 5 business days from the date the retention period elapses or the date the information becomes unnecessary.
- Method:
- Electronic files: Database records are overwritten with null or random values; storage media are low-level formatted.
- Paper records: Shredded or incinerated.
9. Security Measures
The Company implements the following measures to manage personal information securely:
- Administrative measures: Establishing and implementing internal management plans; conducting periodic internal audits; minimizing and training personnel who handle personal information.
- Technical measures: Encrypting personal information at rest and in transit; enforcing access controls; retaining access logs and preventing tampering; defending against hacking and malware.
- Physical measures: Controlling access by unauthorized personnel; using locking mechanisms for document security.
Authentication tokens are stored in encrypted form, and access is restricted to a minimum number of authorized personnel.
10. Processing of Pseudonymized Information
In accordance with Article 28-2 of PIPA, the Company may pseudonymize collected personal information so that it cannot be used to identify a specific individual, and may use such pseudonymized information as follows.
| Purpose | Items Processed | Retention Period |
|---|---|---|
| Service improvement research (optimization of message auto-classification and development of new features, etc.) | Body and metadata of user messages (with personal identifiers removed) | Until the purpose is achieved |
When processing pseudonymized information, the Company applies the security measures required by PIPA, including separate storage of additional information and access controls. The Company commits to maintaining such information in pseudonymized form and will not attempt to re-identify it.
11. Cookies — Operation and Opt-out
The Company uses cookies to identify users, maintain session state, and analyze service usage. The Company also uses Google Analytics to analyze service usage behavior.
How to disable cookies:
| Browser | Path |
|---|---|
| Chrome | Settings → Privacy and security → Delete browsing data → Cookies and other site data |
| Edge | Settings → Cookies and site permissions → Manage and delete cookies and site data |
| Safari | Settings → Privacy → Manage Website Data |
| Firefox | Settings → Privacy & Security → Cookies and Site Data |
To opt out of Google Analytics, install the opt-out browser add-on at https://tools.google.com/dlpage/gaoptout.
If you disable cookies, some Service features may not function properly.
12. Behavioral Information — Collection, Use, and Opt-out
The Company collects and uses behavioral information to improve the Service and analyze user experience.
| Item | Description |
|---|---|
| Collection method | Automatic collection during service use |
| Items collected | Service visit records, activity logs |
| Operator collecting and processing | ICONX Inc. |
| Purpose | Analysis of service usage behavior to improve the Service and develop new features |
| Retention and use period | Until the user withdraws consent to the use of behavioral information |
| How to exercise control | iOS: Settings → Privacy → Tracking → Allow Apps to Request to Track (OFF) / Android: Settings → Google → Ads → Delete advertising ID |
13. Privacy Officer
For any inquiries, complaints, or concerns about personal information protection, please contact the Privacy Officer below.
| Name | Title | Department | |
|---|---|---|---|
| Taejin Kim | Vice President | R&D Center | contact@iconx.co.kr |
14. Changes to This Policy
This Policy may be amended in response to changes in laws, the Service, or operational policies.
- General changes: Notice posted on the website at least 7 days before the effective date.
- Material changes adverse to users (e.g., addition of third-party disclosure items, expansion of cross-border transfer): Notice posted on the website at least 30 days before the effective date, individual notice via the email registered at sign-up, and, where necessary, separate consent.
- Periodic review: At least once per year and whenever laws or the Service change.
15. Remedies for Infringement of User Rights
Users may seek consultation or remediation regarding personal information infringement through the following agencies.
| Agency | URL / Contact | Function |
|---|---|---|
| Personal Information Infringement Report Center | privacy.kisa.or.kr / 118 (toll-free) | Reporting of infringements and consultation |
| Personal Information Dispute Mediation Committee | www.kopico.go.kr / 1833-6972 | Mediation requests, class dispute mediation |
| Cyber Investigation Division, Supreme Prosecutors' Office | www.spo.go.kr / 1301 | Investigation of cybercrime |
| Cyber Bureau, Korean National Police Agency | ecrm.cyber.go.kr / 182 | Investigation of cybercrime |
16. Compliance with Google API Services User Data Policy (Limited Use)
The Company's use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.
re.scoop's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
The Company uses Google API data solely to provide Service features for which the user has expressly consented, and does not use such data for any purpose inconsistent with the Limited Use requirements.
17. Processing of Personal Information of Children under 14
The Service is available only to users aged 14 or older, and the Company does not knowingly collect personal information from children under 14. If the Company becomes aware that personal information of a child under 14 has been collected without parental consent, the Company will delete such information without delay. At sign-up, users confirm that they are at least 14 years old.
The Service is not directed at children under 13 (Children's Online Privacy Protection Act, U.S.) and does not knowingly collect information from children under 13.
Supplementary Provisions
Publication date: 2026-06-01
Effective date: 2026-06-01
(No previous version of this Policy exists.)
The Korean version of this Privacy Policy is available at https://rescoop.ai/ko/privacy-policy.