Privacy Policy
Klipse Privacy Policy
SfacSpace Co., Ltd. (hereinafter "Company") complies with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and other applicable laws and regulations in operating the Klipse service (hereinafter "Service"), and makes every effort to protect users' personal information.
This policy describes how the Company processes personal information collected through the Klipse service (including AI-powered short-form video generation using AI models such as Kling and Veo, automatic YouTube upload and insight analysis, payment services, and all related features).
Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. Personal information processed shall not be used for any purpose other than those listed below. If the purpose changes, the Company will take necessary measures such as obtaining separate consent pursuant to Article 18 of the Personal Information Protection Act.
- Membership Registration and Management: Member identification, provision of membership-based services, prevention of unauthorized use
- AI Video Generation Service: Generation of short-form videos using AI models such as Kling and Veo based on user-input prompts
- YouTube Integration Service: YouTube account linking via OAuth 2.0 authentication, automatic upload/edit/deletion of videos, and collection and provision of channel insights (views, subscribers, impressions, etc.)
- Payment and Settlement: Billing for paid services, payment processing, and refund handling
- Customer Support: Handling inquiries, complaints, and delivery of notices
- Service Improvement and Statistics: Analysis of service usage, development of new features, and marketing activities
Article 2 (Categories of Personal Information Processed)
① Required Collection Items
The Company collects the following personal information to provide its services.
| Category | Items Collected | Collection Method | Required |
|---|---|---|---|
| Membership Registration | Email address, password (encrypted), nickname | Direct input upon registration | Required |
| Social Login | Social account unique ID, email, profile name | OAuth via Google, Kakao, etc. | Required |
| YouTube Integration | YouTube channel ID, channel name, access token, refresh token | YouTube Data API v3 | Required (upon integration) |
| AI Video Generation | Input prompts, uploaded images (optional) | Input during service use | Required (upon use) |
| Payment Information | Card issuer name, first 6 and last 4 digits of card number (masked), purchase history | Integration with PG (e.g., Toss Payments) | Required (upon payment) |
| Customer Support | Name, email, inquiry content | 1:1 inquiry submission | Required (upon inquiry) |
| Service Usage Records | Access IP, cookies, usage logs, device info, OS, browser info | Automatically collected | Required |
② Detailed YouTube Data Collection Items
Upon YouTube channel integration, the following data is collected via YouTube Data API v3:
- Channel Information: Channel ID, channel name, subscriber count, channel icon
- Video Insights: Views, likes, comments, impressions, click-through rate (CTR), average view duration
- Upload Metadata: Title, description, tags, thumbnail URL, visibility status
- Analytics Data: Traffic sources, viewer geography, age and gender distribution (aggregated data per YouTube standards)
⚠️ Important: Sensitive authentication information such as YouTube account passwords is not collected. Only access tokens are processed in accordance with the OAuth 2.0 standard.
③ Automatically Collected Information
- During the use of the service, information such as IP addresses, visit timestamps, usage logs, and abuse records may be automatically generated and collected through cookies, web beacons, pixels, and similar technologies.
- Users may refuse cookie collection through browser settings; however, some service features may be restricted as a result.
Article 3 (Retention and Processing Period of Personal Information)
The Company processes and retains personal information within the retention and use period stipulated by applicable laws or as agreed upon at the time of collection.
| Purpose | Items Retained | Retention Period |
|---|---|---|
| Member Management | Email, nickname, registration date | Until withdrawal (immediately deleted upon withdrawal) |
| YouTube Integration Tokens | Access token, refresh token | Until integration is revoked (immediately deleted upon revocation) |
| YouTube Upload History | Upload timestamp, video title, description, tags, visibility, URL, video ID | Until withdrawal (retained even after revocation for history restoration upon re-integration) |
| Payment Information | Payment method details, transaction history | 5 years (pursuant to Article 6 of the E-Commerce Act) |
| Customer Inquiry Records | Inquiry content, resolution records | 3 years (dispute resolution standard) |
| Service Usage Logs | Access IP, usage records | 3 months (pursuant to the Protection of Communications Secrets Act) |
| Display/Advertising Records | Ad display and viewing history | 6 months (pursuant to the E-Commerce Act) |
| AI-Generated Video Files | Generated video files | Until deletion request or withdrawal |
Article 4 (Provision of Personal Information to Third Parties)
In principle, the Company does not provide users' personal information to third parties. However, exceptions apply in the following cases:
- When the user has given prior consent
- When required by law or upon request from investigative agencies following legally prescribed procedures and methods for investigative purposes
When necessary for service operation, personal information may be provided to third parties as follows:
| Recipient | Purpose | Items Provided | Retention Period |
|---|---|---|---|
| YouTube (Google LLC) | YouTube video upload, editing, deletion, and insight API integration | Channel ID, access token | Until purpose is fulfilled |
| Kling AI (Kuaishou) | Processing AI video generation requests | Input prompts, uploaded files | Immediately deleted after API processing |
| Payment Gateway (PG) | Payment processing and refunds | Name, card information (encrypted) | 5 years (E-Commerce Act) |
Article 5 (Entrustment of Personal Information Processing)
The Company entrusts personal information processing as follows to ensure smooth service delivery:
| Trustee | Entrusted Tasks | Retention Period |
|---|---|---|
| Amazon Web Services (AWS) / Supabase | Server infrastructure operation and data storage | Until service termination |
| Toss Payments | Online payment processing | 5 years (E-Commerce Act) |
| Kling AI (Kuaishou) | AI video generation processing (prompts and images) | Immediately deleted after API processing |
| Google (Vertex AI / Veo) | AI video generation processing (prompts and images) | Immediately deleted after API processing |
When entering into entrustment agreements, the Company specifies in contracts matters such as prohibition of processing personal information beyond the entrusted scope, technical and administrative protective measures, restrictions on re-entrustment, supervision of trustees, and liability for damages, pursuant to Article 26 of the Personal Information Protection Act, and supervises whether trustees process personal information safely.
Article 6 (International Transfer of Personal Information)
The Company transfers personal information abroad as follows for service provision:
- Destination Countries: United States (AWS, Google, Kling AI, etc.)
- Items Transferred: Service usage records, YouTube integration tokens, prompt input data
- Purpose: Cloud infrastructure operation, AI model API calls, YouTube Data API integration
- Timing: Real-time transfer during service use
- Method: Network transmission (encrypted with TLS 1.2 or higher)
- Protective Measures: Standard Contractual Clauses (SCC) or equivalent personal information protection measures applied
Users may refuse consent to international transfer; however, this may restrict the use of the service.
Article 7 (Rights and Obligations of Users and Legal Representatives, and How to Exercise Them)
Users (or legal representatives for users under the age of 14) may exercise the following personal information protection rights against the Company at any time:
- Request to access personal information
- Request for correction in case of errors or inaccuracies
- Request for deletion (except where collection is mandated by other laws)
- Request to suspend processing
- Withdrawal of consent (service withdrawal or revocation of YouTube integration)
The above rights may be exercised by submitting a written or email request to the Personal Information Protection Officer, and the Company will process such requests without delay (within 10 days).
However, requests for access, correction, deletion, or suspension may be refused in the following cases:
- When there is a special provision in law or compliance with legal obligations is unavoidable
- When there is a risk of harming the life or body of another person or unjustly infringing upon the property or other interests of another person
Article 8 (Destruction of Personal Information)
① Destruction Procedure
Information entered by users is transferred to a separate database (or separate documents in the case of paper records) after the purpose has been achieved, and is then stored for a certain period or immediately destroyed in accordance with internal policies and other applicable laws.
② Destruction Methods
- Electronic Files: Permanently deleted using methods that prevent recovery or restoration (meeting DoD 5220.22-M standards or equivalent)
- Paper Documents: Shredded or incinerated
③ Exceptions to Destruction
Personal information that must be retained under applicable laws will be destroyed after the relevant retention period expires.
Article 9 (Measures to Ensure the Security of Personal Information)
Pursuant to Article 29 of the Personal Information Protection Act, the Company takes the following technical, administrative, and physical measures to ensure security:
① Technical Measures
- Encryption of Personal Information: Passwords are encrypted using one-way hashing (bcrypt); payment card information is tokenized by the PG provider
- YouTube Token Encryption: OAuth access tokens and refresh tokens are encrypted with AES-256 before storage
- Communication Encryption: TLS 1.2 or higher applied to all data transmissions
- Access Control: Minimization of access rights to personal information processing systems (principle of least privilege), IP access restrictions
- Security Vulnerability Management: Regular security audits and vulnerability scanning
② Administrative Measures
- Designation of a Data Protection Officer (DPO) and regular training
- Minimization of personnel handling personal information and management of access logs
- Establishment and implementation of internal management plans
③ Physical Measures
- Access control for computer rooms and server rooms
- Compliance with physical security policies of AWS data centers
Article 10 (Installation, Operation, and Refusal of Cookies)
The Company uses "cookies" to store and retrieve user information to provide personalized services.
① Purpose of Cookie Use
- Maintaining login sessions and managing authentication status
- Saving user preferences (language, display mode, etc.)
- Analyzing and improving service usage
② How to Refuse Cookies
Users may choose to allow, selectively allow, or block cookies through their web browser settings.
- Chrome: Settings > Privacy and Security > Cookies and other site data
- Safari: Preferences > Privacy
- Firefox: Preferences > Privacy & Security
Refusing cookie storage may restrict certain service features such as maintaining login status.
Article 11 (Special Terms Regarding YouTube API Services)
Klipse uses YouTube Data API v3 to provide YouTube channel integration, video upload/edit/deletion, and analytics features. The Company informs users of the following:
① Application of Google's Privacy Policy
Data collected through YouTube API services is also subject to Google's Privacy Policy.
② Scope and Purpose of YouTube API Data Access
Klipse accesses YouTube account data only within the scope of OAuth 2.0 scopes explicitly consented to by the user.
| OAuth Scope | Data Accessed | Purpose | Recipient |
|---|---|---|---|
youtube.upload | Upload request information (title, description, tags, visibility), upload result URL | Automatically upload AI-generated videos to the user's YouTube channel | User only |
youtube.readonly | Channel ID, channel name, subscriber count, existing video list | Confirm linked channel and manage upload history | User only |
youtube | Channel information, video metadata (title, description, tags, visibility, etc.) | Modify and delete metadata of uploaded videos | User only |
youtube.force-ssl | Video information, ratings (likes, etc.), comments, captions | View, modify, and delete videos, comments, and captions | User only |
yt-analytics.readonly | Views, impressions, CTR, watch time, subscriber changes, and other channel performance metrics | Provide channel insight dashboard to the user | User only |
③ Scope of Sharing, Transfer, and Disclosure of Google User Data
| Item | Details |
|---|---|
| Recipients | Data collected via the YouTube API is provided only to the owner of the relevant YouTube account (the user). It is not disclosed to other users or the general public. |
| Third-Party Sharing | Google user data is not sold, leased, transferred, or shared with any third party (individuals, corporations, or institutions). |
| External Transfer | Google user data is not transferred externally beyond service operation purposes. However, it may be provided pursuant to legal procedures in response to requests from investigative agencies under applicable laws. |
| Advertising Use | Google user data is not used for advertising or marketing purposes. |
| AI Model Training | Google user data is not used for AI model training. |
④ Data Stored on Company Servers
YouTube-related data stored on the Company's servers is limited to the following:
- Upload History: Upload timestamp, video title, description, tags, visibility, YouTube video URL, video ID — retained until membership withdrawal (even after revocation) to allow history restoration upon re-integration
- Basic Channel Information: Channel ID, channel name — immediately deleted upon revocation of integration
⑤ Compliance with Google API Services User Data Policy
The Company processes information collected through Google APIs in accordance with the Google API Services User Data Policy and complies with Limited Use requirements.
- Google user data is used solely to provide features requested or explicitly approved by the user.
- Google user data is not used to display advertisements or for advertising-related profiling.
- Google user data is not sold or shared with third parties.
- Human access to Google user data is permitted only with the user's explicit consent, for security purposes, or for legal compliance.
⑥ Revoking YouTube Integration
Users may revoke Klipse's access to the YouTube API at any time through [Settings > Manage Linked Channels] within the service or via Google Account Permissions. Upon revocation, YouTube access tokens and basic channel information held by the Company will be immediately deleted. However, upload history will be retained until membership withdrawal to allow restoration upon re-integration.
⑦ Security of YouTube API Data
- Data collected through the YouTube API is processed in accordance with the YouTube API Terms of Service.
- Collected YouTube data is not disclosed to other users or sold commercially beyond the purpose of managing the user's own channel.
Article 12 (Processing of Personal Information Related to AI-Generated Content)
Klipse integrates with external AI services such as Kling AI and Google Veo via API. The Company informs users of the following in relation to AI video generation:
- Prompts (text) entered by users and image files uploaded by users are transmitted to the API servers of AI service providers.
- The transmitted data may include personally identifiable information (e.g., facial images); users are advised to exercise caution when entering personally identifiable information.
- AI service providers (Kuaishou/Kling, Google, etc.) process such data in accordance with their respective privacy policies.
- After AI generation is complete, the Company requests the deletion of original prompts and files transmitted to API providers; generated video files are deleted upon user request or membership withdrawal.
Article 13 (Processing of Payment Information)
When using Klipse's paid services, payment information is processed as follows:
- Payment processing is handled by a Payment Gateway (PG) provider (e.g., Toss Payments), and the Company does not store full card numbers.
- Payment information retained by the Company is limited to: card issuer name, partial card number (first 6 and last 4 digits), transaction ID, payment amount, and payment date and time.
- Transaction records are retained for 5 years pursuant to the Act on the Consumer Protection in Electronic Commerce to resolve payment-related disputes.
- Refund requests are processed after identity verification, and the result is notified by email.
Article 14 (Personal Information Protection Officer)
The Company designates a Personal Information Protection Officer to oversee all matters related to personal information processing and to handle user complaints and remedy damages:
Personal Information Protection Officer
| Item | Details |
|---|---|
| Name | Lee Seunghyun |
| Position | CTO |
| teddy@sfacspace.com | |
| Phone | +82 1050597671 |
Personal Information Protection Department
| Item | Details |
|---|---|
| Department | Service Development Team |
| woody@sfacspace.com | |
| Processing Deadline | Within 10 days of receipt |
Users may contact the Personal Information Protection Officer or the responsible department regarding any personal information protection inquiries, complaints, or requests for damage relief arising from the use of the Company's services.
Article 15 (Request for Access to Personal Information)
Users may submit a request for access to personal information pursuant to Article 35 of the Personal Information Protection Act to the following department:
| Item | Details |
|---|---|
| woody@sfacspace.com | |
| Processing Deadline | Within 10 days of request |
Users may also report or consult on personal information infringement to the following agencies:
- Personal Information Protection Portal: www.privacy.go.kr / Hotline: 182
- Personal Information Infringement Report Center: privacy.kisa.or.kr / Hotline: 118
- Supreme Prosecutors' Office Cyber Crime Investigation Division: www.spo.go.kr / 02-3480-3573
- National Police Agency Cyber Safety Bureau: www.netan.go.kr / Hotline: 182
Article 16 (Changes to the Privacy Policy)
This Privacy Policy takes effect from the date of enforcement. Any additions, deletions, or corrections due to changes in laws or policies will be announced through the notice board at least 7 days before the effective date of such changes.
However, in the event of significant changes to user rights, prior notice will be given at least 30 days in advance.
| Version | Effective Date | Key Changes |
|---|---|---|
| v1.0 | January 1, 2026 | Initial enactment |
Article 17 (Scope of Application)
This policy applies to the Klipse service (website, mobile app, API services, and all related services) operated by SfacSpace Co., Ltd. and its affiliates and partners. However, the privacy policies of third-party linked or integrated external services (YouTube, Google, Kling AI, etc.) apply separately to the processing of personal information by those services.
Notice Date: January 1, 2026 | Effective Date: January 1, 2026
SfacSpace Co., Ltd. — Klipse Service