cosmile Privacy Policy

This policy applies solely to the features and services provided by cosmile. The current version of this privacy policy was last updated on February 22, 2025, and will take effect upon the official launch of cosmile. If you have any questions, please contact our customer support via email.

1. Acknowledgment and Agreement to the Privacy Policy

Welcome to cosmile and thank you for using our online shopping mall services. cosmile recognizes the importance of personal information collected within the service and will make every effort to ensure your information is secure and protected. We are committed to earning your trust by adhering to the following principles: the principle of accountability, purpose limitation, informed consent, data minimization, security assurance, user participation, and transparency.

cosmile promises to follow industry-standard security practices and measures to protect your personal data.

Before using cosmile, please carefully read and ensure that you fully understand this privacy policy. By clicking to accept or using any means to agree to this policy, you confirm that you have fully understood all its terms and legal consequences and consent to all provisions herein. If you have any questions, opinions, or suggestions about this policy, you may contact us via the developer email for clarification. If you do not agree or fully understand this policy, please refrain from using cosmile services.

2. Information Collection

(1) To provide you with better services, cosmile collects information based on the principles of lawfulness, legitimacy, and necessity, and only with your consent. We do not collect information prohibited by law or obtain personal information from illegal sources.

The following business features require certain information to function:

a) Account Registration/Login

• You may register as a cosmile member using Google or Apple login.

• Alternatively, you can register using your email and password.

• We collect publicly available information from third-party platforms (Google, Apple), such as your nickname and email, to link your account and allow you to log in and use our services. This is done within the scope of your consent.

• If you choose to link your phone number, we will collect it for purposes such as account verification, password recovery, and account-related notifications.

b) Product Browsing/Sharing

• When you search or browse on cosmile, we collect your interactions, such as search keywords and clicked links/pages, to deliver relevant results.

3. Use of Information

Generally, cosmile uses your personal and device information for the following purposes:

• Service delivery: To provide services like product browsing, order placement, and order management within the App.

• Market research: Occasionally, we may invite you to participate in surveys to improve our products and services.

• Data analysis: We may analyze order information to understand user preferences and improve functionality.

• Operations: Includes network maintenance, troubleshooting, etc.

• We may use your personal data for additional purposes, which will be disclosed via updates to this policy.

By using cosmile, you authorize and agree to receive commercial emails (e.g., product updates, promotions). You can opt out via settings provided in the App.

You acknowledge that we may use your data without consent in the following cases:

• Matters related to public safety, health, or major public interests.

• Legal proceedings such as criminal investigations or court rulings.

• Protection of vital interests (life, property) of individuals when it is hard to obtain consent.

• Ensuring stable and secure operation of our products/services (e.g., fault detection).

• Necessary for legal news reporting or academic research with de-identified data.

• Other cases stipulated by law.

4. Sharing, Transfer, Disclosure, and Transmission

• cosmile does not use your information for third-party advertising or behavioral targeting.

• cosmile does not transfer your personal information to any company, organization, or individual, except in these situations:
  • With explicit consent;
  • In case of mergers, acquisitions, or bankruptcy where information transfer is required, we will ensure the new entity continues to follow this policy or obtains your consent again.

• cosmile only discloses your personal information:
  • With your explicit consent;
  • When legally required by authorities, lawsuits, or regulatory bodies.

5. Storage and Transmission

• When you delete your account, we will fully remove your personal information and related account data. However, we may retain the account registration record to prevent abuse of new user benefits.

• Some information (e.g., transaction records) will be retained for legal purposes (e.g., tax, audits) and securely deleted or anonymized afterward.

• If cosmile discontinues operations, all personal data will be deleted, and users will be notified individually or via announcement.

• Your data is stored in AWS data centers located in South Korea (or other applicable regions) and is protected in accordance with this privacy policy.

6. Token Usage

• Purpose: Tokens simplify the login process.

• Generation and Storage: Tokens are generated uniquely per user and stored securely on your device and cosmile’s servers. We use encryption for secure transmission and storage.

• Use: Tokens verify identity during login and retain your preferences and settings.

• Security: We implement strict security measures to prevent misuse. You are responsible for safeguarding your device and token.

• Revocation: If your token is compromised or you delete your account, contact us immediately via the developer email to revoke the token.

• Lifecycle: Tokens are periodically refreshed. After expiration, you must re-login to generate a new token.

• No Cookies: cosmile does not use browser cookies for advertising or tracking, only local secure storage for token management.

7. Information Security and Protection

• cosmile places great importance on data security and has adopted appropriate administrative, technical, and physical safeguards, in line with international best practices and standards.

• Security measures cover the entire data lifecycle — from collection to destruction — including access control, SSL encryption, anonymization, and masking of sensitive data.

• Strict internal controls apply to employees handling personal data, including activity monitoring and mandatory confidentiality agreements. Regular training reinforces best practices.

• While no system can guarantee complete security, cosmile makes every effort to protect your information from loss, misuse, or unauthorized access.

• If you discover your personal data has been compromised, especially account credentials, please contact us immediately.

8. Handling of Data Breaches

If a security incident occurs, cosmile will suspend affected accounts. If the account was registered via Google or Apple, we will report the incident to them for resolution. For email-registered accounts, cosmile will review logs and reinstate the account after resolving the issue.

9. Policy for Minors

(1) cosmile accepts registration via email and password, with encrypted password storage. Users may also submit a phone number to receive product updates. If you are under 18, please obtain consent from your legal guardian before using cosmile.

(2) If a guardian discovers that a minor registered and used cosmile without consent, they may contact us via email, and we will promptly delete the minor's data upon verification.

10. User Rights

In accordance with relevant laws, regulations, and standards, you have the following rights regarding your personal data:

(1) Access/Modify: You may access your data through: Main Screen → MY.

(2) Deletion: You may request deletion via the menu at the bottom of the MY section. Once deleted, the data cannot be recovered and a new registration will be required.

11. Policy Updates

cosmile may revise this policy when necessary. The updated version will indicate the revision date and take effect upon release. Without your explicit consent, we will not reduce your rights under this policy. For significant changes, we will provide access to historical versions.

Significant changes may include:

• Changes in service models, such as purposes or types of data collected or how data is used.

• Changes in ownership structure (e.g., mergers, acquisitions, bankruptcy).

• Changes to primary data sharing/disclosure targets.

• Changes in user rights or how to exercise them.

• Changes to our data protection department or contact information.

• Risk assessments indicating high risk.

We will retain previous versions of this policy for your reference.