Log inSign up

Privacy Policy

Article 1 (General Provisions)

KKIRI Co., Ltd. (the "Company") recognizes the importance of users' personal information in operating the global communication service KKIRI (the "Service") and complies with relevant laws. This policy applies to personal information processed in connection with the use of the Service and does not apply to Company employees or recruitment-related information. The Company has established this policy based on the laws of the Republic of Korea and will give priority to applicable laws when mandatory personal information protection regulations of the user's country of residence or the country where the Service is used apply.

Article 2 (Applicable Regions and International Law Compliance)

The Company respects the personal information protection laws of the following regions in its global service operations.

  • European Union (EU) and European Economic Area (EEA): GDPR
  • United Kingdom (UK): UK GDPR and Data Protection Act
  • California, USA: CCPA/CPRA
  • Japan: APPI
  • China: PIPL
  • Other countries with applicable personal information protection laws

Users may exercise additional rights under the laws of their region, and the Company will ensure these within the scope permitted by law.

Article 3 (Personal Information Collected)

The Company may collect the following information.

  1. Account and authentication
  • Social login identifiers (Apple, Google, etc.)
  • Email address (including private relay email where applicable)
  • Nickname and profile image
  1. Service use
  • Chat messages and attachments
  • User-created emoticon files
  • Chat room creation and participation records
  • Reports and sanctions records
  1. Logs and technical data
  • IP address
  • Access date and time
  • OS and app version
  • Device model
  • App-generated device UUID (random identifier generated upon app installation, used only for account protection and prevention of fraudulent use)
  • Error logs
  1. Customer inquiries
  • User inquiry content
  • Response records

The Company does not collect resident registration numbers or other unique identifiers.
The Company does not collect location information.

Article 4 (Purpose of Processing Personal Information)

The Company processes personal information within the following purposes.

  • Service provision and operation
  • Account identification and authentication
  • Chat and translation features
  • Report handling and dispute resolution
  • Security incident prevention and response
  • Service quality improvement and statistical analysis
  • Legal obligation compliance
  • Marketing with user consent (only when consented)

The Company does not currently use chat data for AI model training.
Device identifiers are processed only for service security, prevention of fraudulent use, account protection, and statistical analysis.

Article 5 (Chat Data Processing)

  1. Chat messages are stored on the server.
  2. Deleted messages may be retained for up to 30 days for dispute resolution.
  3. Data is permanently deleted 30 days after account deletion.
  4. The Company does not provide end-to-end encryption.
  5. When a report is filed, operators may view the relevant messages.
  6. The Company may provide data to law enforcement upon lawful request in accordance with applicable laws.

Article 6 (Emoticon Data Processing)

  1. Emoticon files uploaded by users are stored per account.
  2. Metadata may be automatically removed upon file upload.
  3. Emoticons are not available for external download.
  4. Emoticons may be removed upon report of illegal content.

Article 7 (Retention Period of Personal Information)

The Company retains personal information according to the following criteria.

  • Account information: Until membership withdrawal
  • Deleted data: Up to 30 days
  • Sanctions and dispute-related logs: Up to 90 days or as required by law
  • Information subject to legal retention: For the period prescribed by applicable law

Upon expiry of the retention period, data is securely destroyed.

Article 8 (International Transfer)

The Company uses cloud infrastructure located in North Central US.
Personal information may be transferred outside the Republic of Korea, and the Company implements the following safeguards.

  • Contractual safeguards
  • Access controls
  • Encrypted communications
  • Application of the principle of least privilege

When personal information of EU residents is transferred to third countries, the Company applies appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

Article 9 (Your Rights)

  1. You may have the following rights.
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right to object to automated decision-making

Article 10 (Security Measures)

The Company implements the following security measures.

  • Encrypted communications (HTTPS)
  • Minimization of access rights
  • Server access controls
  • Regular security reviews
  • Log management
  • Internal separation of duties

However, the Company's liability may be limited for security incidents beyond its reasonable control, except in cases of the Company's willful misconduct or gross negligence.

Article 11 (Children's Personal Information)

This Service is not intended for children under 13 years of age. If a user is identified as under this age, the account and personal information will be deleted without delay.

Article 12 (Data Protection Officer and Contact)

Data Protection Officer (DPO)

  • Name: Ko Myeong ok (고명옥)
  • Email: cobalt7572@gmail.com
  • Title: Data Protection Officer (DPO)
  • Address: 804-A40, 124 Unjung-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea
  • Phone: 031-706-3088 / +82-10-3390-5566 (Business hours: Weekdays 10:00–18:00)

Article 13 (Automated Processing)

The AI translation feature within the Service uses automated processing. This feature does not make decisions that significantly affect users' legal rights.

Article 14 (Changes to the Privacy Policy)

The Company may amend this policy. When amended, the effective date and reason for amendment will be stated, and notice will be provided through in-service announcements or in-app pop-ups at least 7 days in advance for general changes, or 30 days in advance for changes that are disadvantageous to users.

Article 15 (Cookies and Similar Technologies)

  1. The Company may use cookies, SDKs, local storage, log analysis tools, and similar technologies ("cookies and similar technologies") for service provision, security, statistical analysis, and in preparation for future advertising and marketing features.
  2. Cookies and similar technologies may collect the following information.
  • Access logs and usage time
  • Service usage patterns
  • Device and browser information
  • App version and error information
  1. Cookies and similar technologies are used for the following purposes.
  • Service operation and stability
  • Prevention of fraudulent use and security enhancement
  • Usage statistics and quality improvement
  • Future advertising or personalized content (only when user consent is obtained)
  1. When introducing tracking technologies for advertising purposes, the Company will obtain prior consent or ensure opt-out rights in accordance with applicable law.
  2. Users may restrict or delete cookies through device or browser settings. However, some features may be limited.
  3. For EU and UK users, non-essential cookies or tracking technologies may require prior consent under applicable law.
  4. The Company does not sell users' personal information to third-party ad networks. However, where applicable law defines "sale" or "sharing," users may exercise the right to opt out.

Article 16 (Legal Basis for Processing)

The Company processes personal information of residents of the EU, EEA, and UK on the following legal bases.

  1. Contractual Necessity
    Where necessary to perform the contract with the user, such as providing the service, account management, chat and translation features.
  2. Legal Obligation
    Where necessary to comply with legal obligations such as record retention under applicable law or responding to law enforcement requests.
  3. Legitimate Interests
  • Service security
  • Prevention of fraudulent use
  • Detection of unauthorized access
  • Service quality improvement and statistical analysis
  • Processing is carried out only to the extent that it does not infringe users' rights and freedoms.
  1. Consent
    Where consent is required by law, such as for advertising, marketing, or optional features, processing is carried out only with the user's explicit consent.


The Company processes personal information of residents of the EU, EEA, and UK on the legal bases set out above.

Supplementary Provisions

This Privacy Policy is effective from February 28, 2026.