Privacy Policy

A. Information You Provide Directly

• Account Information: When you register for an account, we collect your email address, username, display name, and password (or authentication tokens if you register via a third-party provider such as Google or GitHub). You may also optionally provide a profile photo, biography, website URL, and social media links.
• User Content: Any content you upload, create, or share through the Services, including 3D models, images, videos, audio files, exhibition configurations, titles, descriptions, and other metadata associated with your spaces and artworks.
• Communications: Messages, comments, and other communications you send through the Services, including feedback, support requests, and reports submitted to us.
• Organizational Data: If you create or join an organizational account, we collect the organization name, display name, description, avatar, and membership information (including roles and permissions).

B. Information Collected Automatically

• Usage Data: We collect information about how you interact with the Services, including pages and spaces viewed, features used, search queries, clicks, scroll behavior, time spent on pages, and navigation patterns. For 3D spaces, we may also collect interaction data such as camera movement patterns and object interactions.
• Device and Technical Data: Browser type and version, operating system, device type (desktop, mobile, tablet), screen resolution, GPU information (for 3D rendering optimization), language preference, time zone, and referring URL.
• Network Information: IP address, approximate geographic location derived from IP address (country, region, city level), and internet service provider information.
• Cookies and Similar Technologies: We use cookies, local storage, session storage, and similar technologies to collect information. See Section 8 for details.

C. Information from Third Parties

• Authentication Providers: When you sign in using a third-party service, we receive your name, email address, and profile picture from that provider, as authorized by your privacy settings with that service.
• Analytics Partners: We may receive aggregated or de-identified analytics data from third-party analytics services to help us understand how users interact with the Services.

We use the information we collect for the following purposes:

• Service Operation: To create and manage your account, authenticate your identity, process your requests, and provide customer support.
• Content Delivery: To display, distribute, and render your User Content, including 3D spaces and artworks, to other users through the Services.
• Personalization: To personalize your experience, including content recommendations and search results ranking, based on your interests, viewing history, and interactions.
• Analytics and Improvement: To analyze usage patterns and trends, measure the effectiveness of features, identify bugs and performance issues, and improve the Services. This includes analyzing 3D rendering performance data to optimize the viewer experience across different devices.
• Communication: To send you essential service-related communications, such as account verification emails, security alerts, and notices regarding changes to our Terms of Use or Privacy Policy.
• Safety and Security: To detect, investigate, and prevent fraud, abuse, security incidents, and other harmful or unauthorized activities. This includes automated scanning of uploaded content to detect malware or prohibited material.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests, and to enforce our Terms of Use.
• Aggregated Insights: To generate aggregated, de-identified statistics about platform usage, content trends, and community demographics for internal analysis and public reporting (e.g., blog posts about platform growth).

We do not sell your personal information to third parties. We may share your information in the following circumstances:

• Public Profile and Content: Your profile information (username, display name, avatar, bio) and any content you make publicly available are visible to all users and may be indexed by search engines.
• Service Providers: We share information with third-party service providers who perform services on our behalf, such as cloud hosting (e.g., Supabase, Vercel), content delivery networks, email delivery services, and analytics tools. These providers are contractually obligated to protect your information and use it only for the services they provide to us.
• Organizational Members: If you are part of an organizational account, certain account information and activity data may be visible to the organization administrators and other authorized members.
• Legal Requirements: We may disclose your information if required to do so by law, or if we believe in good faith that such action is necessary to: (a) comply with a legal obligation or valid legal process; (b) protect and defend our rights or property; (c) prevent fraud or address security issues; or (d) protect the personal safety of users or the public.
• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on the Services of any change in ownership or uses of your personal information.
• With Your Consent: We may share your information with third parties when you have given us explicit consent to do so.

4.1 Account Settings. You can access, update, or correct most of your account information at any time through your account settings page. This includes your display name, email address, avatar, biography, and notification preferences.

4.2 Content Management. You can edit, unpublish, or delete your User Content at any time through the Services. You can set individual spaces as public or private.

4.3 Data Access and Portability. You may request a copy of the personal information we hold about you. Where technically feasible, we will provide this data in a commonly used, machine-readable format.

4.4 Data Deletion. You may request deletion of your account and associated personal information by contacting us at dev.postmedia@gmail.com. Upon receiving a verified deletion request, we will delete your personal information within thirty (30) days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as resolving disputes or enforcing our Terms).

4.5 Communication Preferences. You can opt out of marketing communications at any time by contacting us. Note that even if you opt out of marketing communications, we may still send you service-related messages necessary for the operation of your account.

4.6 Rights Under Applicable Law. Depending on your location, you may have additional rights under applicable data protection laws, including the right to: (a) withdraw consent for data processing; (b) object to or restrict certain processing activities; (c) lodge a complaint with a data protection authority. To exercise any of these rights, contact us using the information in Section 12.

The Services are not intended for users under the age of 18. We do not knowingly collect, use, or disclose personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take immediate steps to delete such information. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at dev.postmedia@gmail.com so that we can take appropriate action.

6.1 Data Location. Our Services are operated from the Republic of Korea. Your information may be transferred to, stored, and processed in countries other than your country of residence, including the Republic of Korea, the United States, and other jurisdictions where our service providers operate.

6.2 Safeguards. When we transfer personal information internationally, we ensure that appropriate safeguards are in place, including standard contractual clauses approved by relevant data protection authorities, adequacy decisions, or other legally valid transfer mechanisms.

6.3 EEA, UK, and Swiss Residents. If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable local data protection laws. Our legal bases for processing include: (a) your consent; (b) the performance of our contract with you (the Terms of Use); (c) compliance with legal obligations; and (d) our legitimate interests in operating and improving the Services, provided that such interests are not overridden by your data protection rights.

6.4 Korean Residents. If you are located in the Republic of Korea, we comply with the Personal Information Protection Act (PIPA) and related regulations. You have the right to access, correct, delete, and suspend processing of your personal information in accordance with PIPA.

7.1 Active Accounts. We retain your personal information for as long as your account is active and as needed to provide you with the Services.

7.2 After Account Deletion. When you delete your account, we will delete or anonymize your personal information within thirty (30) days, except where retention is necessary for: (a) compliance with legal obligations (e.g., tax records, content takedown records); (b) resolution of disputes or enforcement of our Terms; (c) fraud prevention and security purposes; or (d) backup and disaster recovery systems, which are purged on a regular cycle.

7.3 User Content. When you delete specific User Content, we will remove it from public visibility immediately and from our storage systems within a commercially reasonable period. Cached or archived copies on content delivery networks may persist for up to 72 hours after deletion.

7.4 Aggregated Data. We may retain aggregated, de-identified data indefinitely for analytics and service improvement purposes. This data cannot be used to identify individual users.

8.1 Types of Cookies We Use.

• Essential Cookies: Required for the Services to function properly. These include session cookies for authentication, security tokens (CSRF protection), and user preference cookies (e.g., theme selection). These cookies cannot be disabled.
• Analytics Cookies: Help us understand how users interact with the Services by collecting information about pages visited, features used, errors encountered, and performance metrics. We may use third-party analytics services for this purpose.
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your display preferences, recently viewed spaces, and editor settings.

8.2 Local Storage. In addition to cookies, we use browser local storage and session storage to store application state, including editor configurations, draft content, and UI preferences. This data is stored locally on your device and is not transmitted to our servers unless you explicitly save or publish content.

8.3 Managing Cookies. Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies, accept only certain cookies, or alert you when cookies are being sent. Note that disabling essential cookies may impair the functionality of the Services.

8.4 Do Not Track. Some browsers offer a "Do Not Track" (DNT) signal. We currently do not respond to DNT signals, as there is no industry-standard protocol for compliance. However, you can manage your tracking preferences through the cookie settings described above.

9.1 Security Measures. We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include: encryption of data in transit (TLS/SSL) and at rest; access controls and authentication mechanisms; regular security assessments and vulnerability testing; monitoring for unauthorized access attempts; and secure coding practices.

9.2 Infrastructure. Our Services are hosted on enterprise-grade cloud infrastructure with industry-standard security certifications. User Content is stored in secure, access-controlled storage buckets with encryption at rest.

9.3 Limitations. While we strive to protect your personal information, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the security of your account credentials and for any activity that occurs under your account.

9.4 Breach Notification. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant data protection authorities in accordance with applicable laws, typically within 72 hours of becoming aware of the breach.

The Services integrate with or contain links to third-party services. These third parties have their own privacy policies governing the collection and use of your information. We encourage you to review their policies before providing any information. Key third-party services we use include:

• Authentication: Third-party sign-in providers (e.g., Google, GitHub) for account authentication.
• Cloud Infrastructure: Cloud hosting and storage providers for serving the platform and storing User Content.
• Analytics: Analytics services to understand usage patterns and improve the Services.
• Content Delivery: Content delivery networks (CDNs) for efficient delivery of media assets and 3D content.

We are not responsible for the privacy practices or the content of these third-party services. Our integration with these services does not constitute an endorsement of their privacy practices.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will: (a) update the "Last Updated" date at the top of this page; (b) post the revised policy on the Services; and (c) for significant changes, provide additional notice through email notification to the address associated with your account or through an in-app notification. We encourage you to review this policy periodically. Your continued use of the Services after any changes to this policy constitutes your acceptance of the revised policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the information below. We will respond to your inquiry within a reasonable timeframe, and no later than thirty (30) days.