Privacy Policy
Effective: March 1, 2026 · Last revised: May 25, 2026
0. General Provisions
29Per Co., Ltd. (the "Company") has established and discloses this Privacy Policy pursuant to Article 30 of the Personal Information Protection Act to protect personal information and to handle related complaints promptly and smoothly.
1. Data Collection and Purpose
The Company processes personal information as follows:
| Category | Collected Items | Purpose |
|---|---|---|
| Required | Email, password, nickname | Member identification, login, identity verification |
| Required | Social login identifier (Google/Kakao/Apple) | OAuth authentication |
| Required | Date of birth, birth time, gender, birth location coordinates | Four Pillars, Zi Wei Dou Shu, astrology analysis |
| Optional | Name (separate from nickname) | Report name display |
| Optional | Child info (date of birth, name) | Child fate analysis (guardian consent required) |
| Optional | Mobile phone number | Notification messages (when opted in) |
| Auto | Access IP, browser info, device identifier (deviceFp) | Fraud prevention, service improvement |
| Auto | Payment information (processed via PortOne) | Paid service payment processing |
2. Retention Period
- Immediately destroyed upon member withdrawal or achievement of the collection/use purpose.
- However, if preservation is required by applicable law, data is retained for the following periods:
Item Retention Period Legal Basis Contracts, withdrawal records, etc. 5 years E-Commerce Act, Art. 6 Payment and goods supply records 5 years E-Commerce Act, Art. 6 Consumer complaint / dispute records 3 years E-Commerce Act, Art. 6 Display / advertising records 6 months E-Commerce Act, Art. 6 Login records 3 months Communications Secrets Act, Art. 15 - After member withdrawal, data is retained in soft-deleted state for 90 days before permanent deletion (for error recovery protection).
- Payment records are retained for 5 years as required by accounting law, with identifying information (email, name) anonymized.
3. Third-Party Disclosure
The Company processes personal information only within the scope specified in Section 1, and provides it to third parties only with the data subject's separate consent or under special legal provisions. Currently provided to third parties as follows:
| Recipient | Provided Items | Purpose | Retention Period |
|---|---|---|---|
| PortOne (NHN KCP) | Payment info, email | Payment processing and fraud prevention | 5 years after payment |
| Galaxia MoneyTree | Payment info | PG payment processing | 5 years after payment |
4. Processing Entrustment
The Company entrusts personal information processing as follows for smooth service provision:
| Trustee | Entrusted Work | Country |
|---|---|---|
| Google LLC (Firebase) | Member authentication, database, cloud functions | USA (overseas transfer) |
| Vercel Inc. | Web hosting, serverless functions | USA (overseas transfer) |
| Upstash Inc. | Redis cache | USA (overseas transfer) |
| Google LLC (Gemini API) | AI analysis processing (PII anonymization applied) | USA (overseas transfer) |
| Sentry Inc. | Error tracking (PII scrubbing applied) | USA (overseas transfer) |
| Google LLC (Analytics 4) | Service usage statistics | USA (overseas transfer) |
※ When concluding entrustment agreements, the Company specifies and safely manages prohibition of processing personal information beyond the scope of entrusted work, technical/administrative protection measures, and re-entrustment restrictions, pursuant to Article 26 of the Personal Information Protection Act.
5. Rights of Data Subjects and How to Exercise Them
- Data subjects may exercise the following rights against the Company at any time:
- Request for personal information access
- Request for correction in case of errors
- Request for deletion (including member withdrawal)
- Request for suspension of processing
- Rights may be exercised via My Page or 1:1 inquiry (support@fatehacker.com), and the Company will take action without delay.
- Membership withdrawal can be done directly via My Page → Member Withdrawal menu.
- For children under 14 years of age, legal guardians may exercise these rights.
6. Security Measures
The Company takes the following technical, administrative, and physical measures to ensure security pursuant to Article 29 of the Personal Information Protection Act:
- Administrative: Establishment and implementation of internal management plan, regular employee training, etc.
- Technical:
- Encrypted personal information storage (AES-256-GCM)
- One-way password hashing (Firebase Auth bcrypt)
- Encrypted communication (HTTPS/TLS 1.3)
- Access control (role-based RBAC)
- Security audit log collection and monitoring
- Automatic blocking system for abnormal payments and access
- Physical: Use of ISO 27001/27017/27018 certified data centers through cloud infrastructure (Google Cloud, AWS)
7. Automated Data Collection (Cookies)
- The Company uses "cookies" that store and retrieve usage information to provide personalized services.
- Purposes of cookie use:
- Login maintenance and identity verification
- Language setting storage
- Service usage statistics (Google Analytics 4)
- Security token (CSRF) management
- How to refuse cookies: You can refuse or delete cookies in your web browser options. (Note: Refusing cookies may cause difficulties using some services that require login.)
- Google Analytics 4 (GA4): The Company uses GA4 to collect anonymous statistics.
- Measurement ID: G-72F5DD9RXX
- Collected items: Page views, session time, device info (anonymous), referral channels
- GA4 opt-out: Google Analytics Opt-out Browser Add-on
8. Processing of Children's Data (Under 14)
- The Company does not, in principle, accept membership from children under 14 years of age.
- However, for the "Child Fate Analysis" service, children's data is collected only after receiving explicit consent from a guardian (legal representative) before collecting the child's date of birth, birth time, and name for analysis.
- Guardian consent procedure: Minor Data Collection Consent Page
- Guardians may request access, correction, deletion, or suspension of processing of the child's personal information at any time.
- Child information is permanently deleted immediately after analysis is complete, and only the analysis report is encrypted and stored in the guardian's account.
9. Privacy Officer
Privacy Officer
- Name: Byeonggeun Song (CEO)
- Email: support@fatehacker.com
- Phone: 0507-1403-0128
Data subjects may contact the Privacy Officer for any personal information protection inquiries, complaints, or damage relief arising from the use of the Company's services.
10. Remedies for Rights Infringement
Data subjects may contact the following organizations for personal information infringement remedies and consultations:
| Organization | Contact | Website |
|---|---|---|
| Personal Information Dispute Mediation Committee | 1833-6972 | www.kopico.go.kr |
| Personal Information Infringement Report Center | 118 | privacy.kisa.or.kr |
| Supreme Prosecutors Office Cybercrime Division | 1301 | www.spo.go.kr |
| National Police Agency Cyber Investigation Bureau | 182 | ecrm.cyber.go.kr |
11. Policy Changes
- This Privacy Policy takes effect on March 1, 2026.
- The Company will notify members via the service notice board at least 7 days before any additions, deletions, or modifications resulting from changes in laws, policies, or security technology.
Company Information
Company: 29Per Co., Ltd. (29PER)
Representative: Byeonggeun Song
Business Registration No.: 844-87-02850
Mail-Order Registration No.: 2023-Gyeonggi Ansan-2499
Address: 398 Simin-daero, Dongan-gu, Anyang-si, Gyeonggi-do, 3F Room 302, Korea
Phone: 0507-1403-0128
Email: support@fatehacker.com