Privacy Policy
Effective: May 11, 2026 · Last updated: June 17, 2026
Innostock (the "Company") complies with the Personal Information Protection Act and other applicable laws of the Republic of Korea, and establishes and discloses this Privacy Policy as follows to protect users' personal information. In this Policy, "Service" refers to Innostock provided by the Company.
1. Personal Information We Collect
The Company collects the following personal information to provide the Service.
| Category | Items collected | Method |
|---|---|---|
| Free trial / inquiry | (Required) Name, company name, job title, contact (phone number), email address, country · (for inquiries) inquiry content | Entered directly by the user in the application form |
| Service use (account) | (Required) Email address, password (stored as a one-way hash and cannot be decrypted) | Entered at sign-up |
| Uploaded data | Business data such as sales/inventory history (SKU, quantity, date, etc.). In principle this does not include personal information. | Uploaded by the user as an Excel/CSV file |
| Automatically collected | Access IP, cookies, service usage records, device/browser information | Generated automatically during use of the Service |
It is the user's responsibility to ensure that data they upload does not contain third parties' personal information such as customer names or contact details.
※ The Company does not, in principle, collect personal information of children under the age of 14.
2. Purpose of Collection and Use
- Responding to free trial / inquiry requests, service guidance, and customer support
- Member identification and provision of the Service (demand forecasting, ordering, inventory management)
- Settlement and payment of fees
- Service improvement through usage statistics and behavioral analysis, new feature announcements, and delivery of notices
- Prevention of misuse and ensuring service stability
3. Retention and Use Period
As a rule, the Company destroys personal information without delay once the purpose of collection and use has been achieved. However, where retention for a certain period is required under applicable law, the information is kept for that period.
- Member information: until membership withdrawal (destroyed immediately upon withdrawal, except that email is retained for 30 days to prevent misuse)
- Free trial applications: destroyed within 1 year after the processing purpose is achieved
- 1:1 inquiries: destroyed within 1 year after processing is completed
- Access logs: 3 months (Protection of Communications Secrets Act)
- Information subject to a statutory retention obligation: the period prescribed by the relevant law
※ The Company does not currently operate online payment (an automatic billing system) and therefore maintains no separate retention items for payment or contracts. If online paid billing is launched in the future, retention provisions under the Act on Consumer Protection in Electronic Commerce will be added.
4. Provision to Third Parties
The Company does not use users' personal information beyond the scope stated in this Policy or provide it to third parties, except in the following cases:
- When the user has given prior consent
- When required by law or by a lawful request from an investigative agency
5. Outsourcing and Overseas Transfer of Processing
To provide the Service smoothly, the Company outsources personal information processing tasks as follows. Some processors are located overseas, and personal information may therefore be transferred abroad.
| Processor | Outsourced task | Location · Overseas transfer | Items transferred |
|---|---|---|---|
| Supabase, Inc. | Authentication, database, and infrastructure services | Data storage location: Republic of Korea (AWS Seoul ap-northeast-2 region, stored domestically) · Headquarters: United States | Member account information, business data uploaded by the user (stored domestically) |
| Vercel, Inc. | Web hosting and deployment infrastructure | Overseas transfer: United States | Request-processing data such as access IP |
| PostHog, Inc. | Service usage / behavioral analytics | Overseas transfer: United States (us.i.posthog.com) | Non-identifying user_id (UUID), service usage/behavioral events, access IP |
| Google LLC (Google Analytics) | Web usage statistics analysis | Overseas transfer: United States | Access IP, cookie-based usage behavior and device information |
| Microsoft Corporation (Microsoft Clarity) | Usability analysis (session replay / heatmaps) | Overseas transfer: United States | Page interactions (clicks/scrolls), access IP (※ personal information entered in forms is masked and is not transmitted) |
| FormSubmit | Inquiry / free-trial form delivery | Overseas transfer: United States | Name, company name, job title, contact, email, country, and inquiry content entered in the form |
※ Processing of personal information by the above processors is subject to safeguards applied through outsourcing contracts under Article 26 of the Personal Information Protection Act. Member information and business data uploaded by users are stored on servers within the Republic of Korea (Supabase Seoul region).
※ Overseas transfers take place over the network when the Service is used or accessed, and the recipient retains the personal information within the scope of the above purpose until termination of the outsourcing contract. Users may refuse the overseas transfer of their personal information; in such case, sign-up and use of the Service may be restricted.
6. Rights of Data Subjects and Legal Representatives, and How to Exercise Them
Users (data subjects) and their legal representatives may at any time request access to, correction, deletion, or suspension of processing of their personal information. Such requests may be made via the Personal Information Protection Officer contact below, and the Company will act without delay. Users may delete their uploaded data directly within the Service.
7. Destruction Procedure and Method
- Electronic files: permanently deleted by a method that prevents recovery or reproduction
- Paper documents: shredded or incinerated
8. Measures to Ensure Security
a. Administrative measures — Establishment and implementation of an internal management plan; minimization of access privileges (least privilege)
b. Technical measures — One-way hash storage of passwords (cannot be decrypted), TLS 1.2+ encryption across the entire transmission path, per-user data isolation via database row-level security (RLS), enforcement of HTTPS and security headers (CSP, HSTS, X-Frame-Options), and blocking of abnormal access (rate limiting)
c. Backup and recovery — Automatic backups (in accordance with processor policies) and prompt recovery in the event of a failure
※ For convenience, some data may be temporarily cached in the user's browser local storage (localStorage), and this copy may be stored in plain text on that device. We recommend logging out and clearing browser data on shared devices.
9. Operation of Cookies
The Company may use cookies to provide the Service, for user convenience, and for service usage and behavioral analytics (Google Analytics, Microsoft Clarity, PostHog). Users may refuse the storage of cookies.
- How to set (e.g., Chrome): Settings > Privacy and security > Cookies and other site data — block/delete cookies
- If you refuse cookie storage, some Service features may be limited.
10. Personal Information Protection Officer
The Company designates a Personal Information Protection Officer who oversees matters relating to personal information processing.
- Name: Moon Eui-rom (Personal Information Protection Officer)
- Email: forecastbridge@gmail.com
11. Remedies for Infringement of Rights
For reports or consultation regarding personal information infringement, you may contact the following organizations (Korea):
- Personal Information Dispute Mediation Committee: 1833-6972 (privacy.go.kr)
- Personal Information Infringement Report Center (KISA): 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office Cybercrime Investigation: 1301
- National Police Agency Cyber Bureau: 182
12. Duty of Notice
Any addition, deletion, or modification of this Privacy Policy will be announced through the website's notices before it takes effect.
This English version is provided for reference only. In case of any conflict or difference in interpretation between the Korean and English versions, the Korean version shall prevail.