Privacy Policy

1. Purpose of Personal Information Processing

KATCHUP Inc. ("Company") processes personal information for the following purposes. Personal information being processed will not be used for purposes other than those listed below, and if the purpose of use changes, the Company will take necessary measures such as obtaining separate consent.

  • Membership Registration and Management: Identity verification for membership-based service use, maintenance and management of membership status, prevention of fraudulent service use
  • Service Provision: Student-company matching service, campaign information, recruitment information
  • Application and Payment Management: Event/project application receipt, RSVP confirmation, payment status management, refunds, dispute handling, and applicant communication
  • Google and External Service Integrations: Google Sign-In, Google Sheets Sync selected by event/project operators, and related account connection management
  • Marketing and Advertising: Development of new services and provision of customized services, provision of event information, hiring information, participation opportunities, and promotional communications by email or push notification where the user has opted in

2. Personal Information Collected

Category Items Collected Purpose
Student Member (Required) Email, password, name, university, year, major Membership registration, service use, company/club matching
Student Member (Optional) Profile image, GPA, phone number, payment method for rewards (Zelle/PayPal handle) Profile display, reward payments, interest-based recommendations
Student Member (Verification) Student ID, enrollment/graduation document images (when image verification is selected) Academic verification (alternative to email verification)
Google Sign-In Google account identifier, email address, name, profile image URL, university email domain verification result Account sign-up/login, identity verification, duplicate account prevention, academic email verification
Club Member Representative email, password, club/university affiliation, club logo/description/SNS links (optional) Club account registration/approval, event/project operation, applicant management
Company Member Email, password, company name, contact name Membership registration, service use, student recruitment
Application Submission Collection fields specified by the event/project operator (name, email, school, major, year, GPA, etc.), files uploaded by the applicant (resume, portfolio, etc.), responses to custom questions added by the operator Receipt and review of event/project applications by operators
Paid RSVP and Payment Selected payment option, payment method, payment provider, payment status, payment amount/currency, order ID, payment key, payment processor method, easy-pay provider, payment failure/cancellation reason, bank transfer acknowledgement RSVP payment processing, confirmation, refund/cancellation handling, fraud prevention, dispute response
Google Sheets Sync Connected Google account email/name/profile image URL, Google OAuth access/refresh tokens, granted scopes, selected Google Drive folder or Sheet identifiers, spreadsheet URL, sheet tab information, sync status/error logs, applicant submission data selected for synchronization Creating, opening, and synchronizing Google Sheets for event/project submissions at the operator's request
Notifications and Marketing Consent Hiring information consent status and timestamps, marketing/push consent status and timestamps, email delivery records, push token, push token digest, device platform, bundle ID, app version, last seen time Sending service notices, hiring information, and optional promotional messages; managing opt-in/opt-out preferences; push delivery and security
Automatic Collection IP address, cookies, visit times, service usage records Service improvement, statistical analysis, security (fraud prevention)

※ Application form collection items vary depending on the event/project operator's settings, and applicants can review the collection items before submitting their application.

3. Retention Period of Personal Information

The Company processes and retains personal information within the retention/use period required by law or consented to by the data subject when collecting personal information.

  • Member Information: Until membership withdrawal (destroyed within 30 days after withdrawal)
  • Optional Hiring/Marketing Consent Records: Until consent withdrawal or membership withdrawal, unless retention is required for legal compliance or dispute handling
  • Google Sheets Connection Information: Until the user disconnects the Google account, deletes the connection, or withdraws membership, unless retention is required for legal compliance or dispute handling
  • Contract or Cancellation Records: 5 years (E-Commerce Act)
  • Payment and Goods Supply Records: 5 years (E-Commerce Act)
  • Consumer Complaint or Dispute Resolution Records: 3 years (E-Commerce Act)
  • Website Visit Records: 3 months (Communications Privacy Act)

4. Provision of Personal Information to Third Parties

The Company processes personal information of data subjects only within the scope specified in Article 1 (Purpose of Personal Information Processing), and provides personal information to third parties only when the data subject consents or when special legal provisions apply, in accordance with Articles 17 and 18 of the Personal Information Protection Act.

  • Provision to Company Members: When a student applies to a company's recruitment posting, profile information is provided to the company.
  • Provision to Club Members: When a student applies to an event or project posted by a club, the information entered or attached in the application (name, email, school, major, year, GPA, attached files, and responses to additional questions specified by the operator) is provided to the club operating the event/project and to club members granted joint editing privileges, for review and contact purposes.
  • Information Access by Company Members: Company Members may access the profiles and application information of students who apply to their postings.
  • Provision to Student Members: Information about the publisher (club or company) of events/projects/recruitments to which a student has applied is displayed to the student.
  • External Sharing by Operators (Share Links): Event and project operators may create and send read-only Share Links to share applicant lists and application contents with external collaborators (e.g., evaluators, joint operating team members).
    • Operators may optionally set a 6-digit password on the Share Link, and may regenerate or deactivate the link at any time to immediately block access.
    • The scope, recipients, and security level of information provided through Share Links are determined by the relevant event/project operator, and the Company provides this functionality as a platform provider.
    • Applicants are deemed to have consented at the time of application submission to the operator's review, management, and external sharing of such information.

5. External Services, Processors, and Google User Data

The Company uses external service providers only to provide and operate user-facing Service features.

  • Google Sign-In: When a user chooses Google Sign-In, the Company receives basic Google account information such as email, name, profile image, and Google account identifier to create or authenticate the KATCHUP account.
  • Google Sheets Sync: When an operator connects Google Sheets, the Company uses the granted Google Sheets and Google Drive file permissions to create, select, open, and update Sheets requested by that operator. The Company does not sell Google user data, use it for advertising, or transfer it except as necessary to provide the visible Google Sheets Sync feature, comply with law, or protect security.
  • Payment Providers: Online payment processing may be handled by Toss Payments or another payment service provider. The Company stores payment status and transaction references needed to confirm the RSVP, but detailed card or payment instrument information is processed by the payment provider according to its own policies.
  • Email, Push, Hosting, Storage, and CDN Providers: The Company may use infrastructure providers to send emails and push notifications, host the Service, store uploaded files, deliver images/files, and maintain security and reliability.
  • Users may withdraw optional hiring information, marketing, or push notification consent in notification settings. Users may disconnect Google Sheets Sync where the Service provides a disconnect function, and may also manage connected app access from their Google account settings.

6. Destruction of Personal Information

The Company destroys personal information without delay when it becomes unnecessary, such as when the retention period has elapsed or the processing purpose has been achieved.

  • Electronic File Format: Deletion using technical methods that prevent recovery and reproduction
  • Paper Documents: Shredded with a shredder or incinerated

7. Rights and Obligations of Data Subjects

Data subjects may exercise the following personal information protection rights against the Company at any time:

  • Request to access personal information
  • Request to correct errors
  • Request for deletion
  • Request to suspend processing

Rights may be exercised through written documents, email, etc., and the Company will take action without delay.

8. Measures to Ensure the Security of Personal Information

The Company takes the following measures to ensure the security of personal information:

  • Administrative Measures: Establishment and implementation of internal management plans, regular employee training
  • Technical Measures: Access privilege management for personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs
  • Physical Measures: Access control to computer rooms, document storage rooms, etc.

9. Personal Information Protection Officer

  • Name: Won Jun Jang
  • Position: Head of Personal Information Protection
  • Phone: 010-4197-3793
  • Email: [email protected]

Data subjects may direct all inquiries, complaints, and remedy requests related to personal information protection arising from the use of the Service to the Personal Information Protection Officer.

10. Remedies for Rights Violations

Data subjects may apply for dispute resolution or consultation to the following organizations to seek remedies for personal information violations:

  • Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
  • Personal Information Infringement Reporting Center: 118 (privacy.kisa.or.kr)
  • Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
  • National Police Agency: 182 (ecrm.cyber.go.kr)

Supplementary Provisions
This Privacy Policy originally took effect on January 1, 2025, and was last updated on July 6, 2026.