Privacy Policy
Effective Date: March 12, 2026
Article 1 — Purpose
This Privacy Policy sets forth how the Company collects, uses, stores, transfers, and protects personal data in connection with the digital game currency recharge service (the "Service").
Article 2 — Data Controller
The data controller applicable to the Service shall be determined based on the country selected by the user. The data controller for each country is specified in the relevant country addendum.
Article 3 — Personal Data Collected
The Company may collect the following categories of personal data:
1. At the time of registration
- Email address
2. Automatically collected during service use
- IP address
- Cookies
- Access logs
- Transaction records
- Payment authorization information
3. Where additional verification is required
- Mobile phone number
4. Where marketing consent is provided (optional)
- Mobile phone number
Article 4 — Purpose of Processing
The Company processes personal data for the following purposes:
• User identification and account management • Provision of services and performance of contractual obligations • Payment processing and settlement • Fraud prevention and security enhancement • Customer support and dispute resolution • Marketing communications, events, and promotions (where consent has been given)
Article 5 — Retention Period
Personal data shall be deleted without delay upon membership termination.
However, certain records shall be retained in accordance with applicable laws:
| Category | Retention Period |
|---|---|
| Records of contracts or withdrawal | 5 years |
| Records of payments and supply of goods | 5 years |
| Consumer complaints or dispute records | 3 years |
| Records of advertising and labeling | 6 months |
For the purpose of preventing fraudulent or abusive activities, certain minimum identifying information may be retained for a limited period (e.g., 30 days) after account termination.
Marketing consent records shall be retained until consent is withdrawn.
Article 6 — International Transfer of Personal Data
The Company may transfer personal data overseas for service operation and data storage purposes.
1. System Operation and Hosting
- Recipient:
- Overtake Pte. Ltd.
- Country:
- Singapore
- Data Transferred:
- Member information and transaction records
- Purpose:
- System operation and server management
- Retention Period:
- Until termination of the outsourcing agreement or expiration of statutory retention periods
The Service may be operated using cloud infrastructure provided by Amazon Web Services (AWS).
2. Analytics and Advertising Performance Measurement
- Recipient:
- Google LLC, Meta Platforms Inc.
- Country:
- United States
- Data Transferred:
- Cookie identifiers, visit records, purchase status, and purchase amount
- Purpose:
- Service analytics and advertising performance measurement
Users may refuse international transfer; however, refusal may result in limitations in the use of the Service.
Article 7 — Outsourcing of Processing
The Company may outsource certain processing activities, including but not limited to:
• System operation and technical support • Electronic payment processing • SMS message delivery • Identity verification services
The Company shall enter into written agreements with service providers and supervise them in accordance with applicable data protection laws.
Article 8 — Collection and Use of Behavioral Information
The Company may collect and use cookie-based behavioral information for service improvement and advertising performance measurement.
Data collected may include visit history, device environment, purchase status, and purchase amount.
Users may refuse the storage of cookies by adjusting their browser settings.
Article 9 — Rights of Data Subjects
Users may exercise the following rights with respect to their personal data:
• Request access • Request correction or deletion • Request suspension of processing
Such requests may be submitted through the Customer Service channel.
Article 10 — Marketing Communications
Marketing SMS messages shall be sent only with prior consent.
Users may withdraw consent at any time.
Each marketing message shall include instructions on how to opt out.
Article 11 — Security Measures
The Company implements appropriate technical and organizational measures to ensure the security of personal data, including:
• Access control and authorization management • Encryption measures • Incident response procedures • Supervision of outsourced processors
Korea Addendum
Article 1 — Data Controller in Korea
For users located in the Republic of Korea, the data controller shall be:
• Company Name: IMI Co., Ltd. • Representative Director: Soojong Park • Business Registration No.: 402-81-50705 • E-commerce Registration No.: No. 2002-Jeonju Deokjin-0015 • Address: 56 Garinae-ro, Deokjin-gu, Jeonju-si, Jeonbuk State, Republic of Korea
Article 2 — Data Protection Officer
The Company has designated a Data Protection Officer (DPO). Inquiries regarding personal data may be directed to the DPO through the Customer Service channel.
Article 3 — Children's Personal Data
The Company does not knowingly collect personal data from children under fourteen (14) years of age.
If such data is identified, it shall be deleted without delay.